Cyber Security Incident Response Lead

Live Nation Entertainment is the world's leading live entertainment company, comprised of global market leaders: Ticketmaster, Live Nation Concerts, and Live Nation Media & Sponsorship. Ticketmaster is the global leader in event ticketing with over 620 million tickets sold annually and approximately 10,000 clients worldwide. Live Nation Concerts is the largest provider of live entertainment in the world promoting more than 50,000 events annually for nearly 7,000 artists in 40+ countries. These businesses allow Live Nation Media & Sponsorship to create strategic music marketing programs that connect more than 1,200 sponsors with the 145 million fans that attend Live Nation Entertainment events each year. For additional information, visit www.livenationentertainment.com.

Passionate and motivated. Driven, with an entrepreneurial spirit. Resourceful, innovative, forward thinking and committed. At Live Nation Entertainment, our people embrace these qualities, so if this sounds like you then please read on!

The Incident Response Lead is responsible for driving the containment and eradication of threats during cyber security events and following through with supporting remediation efforts post events within a fast-paced and dynamic environment in effort to restore normal secure service delivery.

This individual will act as a liaison between technical teams and leadership, ensuring effective communication and alignment on cybersecurity priorities. This role will require attention to detail, ability to organize and document information, and in-depth knowledge of cyber security processes to support the global organization through complex and high‑pressure incidents.

This role is ideal for an experienced cybersecurity professional with a passion for leading technical projects, fostering team alignment, and delivering results in a dynamic and complex enterprise environment.

• Capture detailed notes and deliver precise, accurate reports to stakeholders during high-pressure scenarios, ensuring all action items are effectively communicated and delegated to the Cyber Defense team or partners for execution; throughout the lifecycle of an incident.
• Collect evidence from cyber events and utilize data to build a complete chain of events
  from initial access through eradication and recovery phases
• Advise and coordinate with Incident Commander by providing trusted expert advice to
  support the successful conclusion of a cyber incident
• Receive and analyze signals from numerous sources to determine possible causes of
  alerts
• Conduct, document and report postmortem lessons learned that contribute to the
  improvement of the team and the organization's cyber program.
• Develop and communicate reports on Cyber Defense TTPs, guidance, and incident
  findings to various stakeholders
• Advise and collect forensically sound artifacts for inspection to support cyber incidents
• Engage with both technical and non-technical stakeholders in a professional manner both
  internally and externally to the business on sensitive cybersecurity issues.
• Develop training and exercises to promote both team and organizational development to improve delivery during incidents, through the creation and conduction of tabletops and workshops.
• Work as part of a global team
  Be the Incident Response SME

• Bachelor's degree in Computer Science, Information Security, or a related field
• 5+ years of experience in Cyber Security Operations type role
• 3+ years of experience specifically in Incident Response type roles that performed event investigations
• Excellent communication skills, with experience delivering executive-level briefings and reports.
• Solid understanding of cybersecurity principles, including incident response, policy governance, and compliance requirements.
• Experience with security tools such as SIEMs, IDS/IPS, DLP, and vulnerability management platforms.
• Strong organizational, time‑management, and leadership skills.
• Experience in the application of available tooling to defend against cyber threats and
  hardened existing systems against further attacks
• Experience in response to at least one public cloud vendor (e.g.: AWS. GCP, Azure, etc)
• Experience in response to a variety of system types and applications
• Must be willing to work an on‑call rotation
• Excellent analytical and problem‑resolution skills to collect/ preserve evidence for documentation and reporting
• Certifications: CISSP, GCIH, GCFA, CySA+
• Experience working in large, global enterprises with complex technical infrastructures
• Knowledge of audit frameworks and regulatory compliance requirements (e.g., SOX, GDPR, PCI DSS)
• Familiarity with cloud security architectures and tools (e.g., AWS, Azure, GCP)
• Exceptional ability to remain calm and focused during high‑stress situations.
• Strong problem‑solving and conflict management skills
• A collaborative team player who thrives in a global, cross‑functional environment.

We are passionate and committed to our people and go beyond the rhetoric of diversity and inclusion. You will be working in an inclusive environment and be encouraged to bring your whole self to work. We will do all that we can to help you successfully balance your work and homelife. As a growing business we will encourage you to develop your professional and personal aspirations, enjoy new experiences, and learn from the talented people you will be working with. It's talent that matters to us and we encourage applications from people irrespective of their gender, race, sexual orientation, religion, age, disability status or caring responsibilities.