Security Threat Intelligence Analyst

WPP is the trusted growth partner for the world’s leading brands. 

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. 
 
We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.
 
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 
 
For more information, visit WPP.com.
 

Why we're hiring:

The Threat Intelligence Engineer is responsible for engineering, operating, and continuously improving WPP’s cyber threat intelligence platforms, integrations, and enrichment pipelines. This role focuses on how threat intelligence is ingested, processed, correlated, and operationalised at scale across security operations. The position is an engineering-led individual contributor role with no people management responsibilities.

 

What you'll be doing:

• Engineer and maintain threat intelligence platforms and data sources.
• Design ingestion pipelines for external, internal, and open-source intelligence feeds.
• Maintain centralised repositories for indicators, threat actor artefacts, and metadata.
• Integrate threat intelligence into SIEM, SOAR, EDR/XDR, email, identity, and cloud tooling.
• Build enrichment pipelines linking incidents to threat actors, campaigns, and TTPs.
• Partner with Automation Engineering to ensure intelligence is automation-first.
• Provide engineered intelligence support to Incident Response during active incidents.
• Enable Detection Engineering and Threat Hunting with structured intelligence outputs.
• Support Vulnerability Management with intelligence on actively exploited vulnerabilities.
• Build automation hooks between CTI platforms and SOAR workflows.
• Enable safe, explainable intelligence use for agentic and automated decision support.
• Improve intelligence delivery speed, accuracy, and signal-to-noise ratio.
• Define and maintain engineering standards for CTI integrations.
• Monitor feed efficacy and deprecate low-value intelligence sources.
• Support audits, assurance, and documentation activities related to CTI.

 

What you'll need:

• Experience engineering or operating enterprise threat intelligence platforms.
• Hands-on experience integrating CTI with SIEM, SOAR, or EDR/XDR.
• Strong capability in APIs, data transformation, enrichment logic, and automation.
• Solid understanding of threat intelligence concepts and operationalisation.
• Experience with Google Threat Intelligence, Recorded Future, or similar platforms.
• Familiarity with MITRE ATT&CK and threat-led detection models.
• Experience supporting incident response or detection engineering teams.
• Relevant certifications (GCTI, GCIA, GCED, cloud security certifications).
• Fluent in written and spoken English.

 

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

 

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Hybrid 

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.