
WPP · Sao Paulo
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-ge...
WPP is the trusted growth partner for the world’s leading brands.
We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative
enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing
platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning,
attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
The Senior Security Incident Responder is a lead technical authority for incident response execution, responsible for handling the
most complex, high-impact, and business-critical security incidents across WPP. The role does not have line management
responsibility; people management remains with the Security Incident Management Lead.
You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views.
We are open-minded: to new ideas, new partnerships, new ways of working.
You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our
clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.
You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers
of our industry; we provide extraordinary every day.
Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.
Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the
industry.
Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the
challenge?
#LI-Hybrid
We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve
adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please
discuss this with the hiring team during the interview process.
WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular
characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same
opportunities to progress in their careers.
PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Senior Security Incident Responder is a lead technical authority for incident response execution, responsible for handling the most complex, high-impact, and business-critical security incidents across WPP. The role does not have line management responsibility; people management remains with the Security Incident Management Lead. What you'll be doing: KEY RESPONSIBILITIES 1. Advanced Incident Detection, Analysis & Response - Lead investigations for high-severity and complex security incidents. - Perform deep technical analysis using SIEM, SOAR, EDR/XDR, identity, email, and cloud telemetry. - Execute and oversee containment, eradication, and recovery actions. - Act as technical incident commander when delegated. 1. Escalation Handling & Stakeholder Coordination - Serve as the primary escalation point for complex incidents. - Coordinate with Legal, Privacy, Risk, Technology Operations, and agency teams. - Provide clear technical updates to senior stakeholders. 1. Forensics, Evidence Handling & Assurance - Lead forensic evidence collection, preservation, and analysis. - Ensure documentation and artefacts are audit-ready. - Support external forensic or law-enforcement engagement when required. 1. Quality Assurance, Playbook Maturity & Continuous Improvement - Review incident handling quality and identify process or tooling gaps. - Improve incident response playbooks and SOPs. - Lead or support post-incident reviews and ensure actions are tracked. 1. Technical Leadership & Capability Uplift - Mentor Security Incident Responders without line management responsibility. - Partner with Detection Engineering, Threat Intelligence, Automation, and VM teams. - Identify opportunities for automation and response optimisation. What you'll need: Essential: - Extensive hands-on experience responding to enterprise-scale security incidents. - Deep technical expertise across SIEM, SOAR, EDR/XDR, identity, email, and cloud platforms. - Strong forensic, investigation, and root cause analysis skills. - Ability to operate calmly under pressure and communicate clearly. Desirable: - Experience acting as incident commander or senior escalation point. - Familiarity with MITRE ATT&CK and threat-led response. - Relevant certifications (GCIH, GCFA, GCED, CISSP). Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone. As a founding member of the Security Operations team in EMEA, you will join us at an exciting time in Roblox’s SIRT & SOC program. You will design and build the detections, automation and tooling that let a lean team monitor and protect players, developers, employees and the platform at global scale and serve as security incident commander in the region. This is a highly autonomous role where you will be a primary decision-maker, core to our mission to maintain a highly capable 24/7/365 monitoring and response capability. While you will work in close collaboration with peers at our US West Coast Headquarters, the time difference requires an engineer who can operate independently, making critical decisions without immediate oversight. We favor engineering our way out of toil through automation, orchestration, detections-as-code, and risk-based prioritization, while retaining the deep technical skills required to conduct detailed, hands-on analysis and lead response end-to-end when the situation warrants. Work Environment: This role is based in London, UK. You will be working from a dedicated, private space located within a shared office environment, designed to enable collaboration while remaining secure. YOU WILL: * Build Detection & Response Systems: Design, write, and maintain production-quality detections, automations and integrations (detections-as-code, SOAR playbooks, data and enrichment pipelines) that scale our monitoring capability and reduce manual toil. * Own Tooling & Platform: Develop and improve the tooling the global SIRT/SOC depends on alert quality and enrichment, case-management integrations and automation that powers reliable "follow-the-sun" hand-offs. * Exercise High Autonomy: Act as the primary Incident Commander for the European time zone, making critical, time-sensitive decisions independently before US HQ comes online. You will serve as the senior-most security engineering point of contact in the region. * Drive Strategy & Architecture: Shape the technical direction of the detection & response engineering function, specifically architecting how global hand-offs and "follow-the-sun" models can be optimized and automated. * Command Security Incidents: Ensure serious threats and impacts are understood, mitigated, and learned from with speed and professionalism, often leading responses end-to-end without immediate escalation paths during local hours — and turning what you learn into durable, automated detections. * Conduct Forensic Investigations & Threat Hunt: Dig into complex context to determine whether threats exist, take decisive action and proactively hunt for anomalous activity in our signals, distinguishing outliers from threats. * Lead High-Profile Responses: Collaborate with Security and Engineering to lead responses to major vulnerabilities or platform-wide events. * Collaborate Cross-Functionally: Work with Legal, HR, Executive teams, and external partners (Developers & Customers). You will also travel semi-regularly to the USA to visit HQ, ensuring deep alignment with central engineering and security leadership. YOU HAVE: * Experience: 10+ years across security engineering, Infosec, IT, Infra/SRE, and/or Incident Response. * Specialization: 7+ years specifically in Detection or Response, with a track record of building, writing detections, automation or security tooling, not solely operating. * Engineering Proficiency: Comfortable writing and reviewing production-quality code (Scripting) and building automations, integrations and data pipelines that others depend on. * Autonomous Leadership: Proven ability to work independently in satellite offices or distributed teams. You are comfortable being the "person in charge" during your shift and making calls that impact the business. * Incident Command: Extensive experience operating as an incident commander. You can flex into deep engineering work but also possess the executive presence to coordinate responders and communicate status to leadership. * Investigations: Expert-level capability investigating threats in enterprise and production environments, taking ownership from identification to resolution. * Knowledge/Tools/Techniques: Deep understanding of security tooling (SIEM, EDR, IDS/IPS, NDR, SOAR) and experience extending or building on it. You are proficient in applying Incident Response frameworks (NIST IR Lifecycle, Cyber Kill Chain, MITRE ATT&CK) to real-world scenarios, and you collaborate effectively with engineering colleagues, leveraging extensive expertise across infrastructure and technologies (Public Cloud, OS, Virtualization, Containerization, Networking, Build/Development infrastructure, and Hardware). * Education: Bachelor's degree in Computer Science, Cybersecurity, or a related technical field; advanced degree preferred or equivalent experience. YOU ARE: * A Builder-Operator: You would rather automate a problem out of existence than staff around it and you hold yourself to an engineering bar even under incident pressure. * A Strategic Self-Starter: You don't wait for instructions. You identify gaps in coverage — especially those unique to regional or time-zone-specific challenges — and fix them. * A Detailed Thinker: You enjoy exploring the details and considering the second- and third-order effects of your decisions. * An Eager Problem Solver: You are drawn to complex issues rather than avoidant of them. * Emboldened to Make Change: You instinctively ask what you can do to improve the situation rather than waiting to be prompted. * Compelled by our Mission: You are driven by the opportunity to protect our community and the safe space we've created. * A Calculated Risk Taker: You move fast, navigating reasonable risks to take action and build capabilities as quickly as possible. Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted). Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Roblox also provides reasonable accommodations to candidates with qualifying disabilities or religious beliefs during the recruiting process. For US based roles only, please note the Company may not be able to employ candidates for this role who have United States work authorization related to certain U.S. visa categories, or support future H-1B sponsorship at this time.
ABOUT EYE SECURITY Eye Security is providing cybersecurity with embedded cyber insurance solutions for organizations in Europe. Headquartered in the Netherlands, we are already over 170 FTEs and continue to grow internationally. We combine cutting-edge technology with hands-on expertise to detect, respond to, and recover from cyber threats in real time. Our team brings together talent from intelligence, military, tech, and consulting backgrounds — all united by a shared mission: to make enterprise-grade cybersecurity accessible to every business, not just the big players. At Eye, you’ll work on projects with an international footprint, solving real-world challenges and helping to build a safer digital future for our clients. ABOUT THIS ROLE We are looking for a Staff Cyber Security Specialist (f/m/x) to strengthen our Incident Response and Security Operations capabilities. This is a senior individual contributor role for an experienced incident responder who enjoys solving complex security challenges and helping organizations navigate critical cyber incidents. In this role, you will lead incident response engagements from investigation through recovery, working directly with customers during some of their most challenging moments. You will act as a trusted technical authority within the team, mentor less experienced responders, and help drive improvements across our security operations. Unlike traditional consultancy environments, you will operate within a product-driven MDR organization serving more than 1,000 customers across Europe. This gives you the opportunity to work at scale, leverage large security datasets, and contribute improvements that strengthen protections across our entire customer base. You will work with state-of-the-art security tooling while collaborating with security professionals from intelligence, military, consulting, national CERT, and technology backgrounds. Alongside operational response work, you'll have opportunities to contribute to internal research initiatives, Bug Bounty Fridays, Capture The Flag events, and other technical projects that help push our capabilities forward. This position is based in the Netherlands and reports directly to the Director of Security Operations. WHAT YOU WILL DO * Act as a leading technical authority within Security Operations, taking ownership of strategic improvement initiatives and helping shape the future direction of our incident response and security operations capabilities. * Lead cyber incident response engagements from intake through recovery. * Act as the technical lead during investigations, coordinating response activities and driving outcomes. * Conduct forensic investigations to determine attack scope, root cause, and impact. * Support customers during active cybersecurity incidents and provide clear technical guidance. * Support MDR and Security Operations activities when not engaged in active incident response cases. * Work with internal and external stakeholders, including management, legal counsel, law enforcement, and regulators when required. * Mentor junior and medior responders and help raise the technical maturity of the team. * Contribute to the continuous improvement of incident response methodologies, playbooks, and operational processes. WHAT YOU WILL NEED * 6+ years of experience in cybersecurity with significant hands-on experience in Incident Response, Digital Forensics, Security Operations, or related disciplines. * Proven ability to independently lead and manage cybersecurity incidents end-to-end. * In-depth knowledge of Windows, Linux, and macOS operating systems, file systems, security architecture, and attack surfaces. * Strong knowledge of enterprise infrastructure, networking, and network security principles. * Experience with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or similar technologies. * Knowledge of cloud environments and cloud security concepts across Microsoft 365, Azure, AWS, or Google Cloud. * Strong investigative and analytical skills with experience collecting and analysing evidence during security incidents. * Ability to communicate technical findings clearly to both technical and non-technical stakeholders. * Experience mentoring or coaching other security professionals. * Strong ownership, collaboration, and communication skills. * Fluency in English (internal working language) * Fluency in Dutch (required for client communication) Nice-to-have * Experience developing scripts, tools, or automations to support investigations and response activities. * Experience conducting technical security research. * Knowledge of threat actors and attacker tactics, techniques, and procedures (TTPs). * Experience working in a CERT, CSIRT, MDR, or DFIR environment. WHAT WE OFFER * A meaningful mission: protect organizations across Europe from real-world cyber threats * Work with top-tier professionals from national CERTs, intelligence agencies, and leading tech backgrounds * A remote-friendly culture with quarterly meetups and annual company retreats (in Spain, Portugal, Italy…) * Thursday socials to stay connected * A generous time-off policy, including wellbeing and volunteering days