Manager, Cyber Defense

Job Description

Live Nation Entertainment is the world's leading live entertainment and eCommerce company, comprised of four market leaders: Ticketmaster.com, Live Nation Concerts, Front Line Management Group and Live Nation Network. Ticketmaster.com is the global event ticketing leader and one of the world's top five eCommerce sites, with over 26 million monthly unique visitors. Live Nation Concerts produces over 20,000 shows annually for more than 2,000 artists globally. Front Line is the world's top artist management company, representing over 250 artists. These businesses power Live Nation Network, the leading provider of entertainment marketing solutions, enabling over 800 advertisers to tap into the 200 million consumers Live Nation delivers annually through its live event and digital platforms. For additional information, visit www.livenation.com/investors.

THE TEAM

The Cyber Defense and Incident Response team operates within the Corporate Information Security and Privacy Organization and are a critical function within Live Nation Entertainment. We specialize in detecting and responding to adverse events within our global network and provide snap response times to mitigate the impact of potential threats.

THE ROLE

As the Manager of the Cyber Defense team, you will help provide the first layer of defense by continuously seeking way to enhance current detections by leveraging innovative automation techniques that improve detection and response times to intercept and defend against cyberattacks.

You will be the subject matter expert in all things related to threat detection and response. Learning how the adversary operates and their key objectives is imperative to protecting and defending against damage to mission critical systems. Detecting these precursors allow the team to respond quickly to reduce the risk to the organization.

You will work with a team that shares a common goal – continuously seeking ways to enhance threat detection and response by developing a robust team of SMEs that share the ownership of mission and duty to protect the global organization.

We are growing our team to provide threat detection and incident response capabilities for Live Nation Entertainment, this is an exciting time to join!

WHAT THIS ROLE WILL DO
• Prepare, detect, respond and mitigate against cyber threats, protecting Live Nation Entertainment data and assets utilizing industry information security best practices
• Lead a geographically dispersed team of technical detection and response analysts who are responsible for monitoring, detecting, triaging, and responding to security events and incidents in Live Nation Entertainment's 24x7 global network
• Implementation of detection methodologies with a solid understanding of how to baseline network traffic and monitor for anomalous activity for early detection and mitigation
• Responsible for all management activities related to the Threat Detection and Response team's operations including people management, training, and mentoring of direct reports
• Leverage automation and orchestration solutions to automate repetitive tasks
• Network, collaborate and engage multiple internal and external teams and subject matter experts to address cyber security issues to reduce overall organizational risk
• Contribute to and support team projects and strategic initiatives, including improving current workflows and processes to mature our monitoring and response capabilities
• Assist with incident response as events are escalated to include threat hunting, data collection/analysis, triage, containment, remediation and documentation
• Champion process documentation and lessons learned to improve team efficiency and consistency for scalable response operations to ensure continuous improvement of internal playbooks
• Develop and deliver metrics that measure the team's efficiency and effectiveness to leadership
• Manage career development for team members, including training and mentoring, conducting performance reviews and exhibiting behaviors to be modeled by team members
• Drive a culture of inclusiveness and team unity to deliver exceptional customer services within the team and to our partner teams
• Research and stay current on the latest trends, best practices, and technology developments
• Participate in on-call weekly rotations with other team members (Required)

WHAT THIS PERSON WILL BRING
• 8+ years of Information Technology experience
• Member of a Security Operations Center (SOC)
• Security Incident Response Analyst or supporting function (2 years minimum)
• eDiscovery or related role performing forensic functions
• 2+ years of Information Security and Incident Response or similar discipline
• 2+ years of Linux/Unix, Mac and Windows system analysis experience
• Technical Cyber Security Certification(s) required (min. 1): GCED, GCDA, GDAT etc.
• BA/BS in Computer Science, Information Security, or Information Systems or equivalent related work experience
• Experience working in a large enterprise and management of a wide range of security tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, etc.
• Familiarity with security standards NIST Cyber Security Framework, NIST SP800-61 R2 and ISO/IEC 27035
• Experience with threat modeling concepts such as threat indicators, threats actors and attack surfaces
• Understanding of network architecture and security infrastructure placement
• Experience with SIEM technologies (i.e. ArcSight, Splunk, Elk Stack)
• In-depth technical knowledge of Windows and Unix/Linux based operating systems
• Travel is at a minimum, but some domestic and international travel is required
• Must be willing to be available 24x7 during weekly on-call rotations
• Must be willing to work non-traditional hours which may occur over weekends and holidays in support of incidents as needed
• Exceptional ability to remain calm under stress
• Must be able to pass a criminal background check and a US government security clearance if requested
• Identification and understanding how malware and threat actors operate at a functional level as well as understanding their main objectives to reduce the potential spread and impact
• Demonstrate knowledge of relevant data sources to log in the SIEM
• Utilize threat detection and other tools to analyze event logs to prevent and detect adversary attacks
• Experience with containment, eradication and remediation while preserving forensic artifacts for analysis
• Practical level of understanding of security benchmarks and hardening of devices to reduce their attack surface both physical and cloud devices
• Innovative Content Development. Develop detection rules that perform aggregate and correlated activity detections across the security stack leveraging API automation integrations
• Experience with escalating and participating in small- and large-scale incident response activities to include threat hunting, containment and remediation
• Technical Savvy. Must be able to design and implement dashboards, reports and queries using various query and scripting languages
• Ability to reverse engineer how a network or endpoint was compromised to develop new detections to prevent future attacks of the same
• Consistent and proven ability to generate well-organized notes at a high-level and ability to document timelines of events a

[more...]

Jobcode: Reference SBJ-re4w90-18-119-130-218-42 in your application.