**Description** The Senior Detection Engineer plays a pivotal role in strengthening the WTW’s cyber defense capabilities by designing, implementing, and optimizing threat detection strategies across cloud and on-prem environments. This role focuses on building scalable detection logic, enhancing visibility, log source SIEM onboarding and enabling rapid response to emerging threats. Working closely with the Global Information and Cyber Security Defense (ICSD) team, the engineer will lead efforts to develop and fine-tune detection rules, integrate telemetry sources, and support threat hunting, GSOC, and incident response. The ideal candidate combines deep technical expertise with a proactive mindset to stay ahead of adversaries and continuously improve detection coverage. This role also contributes to the broader Cyber Defense Security Engineering team, helping to build and maintain a resilient security infrastructure that supports the WTW’s mission and growth. **Roles and Responsibilities** : + Design, develop, and maintain detection logic across SIEM, EDR, and cloud-native platforms to ensure comprehensive threat visibility. + Collaborate with Threat Intelligence, Threat Hunting, Incident Response, and GSOC teams to identify detection gaps and enhance coverage. + Conduct threat modeling and develop detection use cases based on evolving attacker TTPs. + Continuously refine the detection engineering process, including rule tuning, framework improvements, and lifecycle management. + Support proactive threat hunting by building and executing custom queries and scripts. + Automate detection workflows and contribute to detection-as-code pipelines for scalability and efficiency. + Monitor emerging threats and adversary behaviors, integrating findings into the detection strategy. + Maintain accurate documentation and playbooks to support consistency, transparency, and knowledge sharing across teams. Evaluate new and existing log sources for relevance, data quality, and security value. + Design onboarding strategies tailored to each log source type (e.g., firewalls, EDRs, cloud platforms, identity providers). + Implement and manage Sentinel data connectors, including native, custom, and API-based integrations. + Ensure ingested logs are normalized using KQL and enriched with contextual data for effective detection. + Validate log ingestion, troubleshoot parsing issues, and tune data flows to optimize performance and cost. + Maintain onboarding playbooks and contribute to internal knowledge bases to support scalable onboarding practices. + Work closely with different stakeholders to ensure seamless integration and alignment with detection use cases. **Qualifications** **Required Qualifications:** + 5+ years of experience in cybersecurity, with a strong focus on threat detection engineering or threat hunting. + In-depth knowledge of SIEM platforms such as Microsoft Sentinel, Splunk, and Google SecOps; proficiency in Microsoft Sentinel is a plus. + Proficient in detection rule languages, including KQL, YARA, and SPL. + Skilled in scripting and automation using Python, PowerShell, or Bash. + Hands-on experience with malware analysis, reverse engineering, and digital forensics. + Strong understanding of adversary tactics and techniques, with practical experience using the MITRE ATT&CK framework and threat modeling methodologies. + Experience with cloud security and cloud-native detection strategies across platforms like AWS, Azure, or GCP. **Other Knowledge, Skills and Abilities** + Strong communication and collaboration skills, with proven experience working in cross-functional global teams. + Strong problem-solving and critical thinking skills for addressing security issues and finding effective solutions. + Outstanding written and verbal communication skills. + Ability to work both independently and collaboratively in a fast-paced environment. + Strong communication skills, with the ability to explain security concepts to non-technical stakeholders. **Certifications (Preferred):** + GIAC Certified Detection Analyst ( **GCDA** ) + MITRE ATT&CK Defender ( **MAD** ) Certifications + Certified Information Systems Security Professional ( **CISSP** ) + Microsoft Certified: Security Operations Analyst ( **SC-200** ) + CompTIA **Security+** / **CySA+** / **CASP+** + Any other relevant security certification **Compensation and Benefits** Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that base salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation. **Compensation** The base salary compensation range being offered for this role is $100,000-$120,000 USD per year. This role is also eligible for an annual short-term incentive bonus **Compensation and Benefits** Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that base salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation. **Compensation** The base salary compensation range being offered for this role is $100,000-$120,000 USD per year. This role is also eligible for an annual short-term incentive bonus. **Company Benefits** WTW provides a competitive benefit package which includes the following (eligibility requirements apply): + **Health and Welfare Benefits:** Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Critical Illness, Life Insurance, AD&D, Group Legal, Identify Theft Protection, Wellbeing Program and Work/Life Resources (including Employee Assistance Program) + **Leave Benefits:** Paid Holidays, Annual Paid Time Off (includes paid state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (https://cdn-static.findly.com/wp-content/uploads/sites/1862/2023/01/31091722/Washington-State-Time-Off.pdf) + **Retirement Benefits:** Contributory Pension Plan and Savings Plan (401k). All Level 38 and more senior roles may also be eligible for non-qualified Deferred Compensation and Deferred Savings Plans. Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers, we will consider for employment qualified applicants with arrest and conviction records. Note that visa employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity. This position will remain posted for a minimum of three business days from the date posted or until sufficient/appropriate candidate slate has been identified. **EOE, including disability/vets**