Security Threat Intelligence Analyst

Why we're hiring:

The Threat Intelligence Engineer is responsible for engineering, operating, and continuously improving WPP’s cyber threat intelligence platforms, integrations, and enrichment pipelines. This role focuses on how threat intelligence is ingested, processed, correlated, and operationalised at scale across security operations. The position is an engineering-led individual contributor role with no people management responsibilities.

What you'll be doing:

• Engineer and maintain threat intelligence platforms and data sources.
• Design ingestion pipelines for external, internal, and open-source intelligence feeds.
• Maintain centralised repositories for indicators, threat actor artefacts, and metadata.
• Integrate threat intelligence into SIEM, SOAR, EDR/XDR, email, identity, and cloud tooling.
• Build enrichment pipelines linking incidents to threat actors, campaigns, and TTPs.
• Partner with Automation Engineering to ensure intelligence is automation-first.
• Provide engineered intelligence support to Incident Response during active incidents.
• Enable Detection Engineering and Threat Hunting with structured intelligence outputs.
• Support Vulnerability Management with intelligence on actively exploited vulnerabilities.
• Build automation hooks between CTI platforms and SOAR workflows.
• Enable safe, explainable intelligence use for agentic and automated decision support.
• Improve intelligence delivery speed, accuracy, and signal-to-noise ratio.
• Define and maintain engineering standards for CTI integrations.
• Monitor feed efficacy and deprecate low-value intelligence sources.
• Support audits, assurance, and documentation activities related to CTI.

What you'll need:

• Experience engineering or operating enterprise threat intelligence platforms.
• Hands-on experience integrating CTI with SIEM, SOAR, or EDR/XDR.
• Strong capability in APIs, data transformation, enrichment logic, and automation.
• Solid understanding of threat intelligence concepts and operationalisation.
• Experience with Google Threat Intelligence, Recorded Future, or similar platforms.
• Familiarity with MITRE ATT&CK and threat-led detection models.
• Experience supporting incident response or detection engineering teams.
• Relevant certifications (GCTI, GCIA, GCED, cloud security certifications).
• Fluent in written and spoken English.

Who you are: