WPP is the trusted growth partner for the world’s leading brands. 

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. 
 
We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.
 
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 
 
For more information, visit WPP.com.
 

Why we're hiring:

The Threat Hunting Lead is responsible for building and leading the threat hunting function, driving proactive detection of advanced threats that evade traditional security controls. This role combines strategic leadership with hands-on expertise, ensuring hunts are hypothesis-driven, intelligence-led, and integrated into WPP SOC transformation initiatives under the Autonomic Security Operations model

What you'll be doing:

Threat Hunting Leadership

• Define and implement the threat hunting program, including methodologies, workflows, and KPIs.


• Lead a team of threat hunters to execute hypothesis-driven hunts across endpoints, networks, and cloud environments.


• Develop and maintain structured hunting playbooks aligned with MITRE ATT&CK and GCAT SOC10x principles.


• Mentor and upskill team members, fostering a culture of curiosity and continuous improvement.

Operational Execution

• Conduct advanced hunts leveraging telemetry from SIEM, EDR, NDR, and cloud-native platforms.


• Integrate threat intelligence into hunting hypotheses and detection pipelines.


• Collaborate with Detection Engineering, Incident Response, and Threat Intelligence teams to operationalize findings.


• Validate detection coverage through purple team exercises and adversary emulation.

Continuous Improvement

• Maintain a backlog of hunting hypotheses, visibility gaps, and lessons learned.


• Drive automation of hunting workflows using scripting and SOAR platforms.


• Report on hunt outcomes, trends, and strategic improvements to leadership.

Strategic Alignment to GCAT SOC10x

• 10X People: Build a high-performing team with continuous learning and knowledge sharing.


• 10X Process: Embed agile, hypothesis-driven hunting workflows.


• 10X Technology: Leverage AI/ML analytics for anomaly detection and hunt acceleration.


• 10X Visibility: Ensure comprehensive telemetry ingestion across hybrid environments.


• 10X Speed: Reduce dwell time and accelerate detection-to-response cycles.

What you'll need:

Technical Expertise

• Deep knowledge of threat hunting methodologies and frameworks (MITRE ATT&CK, TaHiTI).


• Proficiency in SIEM, EDR/XDR, and log aggregation tools across hybrid infrastructure.


• Strong scripting skills (Python, PowerShell) for automation and data analysis.


• Experience with threat intelligence integration and behavioral analytics.

Leadership & Collaboration

• Proven experience leading threat hunting or advanced SOC teams in enterprise environments.


• Ability to prioritize hunts based on risk and operational impact.


• Skilled in cross-functional collaboration with SOC, IR, and engineering teams.

Certifications (Preferred)

• GIAC GCTI, GCIH, or equivalent advanced security certifications.

Key Attributes

• Automation-first mindset with focus on scalability and resilience.


• Strong analytical and problem-solving skills.


• Excellent communication and leadership capabilities.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Hybrid 

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.