Senior Security Incident Responder

Why we're hiring:

The Senior Security Incident Responder is a lead technical authority for incident response execution, responsible for handling the most complex, high-impact, and business-critical security incidents across WPP. The role does not have line management responsibility; people management remains with the Security Incident Management Lead.

What you'll be doing:

KEY RESPONSIBILITIES

1. Advanced Incident Detection, Analysis & Response

- Lead investigations for high-severity and complex security incidents.

- Perform deep technical analysis using SIEM, SOAR, EDR/XDR, identity, email, and cloud telemetry.

- Execute and oversee containment, eradication, and recovery actions.

- Act as technical incident commander when delegated.

1. Escalation Handling & Stakeholder Coordination

- Serve as the primary escalation point for complex incidents.

- Coordinate with Legal, Privacy, Risk, Technology Operations, and agency teams.

- Provide clear technical updates to senior stakeholders.

1. Forensics, Evidence Handling & Assurance

- Lead forensic evidence collection, preservation, and analysis.

- Ensure documentation and artefacts are audit-ready.

- Support external forensic or law-enforcement engagement when required.

1. Quality Assurance, Playbook Maturity & Continuous Improvement

- Review incident handling quality and identify process or tooling gaps.

- Improve incident response playbooks and SOPs.

- Lead or support post-incident reviews and ensure actions are tracked.

1. Technical Leadership & Capability Uplift

- Mentor Security Incident Responders without line management responsibility.

- Partner with Detection Engineering, Threat Intelligence, Automation, and VM teams.

- Identify opportunities for automation and response optimisation.

What you'll need:

- Extensive hands-on experience responding to enterprise-scale security incidents.

- Deep technical expertise across SIEM, SOAR, EDR/XDR, identity, email, and cloud platforms.

- Strong forensic, investigation, and root cause analysis skills.

- Ability to operate calmly under pressure and communicate clearly.

- Experience acting as incident commander or senior escalation point.

- Familiarity with MITRE ATT&CK and threat-led response.

- Relevant certifications (GCIH, GCFA, GCED, CISSP).

Who you are: