Cybersecurity Threat Engineer

Who We Are

Creative Artists Agency (CAA) is the leading entertainment and sports agency, with global expertise in filmed and live entertainment, digital media, publishing, sponsorship sales and endorsements, media finance, consumer investing, fashion, trademark licensing, and philanthropy. Distinguished by its culture of collaboration and exceptional client service, CAA's diverse workforce identifies, innovates, and amplifies opportunities for the people and organizations that shape culture and inspire the world. The trailblazer of the agency business, CAA was the first to build a sports business, create an investment bank, launch a venture fund, found technology start-up companies, establish a philanthropic arm, build a business in China, and form a brand marketing services division, among other innovations. Named Most Valuable Sports Agency by Forbes for eight consecutive years, CAA represents more than 2,000 of the world's top athletes in football, baseball, basketball, hockey, soccer, in addition to coaches, on-air broadcasters, and sports personalities and works in the areas of broadcast rights, corporate marketing initiatives, social impact, and sports properties for sales and sponsorship opportunities. Founded in 1975, CAA is headquartered in Los Angeles, and has offices in New York, Nashville, Memphis, Chicago, Miami, London, Munich, Geneva, Stockholm, Shanghai, and Beijing, among other locations globally.

Job Description

The Role

Strategic and technically adept cybersecurity professional with deep expertise in Vulnerability Management, Offensive Security, and advanced threat detection. As Lead of Cyber Threat Engineering, this individual will be responsible for driving proactive defense initiatives that identify and mitigate risks before they can be exploited. Experienced in leading red and purple team operations, orchestrating vulnerability assessments, and integrating threat intelligence to inform remediation and hardening strategies. Skilled in aligning offensive security insights with enterprise risk management and Incident Response Strategies, improving security posture through automation, and fostering a culture of continuous testing and improvement. Recognized for building high-performing teams that bridge the gap between adversary emulation and defensive readiness to ensure comprehensive protection across digital assets.


We are looking for candidates who have a passion for cyber security, threat detection, risk mitigation, and automation. You will provide insight in our efforts to build and support a defensible environment where we are able to detect, contain and respond quickly to threats, vulnerabilities and compromise in ways that serve to enable the technology needs of a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.


Responsibilities

• Support leadership with enterprise-wide vulnerability identification, assessment, and remediation programs across infrastructure, cloud, and applications.

• Provide continuous visibility to new and emerging threats against existing security controls; ensuring controls remain effective to changing business and threat landscapes.

• Work across the Tech department to enhance security posture capabilities to limit security misconfigurations through secure configuration standards, monitoring, and remediation.

• Integrate automated scanning and vulnerability intelligence into CI/CD and asset management systems.

• Translate offensive findings into actionable security improvements and detection of engineering use cases.

• Collaborate with defensive teams to validate security controls and improve resilience through continuous testing.

• Support the Offensive Security Lifecycle via management of internal and external Cyber Threat and Offensive Security assessments.

• Partner closely with Incident Response teams to enhance detection of logic, playbooks, and threat-hunting capabilities.

Required Capabilities

• A minimum of 6 years' experience delivering information security solutions, ideally with A mixed focus on offensive and defensive security roles.

• bachelor's or master's degree in a relevant field of work

• Hands on experience in Cyber Threat and Offensive Security operations to test and validate the effective operation of security controls, measuring the ability to stop threats and attacks at the earliest point in the kill chain

• Proven track record working as both an individual contributor and lead in the areas of Cyber Threat, Vulnerability Management, or Incident Response

• Strong understanding of the fundamental operations of servers, operating systems, networks, cloud applications and infrastructure along with an advanced understanding of the key controls required for secure operation of these systems

• experience scripting in at least one of the following languages: PowerShell, Python, JavaScript

• experience in aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, Center for Internet Security, OWASP,

• Experience integrating the following tools and capabilities into a successful threat and vulnerability program - Security Orchestration Automation and Response, Security Information and Event Management, Vulnerability Scanning, Security Threat Feeds, Red Team Tooling

Creative Artists Agency, LLC (the "Company") is committed to a policy of Equal Employment Opportunity and will not discriminate on the basis of race (inclusive of traits historically associated with race, including hair texture and protective hairstyles), color, religion, creed, gender or sex (including pregnancy, childbirth, breastfeeding or related medical conditions), national origin, ancestry, age, physical disability, mental disability, medical condition, genetic information, family and medical care leave status, military or veteran status, marital status, family status, sexual orientation, gender identity, gender expression, political affiliation, an employee's or their dependent's reproductive health decision making (e.g., the decision to use or access a particular drug, device or medical service), or any other characteristic protected by applicable law.

The absence of a permanent address is not a bar to employment. The Company does not discriminate against individuals based on housing status, including the absence of a fixed address.

The Company also complies with the Americans with Disabilities Act and applicable state and local laws with regard to providing reasonable accommodation for qualified individuals with disabilities.

CAA does not accept unsolicited resumes from third-party recruiters unless they were contractually engaged by CAA to provide candidates for a specified opening. Any such employment agency, person or entity that submits an unsolicited resume does so with the acknowledgement and agreement that CAA will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.