Incident Response Advanced Lead (Cybersecurity)

TL;DR

Incident Response Advanced Lead (Cybersecurity): Leading the full lifecycle of high-severity cyber incidents and coordinating cross-functional response teams with an accent on executive communication and regulatory compliance. Focus on architecting incident battle rhythms, managing forensic evidence discipline, and maturing the overall IR program maturity.

Location: Remote (Must be based in the United States), with a strong preference for candidates in US Eastern or Central time zones.

Salary: $140,000 - $175,000 USD

Company

The world's leading live entertainment company, comprising global leaders Ticketmaster, Live Nation Concerts, and Live Nation Media & Sponsorship.

What you will do

• Serve as the primary Incident Commander for all high-severity (SEV-1/SEV-2) cyber incidents, owning the full response lifecycle.
• Translate complex technical findings (MITRE ATT&CK, kill chains) into authoritative situational awareness for C-suite and non-technical stakeholders.
• Maintain rigorous incident timelines and ensure chain of custody for forensic artifacts to withstand legal and regulatory scrutiny.
• Design and lead a sophisticated annual tabletop and functional exercise program, including executive-level simulations.
• Manage third-party IR retainer relationships, MDR providers, cyber insurance carriers, and law enforcement liaisons.
• Drive enterprise alignment to NIST SP 800-61r3, NIST CSF 2.0, and SEC cyber disclosure requirements.

Requirements

• 10+ years in cybersecurity, with at least 6–7 years directly leading enterprise-scale incident response operations.
• Must be US-based and authorized to work in the United States without sponsorship.
• Expert-level fluency in MITRE ATT&CK, cyber kill chain, diamond model, and IR frameworks (NIST SP 800-61, SANS PICERL).
• Mastery of executive-level written and verbal communication under high-pressure conditions.
• Comprehensive knowledge of regulatory obligations including SEC 8-K, GDPR, HIPAA, and PCI-DSS.
• Possession of at least one industry certification: GCIH, GCFA, GCIA, CISSP, or CISM.

Nice to have

• Experience building or materially maturing an enterprise IR program from the ground up.
• Advanced cloud incident response experience across AWS, Azure, or GCP.
• Experience with OT/ICS incident response or third-party supply chain response.
• Familiarity with IR orchestration and case management tools (ServiceNow SIR, Jira, Tines, TheHive).

Culture & Benefits

• Comprehensive medical, vision, dental, and mental health benefits with HSA/FSA options.
• 401(k) program with company match and stock reimbursement program.
• Generous paid time off, sick time, and unique perks like free concert tickets.
• Supportive family programs including caregiver leave, fertility, adoption, and surrogacy support.
• Investment in professional growth via the School of Live, tuition reimbursement, and student loan repayment.