Senior Security Incident Responder - #656369

WPP is the trusted growth partner for the world's leading brands.

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.

We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.

For more information, visit WPP.com.

Why we're hiring:

The Senior Security Incident Responder is a lead technical authority for incident response execution, responsible for handling the most complex, high-impact, and business-critical security incidents across WPP. The role does not have line management responsibility; people management remains with the Security Incident Management Lead.

What you'll be doing:

• Advanced Incident Detection, Analysis & Response.
• Lead investigations for high-severity and complex security incidents.
• Perform deep technical analysis using SIEM, SOAR, EDR/XDR, identity, email, and cloud telemetry.
• Execute and oversee containment, eradication, and recovery actions.
• Serve as the primary escalation point for complex incidents.
• Coordinate with Legal, Privacy, Risk, Technology Operations, and agency teams.
• Provide clear technical updates to senior stakeholders.
• Lead forensic evidence collection, preservation, and analysis.
• Ensure documentation and artefacts are audit-ready.
• Support external forensic or law-enforcement engagement when required.
• Quality Assurance, Playbook Maturity & Continuous Improvement
• Improve incident response playbooks and SOPs.
• Lead or support post-incident reviews and ensure actions are tracked.
• Mentor Security Incident Responders without line management responsibility.
• Partner with Detection Engineering, Threat Intelligence, Automation, and VM teams.
• Identify opportunities for automation and response optimisation.

What you'll need:

• Extensive hands-on experience responding to enterprise-scale security incidents.
• Deep technical expertise across SIEM, SOAR, EDR/XDR, identity, email, and cloud platforms.
• Strong forensic, investigation, and root cause analysis skills.
• Ability to operate calmly under pressure and communicate clearly.
• Experience acting as incident commander or senior escalation point.
• Familiarity with MITRE ATT&CK and threat-led response.
• Relevant certifications (GCIH, GCFA, GCED, CISSP).
• Fluent in written and spoken English

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Hybrid

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we've adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.