Live Nation Entertainment

Incident Response Advanced Lead - US

Live Nation Entertainment$140K — $175K *
US-AnywhereRemote in California, US
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in cybersecurity, with 6-7 years leading incident response operations at enterprise scale.
  • Hands-on experience as an incident commander in diverse major incidents including ransomware and data exfiltration.
  • Expert fluency in MITRE ATT&CK and other IR frameworks applied in live incidents.
  • Mastery of executive-level communication under pressure for tactical and strategic messaging.
  • Advanced project management skills managing multiple concurrent incidents.

Responsibilities

  • Lead all high-severity cyber incidents as the Incident Commander from declaration to closure.
  • Architect and execute an incident command rhythm, ensuring accountability across teams.
  • Translate complex technical findings into clear communication for non-technical stakeholders.
  • Proactively manage and mitigate critical path blockers during incidents.
  • Mentor junior incident coordinators and incident commanders during live incidents.

Benefits

  • Comprehensive health benefits (medical, vision, dental, mental health) for employees and families.
  • Generous paid time off including holidays, sick time, and personal days.
  • 401(k) with company match, stock reimbursement program for employees.
  • Support for new parents, adoption, and fertility treatments.
  • Access to professional development programs and tuition reimbursement.
Full Job Description
Job Summary:

WHAT THIS ROLE WILL DO

Incident Command and Coordination
  • Serve as the primary Incident Commander for all high-severity (SEV-1 / SEV-2) cyber incidents, owning the full response lifecycle from declaration through closure under an ICS-aligned model - with the depth to lead simultaneous active incidents without degraded performance.
  • Architect and enforce the incident battle rhythm at an advanced level: establish and adapt sync cadences mid-incident, drive the task board with precision, assign owners and enforce accountability across security engineering, threat hunting, CTI, IT, legal, privacy, comms, and business units - with no ambiguity about who owns what.
  • Translate complex technical findings (MITRE ATT&CK technique chains, kill chain progression, diamond model pivots, attacker TTPs, indicators of compromise and attack) into authoritative situational awareness for non-technical stakeholders, drawing on first-hand knowledge of how these frameworks apply in live environments.
  • Anticipate and eliminate critical path blockers before they become delays: containment actions, evidence preservation, regulatory and contractual notification clocks, scope creep signals, and remediation milestones - with proven instincts built from repeated high-pressure experience.
  • Make independent, time-sensitive decisions on severity classification, scope expansion, external support activation (IR retainer, outside counsel, forensics, cyber insurance), and incident closure criteria. Escalate strategically - not reflexively.
  • Mentor and guide junior IR coordinators and incident commanders in real time during live incidents, building organizational depth without sacrificing response velocity.


Executive and Stakeholder Communication
  • Own the executive communication stream at the highest level during incidents: produce polished, defensible written situation reports (sitreps) on a predictable cadence and deliver verbal briefings to CISO, CIO, General Counsel, and C-suite with the confidence and authority of someone who has done it under fire.
  • Produce expert-level stakeholder-tailored messaging with no ramp-up required: deep technical framing for SOC and engineering, risk and financial impact framing for executives, and clear plain-language updates for business partners - adjusting in real time as incident facts evolve.
  • Lead coordination with Legal, Privacy, Corporate Communications, and Investor Relations on external notifications, regulatory filings (SEC 8-K for material cyber incidents, state breach laws, GDPR, HIPAA where applicable), and customer disclosures - navigating competing priorities with sound judgment and legal fluency.
  • Own and deliver board-level reporting on significant incidents, ensuring appropriate privilege protections under counsel direction, with the gravitas and precision that board audiences require.
  • Proactively identify communication gaps and systemic messaging failures in past incidents and develop improved templates, protocols, and training to close them.


Documentation and Evidence Discipline
  • Maintain and enforce the authoritative incident timeline standard in real time during response - capturing decisions, actions, owners, timestamps, and supporting artifacts with a level of discipline that withstands legal and regulatory scrutiny.
  • Own chain of custody and evidence handling requirements end-to-end, ensuring forensic artifacts, logs, and investigative outputs are documented to a standard defensible in litigation, regulatory investigation, or law enforcement engagement.
  • Lead after-action reports (AARs) and blameless post-incident reviews that go beyond timeline reconstruction to identify systemic root causes, contributing organizational factors, and corrective actions with owners, due dates, and measurable closure criteria.
  • Continuously mature the IR documentation library - playbooks, runbooks, RACI matrices, escalation paths, contact trees, and communication templates - versioning with rigor and ensuring content reflects current threat landscape and organizational changes.


Program Management and Readiness
  • Design and lead a sophisticated annual tabletop and functional exercise program - including executive-level simulations, cross-functional full-scale drills, and red team / IR integration exercises - capturing findings, tracking remediation, and measuring year-over-year maturity.
  • Own IR program metrics at a strategic level: MTTD, MTTC, MTTR, SLA adherence, exercise coverage, corrective action aging, and program maturity scoring. Produce executive and board reporting that drives resource investment and organizational prioritization.
  • Drive enterprise alignment to NIST SP 800-61r3, NIST CSF 2.0, and applicable regulatory frameworks (SEC cyber disclosure, state AG requirements, sector-specific regulators), translating requirements into operational IR program obligations with clear ownership.
  • Lead the management of third-party IR retainer relationships, MDR providers, cyber insurance carriers, and law enforcement liaisons - including contract negotiation, SLA definition, joint exercise execution, and activation readiness validation.
  • Partner deeply with CTI, threat hunting, red team, and security engineering to ensure IR lessons learned are systematically converted into improved detections, prioritized control gaps, and hardened playbooks - closing the loop between response and prevention.
  • Shape and drive the multi-year IR program strategy, including capability roadmaps, headcount planning inputs, tooling investments, and organizational design recommendations.


WHAT THIS PERSON WILL BRING - Required Qualifications
  • 10+ years in cybersecurity, with at least 6-7 years directly leading incident response operations at enterprise scale - not adjacent to it.
  • Deep, hands-on experience as a primary incident commander on multiple major incidents across diverse attack scenarios (ransomware, data exfiltration, business email compromise, insider threat, cloud compromise, nation-state activity, or equivalent) with demonstrable ownership from declaration through post-incident closure.
  • Expert-level fluency in MITRE ATT&CK, cyber kill chain, diamond model, and IR frameworks (NIST SP 800-61, SANS PICERL) - applied in live incidents, not just cited. Able to challenge and interrogate technical findings with authority, identify gaps, and redirect responders in real time.
  • Mastery of executive-level written and verbal communication under pressure. Able to produce a defensible sitrep in under 10 minutes mid-incident, calibrated for audience, and structured to support decision-making - not just information sharing.
  • Advanced program and project management skills: experienced running concurrent live incidents with multiple workstreams, enforcing accountability across organizational boundaries, and managing the program in steady state simultaneously.
  • Comprehensive knowledge of regulatory and legal obligations for cyber incidents - SEC disclosure (including 8-K material incident determinations), state breach notification, GDPR, HIPAA, PCI-DSS, and contractual notification clauses - with the confidence to advise counsel rather than simply receive direction.
  • Prior experience in a Fortune 500, large-scale entertainment/media/technology company, or heavily regulated industry (financial services, healthcare, critical infrastructure, defense), or equivalent consulting engagement manager experience at a major IR firm (Mandiant, CrowdStrike, Unit 42, Kroll, or similar).
  • At least one industry certification demonstrating sustained commitment to the discipline: GCIH, GCFA, GCIA, CISSP, CISM, or equivalent. ICS-300/400 a strong plus.
  • Must be US-based and authorized to work in the United States without sponsorship. Must be available outside business hours and carry a formal on-call rotation for major incidents.


WHAT THIS PERSON WILL BRING - Preferred Qualifications
  • Demonstrated experience building or materially maturing an enterprise IR program from the ground up - including capability gap assessments, tooling selection, playbook authorship, and team development.
  • Advanced cloud incident response experience across two or more major platforms (AWS, Azure, GCP) including cloud-native forensics, identity-based attacks, and container/serverless compromise scenarios.
  • Experience with OT/ICS incident response or third-party/supply chain incident response in complex, multi-vendor environments.
  • Deep familiarity with IR orchestration and case management tooling (ServiceNow SIR, Jira, Resilient, Swimlane, Tines, TheHive) and the ability to drive tooling improvements and workflow automation.
  • Experience developing and delivering IR training programs, mentoring junior incident coordinators, or building IR capability within a security operations organization.
  • Exposure to threat intelligence integration in IR workflows - including consuming and directing CTI outputs during live incidents to sharpen containment and attribution decisions.


Skills and Attributes
  • Commanding presence under pressure. Runs bridge calls with 30+ stakeholders, cuts through noise, maintains task focus, and projects confidence that steadies the room.
  • Writes with precision and economy. Every word earns its place - especially in a sitrep at 2 AM with a C-suite audience.
  • High ownership, low ego. Pushes back on executives with facts, confidence levels, and recommended courses of action - then executes without friction.
  • Forensic attention to documentation discipline without losing operational momentum.
  • Senior business judgment: knows when a situation has changed, when to pull external resources, when to escalate to the board, and when to hold steady. Earns trust quickly.
  • Trusted strategic partner to Legal, Privacy, and Compliance - fluent in privilege, evidence preservation, regulatory clocks, and the intersection of legal strategy and incident operations.
  • Multiplier effect on the team: raises the game of every IR practitioner in the room by modeling excellence, providing real-time coaching, and holding a high standard.


Work Location and Travel
  • United States-based required. Remote eligible with a strong preference for candidates located in or able to maintain consistent overlap with US Eastern or Central time zones for executive cadence and on-call response.
  • Occasional travel (up to 20 percent) for exercises, major incident activations, leadership offsites, and IR retainer/partner relationship management.


BENEFITS & PERKS

Our motto is 'Taking Care of Our Own' through 6 pillars of benefits:

HEALTH: Medical, vision, dental and mental health benefits for you and your family, with access to a health care concierge, and Flexible or Health Savings Accounts (FSA or HSA)

YOURSELF: Free concert tickets, generous paid time off including paid holidays, sick time, and personal days

WEALTH: 401(k) program with company match, stock reimbursement program

FAMILY: New parent programs including caregiver leave, plus fertility, adoption, foster, or surrogacy support

CAREER: Career and skill development programs with School of Live, tuition reimbursement, and student loan repayment

OTHERS: Volunteer time off, crowdfunding match

About Live Nation Entertainment

Live Nation Entertainment is a producer, promoter, and seller of live concert tickets for artists and fans.

Live Nation Entertainment Careers

Join the vibrant team at Live Nation Entertainment, the global leader in live entertainment and ticketing services. As part of our dynamic team, you'll be at the forefront of the entertainment industry, where innovation, leadership, and growth are part of everyday life.

Work You’ll Do

At Live Nation Entertainment, we offer more than just job opportunities; we provide a platform for professional growth and a chance to be part of exciting live events that shape culture worldwide. Our team is driven by a passion for live experiences, and we thrive on creativity and diversity.

Transform Your Career

Embark on a career journey with Live Nation Entertainment and help transform the live entertainment landscape. Utilize your skills in a workplace that values diversity, innovation, and leadership. Our commitment to professional growth is evident in our robust training programs, including leadership development and diversity training, ensuring that every team member is equipped for success.

Innovative Work Environment

Live Nation Entertainment is a hub for creative and solution-driven team players. Our culture fosters innovation and encourages employees to bring new ideas to the table. With a focus on digital innovation and industry expertise, our team is always ahead of the curve, setting trends in the entertainment sector.

Be Part of a Great Team

Working with us means being part of a team that values creativity and is passionate about providing unforgettable live experiences. Our employees enjoy comprehensive benefits, a collaborative environment, and opportunities for networking and career advancement.

Future-Proof Your Career

Live Nation Entertainment is not just a company; it's a place where you can grow your career and impact the global entertainment landscape. We offer a variety of positions, from internships to leadership roles, each providing unique challenges and opportunities. Our commitment to employee development is reflected in our continuous learning opportunities and our support for gaining industry-recognized qualifications.

Explore Job Opportunities

Whether you're looking to start your career or take it to the next level, Live Nation Entertainment offers a range of employment options. From marketing and sales to event management, our team is hiring across multiple disciplines. Explore open positions that match your skills and interests, and see where a career at Live Nation Entertainment can take you.

Stay Connected

Join Our Team Search for open positions that align with your career goals. We are always on the lookout for passionate, curious, and innovative individuals to join our team.

Keep Up to Date

Stay informed with the latest company news, career tips, and industry insights—all from the people who work here. Live Nation Entertainment is a place where your career can thrive, supported by a culture that fosters leadership and innovation.

Job Alert Emails

Customize your subscription to receive job alerts and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities that await at Live Nation Entertainment. Join us at Live Nation Entertainment, where your career in live entertainment starts today.
Learn more about Live Nation Entertainment
Size
10,200 employees
Market Cap
$16 billion
Industry
Net Income
-$1.7 billion
Founded
2005
5 Year Trend
-5.6%
Revenue
$1.8 billion
NASDAQ

Similar Jobs

More Jobs at Live Nation Entertainment

More Information Technology Jobs

Find similar Incident Response Advanced Lead - US jobs: