Experience
4 - 7 yrs
Job Location
Chennai, India
Vacancy
1
Designation
Cyber Security Engineer
Job Type
ONSITE
Job Description
Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model.
What youll be doing:
- Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms.
- Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats.
- Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection.
- Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines.
Root Cause Analysis (RCA)
- Conduct RCA on missed detections, delayed responses, and high-severity incidents.
- Identify technical and process-level causes of detection failures or inefficiencies.
- Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps).
- Continuous Security Improvement (CSI)
- Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce).
- Analyze detection performance metrics to identify trends and opportunities for improvement.
- Align detection priorities with business risk and the SOC transformation roadmap.
- Cross-Team Collaboration
- Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements.
- Work with Threat Intelligence teams to integrate emerging TTPs into detection logic.
- Contribute to purple team exercises by validating detection logic against simulated attack paths.
Strategic Alignment to GCAT SOC10x
- 10X People: Continuous learning and knowledge sharing within the team.
- 10X Process: Embed agile workflows and automation-first principles.
- 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio.
- 10X Visibility: Ensure comprehensive telemetry ingestion and observability.
- 10X Speed: Reduce detection-to-response cycle through orchestration and automation.
What youll need:
Technical Expertise
- Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms.
- Proficiency in scripting and automation (Python, PowerShell).
- Familiarity with detection-as-code principles and CI/CD pipelines.
- Understanding of MITRE ATT&CK framework and threat-informed defense.
Collaboration & Communication
- Ability to work closely with SOC analysts, threat hunters, and engineers.
- Skilled in documenting detection logic and RCA outcomes.
Certifications (Preferred)
- GIAC GCTI, GCFA, or equivalent advanced security certifications.
Key Attributes
- Automation-first mindset with focus on scalability and resilience.
- Strong analytical and problem-solving skills.
- Excellent communication and teamwork capabilities.
No Referrers Available
There are currently no referrers available for this job. You can still apply, will let you know once there is any referrer available.
