Head of Detection Engineering

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 100,000 talented people dedicated to doing extraordinary work for our clients. We operate in over 100 countries, with corporate headquarters in New York, London and Singapore.

WPP is a world leader in marketing services, with deep AI, data and technology capabilities, global presence and unrivalled creative talent. Our clients include many of the biggest companies and advertisers in the world, including approximately 300 of the Fortune Global 500.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 

Why we're hiring:

WPP is at the forefront of the marketing and advertising industry's largest transformation. Our Global CIO is leading a significant evolution of our Enterprise Technology capabilities, bringing together over 2,500 technology professionals into an integrated global team. This team will play a crucial role in enabling the ongoing transformation of our agencies and functions.

Imagine shaping the cybersecurity landscape of a global powerhouse. As WPP's next Head of Detection Engineering & Response, you'll command a critical role, leading a global team to fortify our defenses with state-of-the-art detection, rapid incident management, and relentless threat hunting. This pivotal position is your chance to revolutionize our SOC, transitioning it into an Autonomic Security Operations (ASO) model. We're seeking a leader who can deliver an automation-first, intelligence-driven shield, fully aligned with the ambitious GCAT SOC10x principles, and fundamentally change how we protect WPP.

What you'll be doing:

• Design and implement high-fidelity detection logic across SIEM, EDR, NDR, and cloud-native platforms.
• Operationalize detection-as-code practices, including version control, automated testing, and continuous improvement.
• Collaborate with Threat Intelligence and manage Threat Hunting teams to integrate adversary TTPs into detection pipelines.
• Drive automation of alert triage and enrichment through SOAR playbooks.
• Ensure telemetry coverage across endpoints, networks, and cloud environments for comprehensive visibility.
• Own the end-to-end security incident response lifecycle: detection, containment, eradication, recovery, and lessons learned.
• Establish and enforce SOC processes, workflows, and playbooks for efficient incident handling.
• Coordinate with Legal, Privacy, and Risk teams during major incidents to ensure compliance and minimize business impact.
• Lead post-incident reviews and root cause analysis to strengthen detection and response capabilities.
• Develop and execute hypothesis-driven hunts leveraging MITRE ATT&CK and threat intelligence.
• Identify gaps in existing detection coverage and feed findings back into engineering pipelines.
• Use advanced analytics and machine learning models to uncover stealthy or emerging threats.
• Foster a proactive security culture by embedding hunting practices into daily operations.

Strategic Alignment to GCAT SOC10x:

• 10X People: Build a high-performing team with continuous learning and knowledge-sharing culture.
• 10X Process: Implement agile, automated workflows for detection and response.
• 10X Technology: Leverage AI/ML-driven detection models and cloud-scale telemetry ingestion.
• 10X Visibility: Achieve full-stack observability across hybrid environments.
• 10X Speed: Reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and orchestration.

What you'll need:

• Deep knowledge of SIEM, SOAR, EDR, NDR, and cloud security platforms.
• Proficiency in scripting and automation (Python, PowerShell) and detection-as-code principles.
• Strong understanding of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK framework.
• Experience with threat intelligence integration and behavioral analytics.
• Proven track record of leading global SOC or Detection & Response teams in complex enterprise environments.
• Ability to define vision, strategy, and roadmaps for detection engineering and incident response.
• Skilled in stakeholder management and cross-functional collaboration (Legal, Risk, IT, DevOps).
• CISSP, GIAC GCFA/GCTI, or equivalent advanced security certifications.
• Automation-first mindset with a focus on scalability and resilience.
• Strong analytical and problem-solving skills.
• Excellent communication and leadership capabilities.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Onsite

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.