
ElevenLabs · United Kingdom
ABOUT ELEVENLABS ElevenLabs is an AI research and product company transforming how we interact with technology. We launched in January 2023 with the first hum...
ElevenLabs is an AI research and product company transforming how we interact with technology.
We launched in January 2023 with the first human-like AI voice model. Today, we serve millions of users and thousands of
businesses - from fast-growing startups to large enterprises like Deutsche Telekom and Meta. Our investors are some of the world's
most prominent, including Andreessen Horowitz, ICONIQ Growth and Sequoia. We've raised $781M in funding and our last valuation was
$11B - multiples of 11, always.
monitoring, and reliability necessary to deploy voice and chat agents at scale.
Everything we do is the result of the creativity and commitment of our team - builders doing the best work of their lives. We are
researchers, engineers, and operators. IOI medalists and ex-founders. If you want to work hard and create lasting positive impact,
we want to hear from you.
to operations.
the boundaries of what’s possible.
immediate role and responsibilities.
and Italy.
We’re looking for a Security Engineer to join the ElevenLabs Security team. In this role, you’ll work at the intersection of
security, software and infrastructure engineering, building the platforms, controls and tooling that let teams ship and operate
cloud infrastructure securely at high velocity.
secure by default patterns throughout the software development lifecycle
required, across the entire stack.
provenance, dynamic admission controls and SBOM generation
production quality code
This role is remote and can be executed globally. However, to facilitate working with the Security Team, we prefer candidates
based in GMT to GMT+3 or UK. If you prefer, you can work from our offices in London or Warsaw
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. The DTS Security team is responsible for protecting the organisation’s systems, platforms, networks, and data through proactive monitoring, risk management, and security best practices. The team works closely with infrastructure, cloud, engineering, and client teams to ensure security is embedded across all services and operations. DTS Security supports the business by monitoring threats, responding to incidents, improving security tooling, and maintaining compliance with customer and regulatory requirements. The team also drives automation and continuous improvement initiatives to strengthen the organisation’s security posture. As a Junior Security Analyst within DTS, you will support the Security team in monitoring, identifying, investigating, and responding to security threats and vulnerabilities across the business. This is an excellent opportunity for someone looking to build a career in cyber security with exposure to cloud technologies, security operations, compliance, vulnerability management, and automation. An interest in scripting, coding, or security tooling would be highly beneficial. You will work alongside senior security and infrastructure engineers to help improve security visibility, processes, and operational resilience across the organisation. Core Responsibilities • Security Monitoring & Incident Response • Monitor security alerts, events, and dashboards across security tooling and platforms. • Assist in the investigation and triage of security incidents and suspicious activity. • Escalate security concerns appropriately and support remediation activities. • Help maintain incident records, timelines, and reporting documentation. Vulnerability & Risk Management • Support vulnerability scanning and remediation tracking activities. • Assist with identifying security weaknesses across infrastructure, cloud, and endpoint environments. • Work with internal teams to track remediation actions and reduce security risk. Security Tooling & Automation • Assist with maintaining and improving security monitoring tools and processes. • Support basic scripting and automation activities using technologies such as PowerShell, Python, or APIs. • Help automate repetitive operational and reporting tasks where possible. Compliance & Governance • Assist with maintaining compliance against security standards and customer requirements such as ISO 27001, Cyber Essentials, GDPR, and NIST aligned controls. • Support audit preparation and evidence gathering activities. • Help maintain security policies, standards, procedures, and documentation. Security Awareness • Support internal security awareness and phishing initiatives. • Assist with promoting security best practices across the organisation. Collaboration • Work closely with infrastructure, engineering, and service teams to support secure operational practices. • Participate in team meetings, operational reviews, and continuous improvement initiatives. Skills & Experience Essential • Strong interest in cyber security and technology. • Basic understanding of security principles, networking, operating systems, and cloud technologies. • Good analytical and problem-solving skills. • Strong communication and organisational skills. • Ability to work collaboratively within technical teams. • Willingness to learn and develop within a fast-paced environment. Desirable • Exposure to Microsoft 365, Azure, AWS, or cloud environments. • Basic understanding of SIEM, endpoint protection, or vulnerability management tools. • Familiarity with scripting or coding languages such as: PowerShell Python Bash • Understanding of security frameworks such as: ISO 27001 SOC 2 Cyber Essentials GDPR • Exposure to security tooling such as Microsoft Defender, Sentinel, CrowdStrike, Qualys, Tenable, or similar platforms. • Relevant certifications or study towards certifications such as: Security+ SC-900 AZ-900 Google Cybersecurity Certificate You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Identity, AI and Data Access Governance Lead is responsible for governing who, and what, can access DTS systems, data, APIs, tools, workflows and AI-enabled capabilities. This is a hands-on governance and control role, reporting into the SVP Security and Compliance. The role ensures that access across DTS is appropriate, auditable, reviewed, least-privileged and aligned with security, privacy, compliance and client commitments. The scope covers traditional human access, external users, privileged access, service accounts, machine identities, API keys, tokens, dataset access, and the emerging governance of AI agents and agentic workflows. The role will work closely with Architecture, Security, Product, Engineering, Infrastructure, Privacy, Legal/DPO, TechOps, Enterprise Technology and the ISMS and Risk Officer to ensure DTS has a clear and controlled model for access across platforms such as WPP Open, Choreograph, InfoSum, Open Intelligence, Resolve and related DTS capabilities. What you'll be doing: 1. IDENTITY AND ACCESS GOVERNANCE FRAMEWORK Define and maintain the access governance framework for DTS. This includes: * Defining access governance standards, processes and control expectations. * Establishing how access should be requested, approved, provisioned, reviewed, revoked and evidenced. * Ensuring access governance covers internal users, external users, clients, partners, vendors, service accounts, machine identities and AI agents. * Aligning identity and access governance with DTS architecture, security, privacy, compliance and data governance requirements. * Ensuring access governance is practical for product and engineering teams to implement. 2. ACCESS REVIEWS AND RECERTIFICATION Own the process for regular access reviews and recertification across DTS. This includes: * Defining the scope, frequency and evidence requirements for access reviews. * Coordinating access reviews for critical DTS systems, production environments, privileged roles, sensitive datasets, client-facing platforms and administrative tools. * Ensuring access review outcomes are tracked, remediated and evidenced. * Identifying stale, excessive, orphaned or poorly owned access. * Escalating overdue, high-risk or unresolved access issues through the appropriate governance channels. 3. PRIVILEGED ACCESS GOVERNANCE Ensure privileged access across DTS is properly controlled, justified and auditable. This includes: * Reviewing access to production systems, cloud environments, security tools, databases, CI/CD tooling, administrative consoles and sensitive platforms. * Supporting least-privilege, just-in-time and time-bound access models where appropriate. * Working with Cloud and Platform Security and Infrastructure to improve privileged access controls. * Ensuring privileged access risks are visible in the DTS risk register where required. 4. EXTERNAL USER, CLIENT AND PARTNER ACCESS GOVERNANCE Govern access for external users, clients, agencies, partners and vendors. This includes: * Defining standards for external user onboarding, approval, permissions, expiry and offboarding. * Ensuring external access has a clear business owner and justification. * Supporting access governance across client workspaces, agency environments, partner integrations and shared collaboration areas. * Working with Product and Engineering to ensure tenant, workspace and client-level isolation is appropriately governed. * Tracking risks related to stale accounts, vendor access, partner permissions and external user overprivilege. 5. SERVICE ACCOUNT, MACHINE IDENTITY AND API ACCESS GOVERNANCE Govern non-human access across DTS systems and platforms. This includes: * Defining standards for service accounts, machine identities, automation users, API keys, tokens, secrets and integration credentials. * Ensuring non-human access has clear ownership, purpose, scope, rotation, expiry and auditability. * Working with Product, Engineering, Cloud Security and Infrastructure to reduce unmanaged credential risk. * Ensuring service accounts and machine identities are included in access reviews. * Supporting stronger governance of API access, token issuance, credential lifecycle and integration permissions. 6. AI AND AGENTIC ACCESS GOVERNANCE Define and oversee the governance model for AI agents and agentic workflows across DTS. This includes: * Defining how AI agents are identified, permissioned, monitored, reviewed and revoked. * Ensuring agents have clear ownership, scoped permissions and auditable actions. * Defining which agent actions require human approval or additional control. * Governing agent access to APIs, tools, datasets, workflows, client environments and production capabilities. * Ensuring agents act within delegated authority and cannot exceed the permissions of the user, system or business process they represent. * Working with Product, Architecture and Security to ensure agentic workflows are designed with clear action boundaries. * Working with the Product, Application and Offensive Security Lead to test whether agent permissions and action boundaries can be bypassed. * Working with Privacy Engineering to ensure AI access models support permitted use, minimisation and data protection requirements. 7. DATA ACCESS GOVERNANCE Govern access to sensitive, client, partner and WPP-owned data across DTS. This includes: * Defining standards for dataset access approval, review, revocation and evidence. * Supporting data classification from an access-control and security-governance perspective. * Ensuring access to sensitive data is role-based, purpose-based, least-privileged and auditable. * Supporting controls for cross-client, cross-market, cross-agency and partner data access. * Ensuring data access governance supports InfoSum, Open Intelligence, Resolve, WPP Open and other DTS data collaboration use cases. * Working with Privacy Engineering on data minimisation, permitted use, retention and privacy-by-design requirements. * Ensuring data access risks are surfaced through the DTS risk process. 8. GOVERNANCE OF ACCESS TO TOOLS, WORKFLOWS AND ACTIONS Ensure access governance extends beyond systems and datasets into tools, workflows and actions. This includes: * Defining governance for access to operational tools, workflow automation, orchestration systems, AI tools and administrative actions. * Ensuring high-risk actions are subject to appropriate approval, logging and monitoring. * Supporting segregation of duties across sensitive workflows. * Ensuring automated workflows and agents have clearly scoped authority. * Working with Security Operations to ensure high-risk access and actions are visible in monitoring and detection processes. 9. AUDITABILITY, EVIDENCE AND REPORTING Maintain clear evidence of access governance and support audit and assurance requirements. This includes: * Producing access governance evidence for SOC 2, ISO 27001, client assurance, internal audit and risk reviews. * Working with the ISMS and Risk Officer to ensure access controls, reviews, exceptions and remediation actions are documented. * Reporting on access review completion, high-risk access, overdue actions and access control gaps. * Supporting client and audit questions related to identity, access, privileged roles, service accounts, AI agents and data access. * Ensuring access governance is repeatable, measurable and auditable. Who you'll be working with: The Identity, AI and Data Access Governance Lead will be accountable for: * DTS identity and access governance standards. * Regular access reviews and recertification. * Privileged access governance. * External user, client, partner and vendor access governance. * Service account, machine identity, API key and token governance. * AI agent identity, permission and action governance. * Dataset and sensitive data access governance. * Governance of access to tools, workflows and high-risk actions. * Access governance evidence for audit, compliance and client assurance. * Escalation of material access risks into the DTS risk process. What you'll need: The successful candidate will have: * Experience in identity governance, access management, IAM, security governance, GRC, data access control or platform security. * Strong understanding of least privilege, role-based access control, attribute-based access control, access reviews, privileged access and segregation of duties. * Experience governing access across SaaS platforms, cloud environments, APIs, data platforms or enterprise technology estates. * Knowledge of identity platforms such as Okta, Auth0, Keycloak, Azure AD / Entra ID or similar. * Understanding of service accounts, machine identities, API keys, tokens, secrets and non-human access governance. * Understanding of AI agents, agentic workflows, delegated authority and tool-access governance would be highly valuable. * Understanding of data classification, dataset access governance, privacy-by-design and audit requirements. * Ability to work across security, architecture, product, engineering, infrastructure, legal, privacy and compliance teams. * Strong organisational skills and ability to coordinate reviews, evidence, remediation and reporting. * Ability to translate complex access issues into clear risks, controls and practical actions. LEADERSHIP EXPECTATIONS The Identity, AI and Data Access Governance Lead is expected to: * Be structured, disciplined and pragmatic. * Bring clarity to complex access and permission models. * Challenge excessive, unclear or poorly governed access. * Work constructively with product and engineering teams to design workable controls. * Avoid creating unnecessary bureaucracy while ensuring access is properly governed. * Treat human, machine and agent access as part of the same control landscape. * Escalate material access risks clearly and early. * Support DTS in building a secure, auditable and scalable access governance model. SUCCESS MEASURES Success in the role will be measured by: * DTS having clear identity, access and data access governance standards. * Regular access reviews completed on schedule with evidence. * Reduction in stale, excessive, orphaned or poorly owned access. * Stronger governance of privileged access and production access. * Clear ownership and review of service accounts, machine identities, API keys and tokens. * Defined governance for AI agent identities, permissions and actions. * Improved auditability of access to data, APIs, tools, workflows and production systems. * Better alignment between identity, security, privacy, architecture, product and engineering teams. * Material access risks being visible through the DTS risk register and Risk Review Board. * Increased confidence that DTS can answer: who or what has access to what, why, and when was it last reviewed? Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
About Us Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response. Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats. Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. IT at Sophos is the powerhouse behind world-class business capabilities, applications, infrastructure, and services that bring our company’s vision and strategy to life. Led by a seasoned leadership team with deep expertise in the security industry, and powered by technical contributors recognized as trailblazers in their fields, our department thrives on innovation and agility to deliver cutting-edge solutions. Joining our team means becoming part of a culture that champions creativity and excellence while investing in your growth. We are dedicated to your professional development, offering exciting opportunities to elevate your skills and advance your career. Role Summary Corporate Identity is a critical control point for Sophos, underpinning everything our employees do and serving as a foundation for our certification and compliance programs. We are looking for a Senior Identity Engineer to join our team of Subject Matter Experts (SMEs) who manage our modern identity stack, covering everything identity related from Passkeys through to our Identity Governance and Administration (IGA) processes.