Security Threat Hunting Lead

Why we're hiring:

The Threat Hunting Lead is responsible for building and leading the threat hunting function, driving proactive detection of advanced threats that evade traditional security controls. This role combines strategic leadership with hands-on expertise, ensuring hunts are hypothesis-driven, intelligence-led, and integrated into WPP SOC transformation initiatives under the Autonomic Security Operations model

What you'll be doing:

• Define and implement the threat hunting program, including methodologies, workflows, and KPIs.
• Lead a team of threat hunters to execute hypothesis-driven hunts across endpoints, networks, and cloud environments.
• Develop and maintain structured hunting playbooks aligned with MITRE ATT&CK and GCAT SOC10x principles.
• Mentor and upskill team members, fostering a culture of curiosity and continuous improvement.

• Conduct advanced hunts leveraging telemetry from SIEM, EDR, NDR, and cloud-native platforms.
• Integrate threat intelligence into hunting hypotheses and detection pipelines.
• Collaborate with Detection Engineering, Incident Response, and Threat Intelligence teams to operationalize findings.
• Validate detection coverage through purple team exercises and adversary emulation.

• Maintain a backlog of hunting hypotheses, visibility gaps, and lessons learned.
• Drive automation of hunting workflows using scripting and SOAR platforms.
• Report on hunt outcomes, trends, and strategic improvements to leadership.

• 10X People: Build a high-performing team with continuous learning and knowledge sharing.
• 10X Process: Embed agile, hypothesis-driven hunting workflows.
• 10X Technology: Leverage AI/ML analytics for anomaly detection and hunt acceleration.
• 10X Visibility: Ensure comprehensive telemetry ingestion across hybrid environments.
• 10X Speed: Reduce dwell time and accelerate detection-to-response cycles.

What you'll need:

• Deep knowledge of threat hunting methodologies and frameworks (MITRE ATT&CK, TaHiTI).
• Proficiency in SIEM, EDR/XDR, and log aggregation tools across hybrid infrastructure.
• Strong scripting skills (Python, PowerShell) for automation and data analysis.
• Experience with threat intelligence integration and behavioral analytics.

• Proven experience leading threat hunting or advanced SOC teams in enterprise environments.
• Ability to prioritize hunts based on risk and operational impact.
• Skilled in cross-functional collaboration with SOC, IR, and engineering teams.

• GIAC GCTI, GCIH, or equivalent advanced security certifications.

• Automation-first mindset with focus on scalability and resilience.
• Strong analytical and problem-solving skills.
• Excellent communication and leadership capabilities.

Who you are: