The Role
The Threat-Led Detection Engineer will build and maintain detections within WTW’s Global Cyber Security Defence team. Responsibilities of this role will include:
- Design, write, test, and maintain high-fidelity detection rules across SIEM, EDR/XDR, cloud, identity, and network data sources.
- Apply a threat-led approach, developing detections mapped to adversary tradecraft using the MITRE ATT&CK framework, the Cyber Kill Chain, and the Diamond Model.
- Rapidly create new detections in response to emerging threats, Cyber Threat Intelligence, and incident or hunt findings.
- Contribute to the detection library, ensuring detections are version-controlled, documented, tested, and mapped to MITRE ATT&CK coverage.
- Tune and optimise existing detections to reduce false positives and continuously improve fidelity.
- Practise Detection-as-Code, using Git-based workflows, peer review, and automated testing for detection content.
- Validate detections through adversary emulation and testing (e.g. Atomic Red Team) and collaborate on purple-team exercises.
- Support the integration of AI and automation into detection and triage workflows, and help build detections for AI/GenAI-specific threats.
- Collaborate with SOC, Threat Hunting, CTI, and Incident Response to close detection gaps surfaced during hunts and incidents.
- Write clear detection documentation and response guidance so each detection is actionable for analysts.
- Onboard and validate new log sources and telemetry to expand detection coverage.
- Contribute to detection coverage and quality metrics to help measure and improve detection effectiveness.
What you’ll bring
We are looking for a candidate for the Threat-Led Detection Engineer role who has the following:
Must-have
- Strong background in cyber security with hands-on detection engineering, SOC, or threat-hunting experience.
- Strong cyber security mindset and a solid, thorough understanding of attacker behaviour and the modern threat landscape.
- Working knowledge of the MITRE ATT&CK framework, the Cyber Kill Chain, and the Diamond Model, with the ability to map detections to them.
- Hands-on experience writing and tuning detection rules using query languages such as KQL, SPL, EQL, or Sigma on platforms like Microsoft Sentinel, Splunk, Elastic, CrowdStrike, or Microsoft Defender XDR.
- Ability to develop high-fidelity detections swiftly in response to emerging threats and intelligence.
- Experience maintaining detection content and contributing to a detection library.
- Familiarity with Detection-as-Code concepts: Git, version control, and automated testing of detection content.
- Awareness of AI/ML in security operations and AI-specific threats (e.g. prompt injection, sensitive-data exposure via GenAI), with awareness of the OWASP LLM Top 10 and MITRE ATLAS.
- Exposure to cloud detection across Azure, AWS, and/or GCP and to cloud and identity log sources (e.g. Entra ID, CloudTrail).
- Good written and verbal communication skills, able to document detections clearly and collaborate across teams.
Good to have
- Threat-hunting mindset and experience hunting for novel or emerging threats to feed detection development.
- Experience with adversary emulation and breach-and-attack-simulation tooling (Atomic Red Team, Caldera) and purple teaming.
- Scripting skills (e.g. Python, PowerShell) for automation and enrichment.
What we offer
Enjoy a benefits package designed to help you thrive, both professionally and personally. You’ll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company.
We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.
Equal Opportunity Employer
We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants.
#J-18808-Ljbffr…
