
WPP · Chennai
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-ge...
WPP is the trusted growth partner for the world’s leading brands.
We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative
enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing
platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning,
attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
The Threat Hunting Lead is responsible for building and leading the threat hunting function, driving proactive detection of
advanced threats that evade traditional security controls. This role combines strategic leadership with hands-on expertise,
ensuring hunts are hypothesis-driven, intelligence-led, and integrated into WPP SOC transformation initiatives under the Autonomic
Security Operations model
You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views.
We are open-minded: to new ideas, new partnerships, new ways of working.
You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our
clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.
You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers
of our industry; we provide extraordinary every day.
Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.
Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the
industry.
Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the
challenge?
We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve
adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please
discuss this with the hiring team during the interview process.
WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular
characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same
opportunities to progress in their careers.
PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: Detection Engineering is responsible for designing, developing, and maintaining high-fidelity detection logic across enterprise security platforms. This role focuses on proactive threat detection, automation-first practices, and continuous improvement of detection coverage and accuracy, supporting the WPP SOC transformation into an Autonomic Security Operations model. What you'll be doing: * Develop, test, and maintain detection rules and logic across SIEM, EDR, NDR, and cloud-native platforms. * Regularly review and enhance detection logic to improve accuracy, reduce noise, and align with evolving threats. * Work with wider WPP engineering teams to ensure high-quality, normalized telemetry for effective detection. * Automate detection rule deployment, QA, and version control using scripting and CI/CD pipelines. Root Cause Analysis (RCA) * Conduct RCA on missed detections, delayed responses, and high-severity incidents. * Identify technical and process-level causes of detection failures or inefficiencies. * Drive corrective actions based on RCA outcomes (e.g., rule improvements, visibility gaps). * Continuous Security Improvement (CSI) * Maintain a CSI backlog (detection gaps, telemetry blind spots, false positives to reduce). * Analyze detection performance metrics to identify trends and opportunities for improvement. * Align detection priorities with business risk and the SOC transformation roadmap. * Cross-Team Collaboration * Collaborate with SOC, Incident Response, and Threat Hunting teams to operationalize detection improvements. * Work with Threat Intelligence teams to integrate emerging TTPs into detection logic. * Contribute to purple team exercises by validating detection logic against simulated attack paths. Strategic Alignment to GCAT SOC10x * 10X People: Continuous learning and knowledge sharing within the team. * 10X Process: Embed agile workflows and automation-first principles. * 10X Technology: Leverage AI/ML for detection tuning and anomaly detectio. * 10X Visibility: Ensure comprehensive telemetry ingestion and observability. * 10X Speed: Reduce detection-to-response cycle through orchestration and automation. What you'll need: Technical Expertise * Strong knowledge of SIEM, SOAR, EDR, and cloud security platforms. * Proficiency in scripting and automation (Python, PowerShell). * Familiarity with detection-as-code principles and CI/CD pipelines. * Understanding of MITRE ATT&CK framework and threat-informed defense. Collaboration & Communication * Ability to work closely with SOC analysts, threat hunters, and engineers. * Skilled in documenting detection logic and RCA outcomes. Certifications (Preferred) * GIAC GCTI, GCFA, or equivalent advanced security certifications. Key Attributes * Automation-first mindset with focus on scalability and resilience. * Strong analytical and problem-solving skills. * Excellent communication and teamwork capabilities. Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Automation Engineer is responsible for designing, developing, and maintaining security automation solutions that enhance detection, response, workflow efficiency, and operational consistency across Operational Security. Working under the Automation Lead, this role builds high-quality SOAR playbooks, integrations, scripts, AI-assisted workflows, and orchestration pipelines to reduce manual workloads and support the Autonomic Security Operations (ASO) model. What you'll be doing: Core Responsibilities Automation Engineering & Development * Develop SOAR playbooks, workflows, and automations for alert triage, enrichment, containment, and remediation. * Build scalable, reusable automation components, scripts, and integrations. * Implement high-quality scripting using Python, PowerShell, and REST APIs. * Ensure appropriate version control, QA, testing, and documentation of automation artefacts. * Maintain reliability of automations by monitoring performance, exceptions, and system behaviour. Platform Integration & Tooling Engineering * Integrate SOAR with SIEM, EDR, TIP, cloud-native security tools, and case management systems. * Engineer automation pipelines to support Microsoft and Google security ecosystems. * Develop API integrations, webhooks, and event-driven automation triggers. * Support data transformation, enrichment, and telemetry orchestration requirements. AI / ML Automation Enablement * Contribute to embedding AI/ML-driven enrichment and correlation logic into automated workflows. * Support operationalisation of ML models for anomaly detection and decision support. * Collaborate with data and detection teams to refine and enhance AI-enabled automation. Workflow Engineering & Process Automation * Translate SOPs, response runbooks, and detection workflows into automated processes. * Identify automation opportunities to eliminate manual tasks across SecOps functions. * Ensure automated processes remain consistent, auditable, and compliant with Operational Security standards. Operational Collaboration & Support * Work with Detection Engineering, Incident Response, Threat Hunting, and Threat Intelligence teams to automate use cases. * Participate in post-incident reviews and embed improvements into automation workflows. * Assist with tool evaluations, optimisation initiatives, and integration efforts led by the Automation Lead. Continuous Improvement * Contribute to a backlog of automation enhancements and new capabilities. * Optimise accuracy, resilience, and efficiency across automation workflows. * Ensure alignment with GCAT SOC10x principles, including 10X Technology, Process, Speed, and Visibility. What you'll need: Technical Expertise * Experience with SOAR platforms such as Cortex XSOAR, Splunk SOAR, or Chronicle SOAR. * Proficiency in Python and/or PowerShell for automation development. * Strong understanding of REST APIs, JSON, and event-driven automation. * Experience integrating SIEM, EDR, TIP, and cloud-native security tools. Process & Operational Knowledge * Understanding of workflows across SOC, Incident Response, Threat Hunting, and Detection Engineering. * Ability to convert operational requirements and SOPs into engineered automation. * Familiarity with playbooks, runbooks, and security process governance. Collaboration & Delivery * Strong communication and documentation skills. * Ability to work in an engineering-led, automation-first culture. * Experience working with cross-functional technical teams in security operations. Certifications (Preferred) * SOAR platform certifications. * GIAC (GMON, GCTI, GCIH, GCDA). * Python or scripting certifications. * Azure or GCP cloud certifications. Key Attributes * Engineering-first mindset with strong attention to detail. * Problem-solving orientation with a focus on automation and efficiency. * Structured, methodical, and reliable approach to delivery. * Commitment to operational excellence and continuous improvement. Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Process Engineer is responsible for designing, engineering, maintaining, and continuously improving Operational Security processes across WPP. The role focuses on defining how Operational Security operates in practice, ensuring processes are clear, auditable, automation-enabled, and scalable. This is an individual contributor role with no people management responsibilities; management accountability sits with the Process Engineering Lead. What you'll be doing: Operational Security Process Engineering (Assess) * - Engineer and maintain end-to-end operational security processes across SOC operations, incident response, detection engineering, threat hunting, threat intelligence, automation, and vulnerability management. * - Define workflows, decision points, inputs/outputs, and escalation paths for operational activities. * - Maintain the authoritative process library describing how Operational Security services operate. Process Standardisation, Consistency & Governance (Safeguard) * - Ensure processes are standardised, consistent, and aligned across teams and regions. * - Align processes to internal policy, risk, legal, and assurance requirements. * - Act as a quality gate for new or changed processes to ensure clarity and audit readiness. Automation-Enabled Process Design (Operate) * - Partner with Security Automation Engineering to ensure processes are automation-friendly and evidence-driven. * - Identify manual or high-effort steps and work with engineering teams to automate or eliminate them. * - Ensure documented processes accurately reflect real system behaviour. Audit, Assurance & Evidence Support * - Maintain process documentation suitable for internal and external audit. * - Support audits and reviews by explaining processes, control points, and evidence sources. * - Ensure traceability between process definitions, tooling, and execution. Continuous Improvement & Operating Model Maturity * - Review and improve processes based on operational feedback, incidents, and maturity assessments. * - Support KPI, maturity, and continual service improvement initiatives. * - Partner with security teams to evolve processes as capabilities mature. What you'll need: Essential: * - Experience designing or engineering operational processes in a security or technology environment. * - Strong understanding of security operations domains and how they interconnect. * - Ability to translate operational activity into clear, auditable processes. * - Strong documentation and stakeholder communication skills. Desirable: * - Experience supporting audit or assurance activity. * - Familiarity with automation-first or engineering-led operating models. * - Exposure to ITIL or process maturity frameworks in practical application ADDITIONAL INFORMATION * - Individual contributor role reporting to the Process Engineering Lead. * - Works closely with Automation Engineering, Detection Engineering, IR, CTI, and VM teams. * - Central to WPP’s Autonomic Security Operations and automation strategy Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.