Lead CyberSecurity SOC Analyst

About Us Live Nation Entertainment is the world's leading live entertainment company, comprised of global market leaders: Ticketmaster, Live Nation Concerts, and Live Nation Media & Sponsorship. Ticketmaster is the global leader in event ticketing with over 620 million tickets sold annually and approximately 10,000 clients worldwide. Live Nation Concerts is the largest provider of live entertainment in the world promoting more than 50,000 events annually for nearly 7,000 artists in 40+ countries. These businesses allow Live Nation Media & Sponsorship to create strategic music marketing programs that connect more than 1,200 sponsors with the 145 million fans that attend Live Nation Entertainment events each year. For additional information, visit www.livenationentertainment.com.

Passionate and motivated. Driven, with an entrepreneurial spirit. Resourceful, innovative, forward thinking and committed. At Live Nation Entertainment, our people embrace these qualities, so if this sounds like you then please read on!

As a UK/EMEA Lead SOC Analyst, you will serve as the bridge between frontline analysts and DART management, helping guide real‑time incident response, providing mentorship and quality assurance across shifts, and contributing to process development and strategic improvement. You will lead shift operations, act as an escalation point for complex investigations, and ensure consistent application of incident response processes across global teams.

• Coordinate daily DART shift activities to ensure smooth operations and adequate coverage.
• Act as an escalation point for high‑priority security alerts and investigations.
• Act as an Incident Commander to ensure the incident investigation process is streamlined and completed from start to finish.
• Conduct QA reviews on tickets to ensure accuracy, completeness, and adherence to IR procedures.
• Lead shift handovers, ensuring continuity and communication across regions.

• Monitor and triage security alerts using SIEM, EDR, and NDR platforms.
• Perform in‑depth investigations into potential threats, applying TTP‑based analysis and leveraging internal tools.
• Collaborate with business units and technical teams during incident response to gather context and execute containment or remediation.
• Provide structured documentation and recommendations post‑incident.

• Mentor junior and mid‑level analysts during investigations and incident response.
• Support onboarding and continuous training through documentation, coaching, and hands‑on guidance.
• Promote a culture of collaboration, accountability, and continuous improvement across shifts.

• Help identify tooling or workflow gaps; provide recommendations to the Defense and Response Team/Detection and Response Engineering Manager for improvements.
• Contribute to the creation and refinement of playbooks and operational procedures.
• Participate in tuning detection content and use‑case development in partnership with threat detection teams.

• Assist in tracking key performance indicators (Time to Detect, Time to Resolve, Escalation Ratios, etc.).
• Support reporting functions by summarizing incidents and shift activities in alignment with team OKRs.

• Bachelor's degree (or higher) in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field preferred
• 5+ years of experience in a cybersecurity analyst role, with at least 2 years in a lead or senior‑level capacity required
• Proven hands‑on experience with SIEM, EDR, NDR, and DFIR toolsets.
• In‑depth understanding of attacker TTPs (MITRE ATT&CK) and strong investigative mindset.
• Experience responding to incidents in cloud environments (AWS, Azure, GCP).
• Excellent written and verbal communication skills, especially in cross‑functional and high‑pressure scenarios.
• Ability to guide and inspire analysts of varying experience levels.

At least TWO of the following (or equivalent experience):

• GIAC Security Expert (GSE)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• CompTIA Cybersecurity Analyst (CySA+)
• OSCP - Offensive Security Certified Professional
• CISSP - Certified Information Systems Security Professional
• Microsoft Certified: Cybersecurity Architect Expert or AWS Certified Security
• CompTIA Security Plus (Sec +)

• Participate in a 24/7 on‑call rotation.
• Demonstrate flexibility and ownership during incidents and surge periods and tracking, capacity planning, on Manager DART the with closely Collaborate
• Continuous team/process improvement.

We are passionate and committed to our people and go beyond the rhetoric of diversity and inclusion. You will be working in an inclusive environment and be encouraged to bring your whole self to work. We will do all that we can to help you successfully balance your work and home life. As a growing business we will encourage you to develop your professional and personal aspirations, enjoy new experiences, and learn from the talented people you will be working with. It's talent that matters to us and we encourage applications from people irrespective of their gender identity, race, sexual orientation, religion, age, disability status or caring responsibilities.