Security Automation Engineer

About WPP

WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com.

Why we're hiring

The Automation Engineer is responsible for designing, developing, and maintaining security automation solutions that enhance detection, response, workflow efficiency, and operational consistency across Operational Security. Working under the Automation Lead, this role builds high-quality SOAR playbooks, integrations, scripts, AI-assisted workflows, and orchestration pipelines to reduce manual workloads and support the Autonomic Security Operations (ASO) model.

What you'll be doing

Core Responsibilities

Automation Engineering & Development

• Develop SOAR playbooks, workflows, and automations for alert triage, enrichment, containment, and remediation.
• Build scalable, reusable automation components, scripts, and integrations.
• Implement high-quality scripting using Python, PowerShell, and REST APIs.
• Ensure appropriate version control, QA, testing, and documentation of automation artefacts.
• Maintain reliability of automations by monitoring performance, exceptions, and system behaviour.

Platform Integration & Tooling Engineering

• Integrate SOAR with SIEM, EDR, TIP, cloud-native security tools, and case management systems.
• Engineer automation pipelines to support Microsoft and Google security ecosystems.
• Develop API integrations, webhooks, and event-driven automation triggers.
• Support data transformation, enrichment, and telemetry orchestration requirements.

AI / ML Automation Enablement

• Contribute to embedding AI/ML-driven enrichment and correlation logic into automated workflows.
• Support operationalisation of ML models for anomaly detection and decision support.
• Collaborate with data and detection teams to refine and enhance AI-enabled automation.

Workflow Engineering & Process Automation

• Translate SOPs, response runbooks, and detection workflows into automated processes.
• Identify automation opportunities to eliminate manual tasks across SecOps functions.
• Ensure automated processes remain consistent, auditable, and compliant with Operational Security standards.

Operational Collaboration & Support

• Work with Detection Engineering, Incident Response, Threat Hunting, and Threat Intelligence teams to automate use cases.
• Participate in post-incident reviews and embed improvements into automation workflows.
• Assist with tool evaluations, optimisation initiatives, and integration efforts led by the Automation Lead.

Continuous Improvement

• Contribute to a backlog of automation enhancements and new capabilities.
• Optimise accuracy, resilience, and efficiency across automation workflows.
• Ensure alignment with GCAT SOC10x principles, including 10X Technology, Process, Speed, and Visibility.

What you'll need

Technical Expertise

• Experience with SOAR platforms such as Cortex XSOAR, Splunk SOAR, or Chronicle SOAR.
• Proficiency in Python and/or PowerShell for automation development.
• Strong understanding of REST APIs, JSON, and event-driven automation.
• Experience integrating SIEM, EDR, TIP, and cloud-native security tools.

Process & Operational Knowledge

• Understanding of workflows across SOC, Incident Response, Threat Hunting, and Detection Engineering.
• Ability to convert operational requirements and SOPs into engineered automation.
• Familiarity with playbooks, runbooks, and security process governance.

Collaboration & Delivery

• Strong communication and documentation skills.
• Ability to work in an engineering-led, automation-first culture.
• Experience working with cross-functional technical teams in security operations.

Certifications (Preferred)

• SOAR platform certifications.
• GIAC (GMON, GCTI, GCIH, GCDA).
• Python or scripting certifications.
• Azure or GCP cloud certifications.

Key Attributes

• Engineering-first mindset with strong attention to detail.
• Problem-solving orientation with a focus on automation and efficiency.
• Structured, methodical, and reliable approach to delivery.
• Commitment to operational excellence and continuous improvement.

Who you are

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.

Key skills/competency

Security Automation Engineer, SOAR, Python, PowerShell, REST APIs, SIEM, EDR, Cloud Security, Workflow Automation, Incident Response.