Threat-Led Detection Engineer

Description

The Threat-Led Detection Engineer will design, build, and maintain high-quality threat detections within WTW’s Global Information and Cyber Security Defence (ICSD) function, helping WTW detect adversary activity quickly and accurately across its global estate. This is a hands‑on engineering role for someone with a strong cyber security mindset and a genuine interest in how attackers operate. You will write and tune detection rules, map coverage to real adversary behaviour, and contribute to a well‑maintained, version‑controlled detection library. Working closely with SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Incident Response, you will turn intelligence and hunt findings into reliable detections, embracing a threat‑led, Detection‑as‑Code approach.

The individual will work as part of a global, multi‑disciplined security community with strong support across the business, helping to foster a security‑aware culture while ensuring WTW rema...