Threat-Led Detection Engineer

The Threat-Led Detection Engineer will design, build, and maintain high-quality threat detections within WTW''s Global Information and Cyber Security Defence (ICSD) function, helping WTW detect adversary activity quickly and accurately across its global estate. This is a hands-on engineering role for someone with a strong cyber security mindset and a genuine interest in how attackers operate. You will write and tune detection rules, map coverage to real adversary behaviour, and contribute to a well-maintained, version-controlled detection library. Working closely with SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Incident Response, you will turn intelligence and hunt findings into reliable detections, embracing a threat-led, Detection-as-Code approach. The individual will work as part of a global, multi-disciplined security community with strong support across the business, helping to foster a security-aware culture while ensuring WTW remains a great place to work. With WTW''s large global footprint, this role offers a varied and stimulating range of work, and occasional global travel may be required. The role is based in London and follows a hybrid working model, with the expectation of attending the office as and when required on business demand.The Role: The Threat-Led Detection Engineer will build and maintain detections within WTW''s Global Cyber Security Defence team. Responsibilities of this role will include: - Design, write, test, and maintain ..... full job details .....