Lead Cyber Security Detection Engineer

Location: California
Job Summary:

Live Nation Entertainment is the world’s leading live entertainment company, comprised of global market leaders:
Ticketmaster, Live Nation Concerts, and Live Nation Media & Sponsorship. Ticketmaster is the global leader in event ticketing with over 620 million tickets sold annually and approximately 10,000 clients worldwide.  Live Nation Concerts is the largest provider of live entertainment in the world promoting more than 50,000 events annually for nearly 7,000 artists in 40+ countries. These businesses allow Live Nation Media & Sponsorship to create strategic music marketing programs that connect more than 1,200 sponsors with the 145 million fans that attend Live Nation Entertainment events each year.

For additional information, visit .Passionate and motivated. Driven, with an entrepreneurial spirit. Resourceful, innovative, forward thinking and committed. At Live Nation Entertainment, our people embrace these qualities, so if this sounds like you then please read on!
** THE ROLE
** We are searching for a Lead Cybersecurity Engineer to join our expanding security operations team at Live Nation Entertainment.

This role focuses on engineering detection and incident response capabilities. Key responsibilities include developing automated incident response playbooks and engineering high-fidelity detections within SIEM, EDR and cloud environments. The position also entails engineering and implementing security tools, security controls, and infrastructure in collaboration with system owners.

The role would work closely with cyber threat intelligence analysts to develop detections to evolving threat actor TTPs
** WHAT THIS ROLE WILL DO
*** Collaborate with security analysts to create playbooks for triage and response for high fidelity detections.
* Lead the development of orchestrations and automations that significantly reduce manual tasks
* Perform expert-level intrusion and/or defensive analysis
* Develop automated incident response playbooks.
* Evaluate and improve current monitoring and detection capabilities to identify areas for improvement.
* Engineer detections with SIEM and XDR using various query languages.
* Engineer and implement security controls based on industry standards while continuously evaluating and enhancing our security infrastructure.
* Collaborate with system owners to architect, configure, and implement security monitoring and defense tools to safeguard against security breaches, cyber threats, and unauthorized access.
* Conduct adversary simulation testing and vulnerability scanning.
* Assist in analyzing large and complex datasets to uncover anomalous behavior and potential threats.
* Support the deployment and implementation of various security tools and technologies
** WHAT THIS PERSON WILL BRING:
*** 5+ years working in a security operations role
* 5+ years of writing custom SIEM detection queries and security automation logic
* Experience working multiple concurrent operating environments
* Advanced knowledge of the signals of both insider and external threat actors, their tactics and procedures, and how they evolve or change over time.
* SME level knowledge of current cyber threats and how to detect them using SIEM, XDR, EDR, and cloud technologies.  + Detection Development  + Detection Enablement  + Detection Effectiveness (Tuning, Validation, etc.)
* Advanced usage of at least one query language(KQL, Splunk, CQL, SQL) and the ability to understand, analyze, and write code.
* Thorough understanding of Identity Platforms—Entra

ID, Okta, Cyber Ark and major public cloud vendors—Azure, OCI, AWS, and GCP, both for development of detections, support investigations and determine secure solutions.
* Work well under pressure and within time/budget constraints to solve problems or meet objectives.
* Strong problem-solving and analytical thinking skills.
* Strong curiosity and a desire to learn.
* Ability to contribute in a collaborative global environment and team.
* Ability to identify and address gaps in security telemetry and monitoring required
* Capable of developing metrics reporting to support cyber operations teams
* Proven experience investigating and responding to security…