AT&T

Lead Cybersecurity – Insider Risk Analyst (Telemetry, Insider Risk Detection, and AI-Driven Security Operations)

AT&T$141K — $211K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of hands-on cybersecurity experience in incident response or related functions.
  • Proven experience leading escalated incidents in complex environments.
  • Proficiency with endpoint and network security telemetry and SIEM tools like Splunk.
  • Strong knowledge of host analysis, cloud environments, and detection engineering.
  • Experience in developing automation via scripting and APIs for security operations.
  • Excellent written and verbal communication skills for technical and non-technical audiences.
  • Integrity in handling sensitive investigations and confidential data.

Responsibilities

  • Lead handling of escalated insider risk incidents and ensure timely execution of investigation strategies.
  • Conduct thorough analysis of security events using telemetry and threat intelligence to determine scope and root cause.
  • Create and tune detection rules to align with evolving threats and reduce false positives.
  • Perform targeted micro-hunts to identify emerging behaviors and create actionable detections.
  • Collaborate with IT stakeholders for incident remediation and recovery across various platforms.
  • Contribute to improving incident response processes and documentation standards.
  • Produce clear updates for leadership and deliver incident reports post-analysis.

Benefits

  • Medical/Dental/Vision coverage
  • 401(k) plan
  • Tuition reimbursement program
  • Generous Paid Time Off and Holidays (at least 23 days of vacation annually)
  • Paid Parental and Caregiver Leave
  • Adoption Reimbursement
  • Short term and long term Disability Benefits
  • Life and Accidental Death Insurance
  • Employee Assistance Programs (EAP)
  • Extensive employee wellness programs
  • Employee discounts on AT&T mobility plans and services.
Full Job Description

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

The Lead Cybersecurity Insider Risk Analyst leads the response to high-priority and escalated cybersecurity incidents, with a focus on insider risk and telemetry-driven detection. This role oversees end-to-end incident handling—including detection, analysis, containment, eradication, recovery, reporting, and prevention—across employees, contractors, and third-party vendors. The position also drives continuous improvement through development of new detection logic, micro-hunts, and the integration of automation and AI-assisted analytics to increase detection fidelity and reduce manual effort. Success in this role requires advanced technical depth, strong operational rigor, and the ability to communicate clearly with both technical teams and executive stakeholders.

Key Roles and Responsibilities

  • Incident leadership:Serve as lead handler for escalated insider risk and cyber incidents;establishinvestigation strategy, ensuretimelyexecution, and drive incident closure.
  • Advanced investigation and triage:Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence todeterminescope, impact, and root cause.
  • Detection engineering and continuous improvement:Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise.
  • Micro-hunts and threat intelligence:Perform targeted hunts to discover emerging behaviors and translate findings into actionable detections, controls, and playbooks.
  • Remediation and containment:Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services.
  • Process and program maturity:Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios.
  • Executive communication:Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries.
  • Mentorship and SME support:Coach and mentor analysts in triage and investigation practices; serve as a subject matter expert across the incident response organization.

Integrations, Automation, and AI-Driven Security Operations

  • Build andmaintainintegrations between multiple enterprise security tools to improve automation, asset inventory accuracy, vulnerability identification, and response workflows.
  • Implement AI-assisted monitoring and analytics to improve correlation, enrichment, prioritization, and triage of alerts; reduce manual effort and improve time to decision.
  • Develop andmaintainrisk-scoring approaches for endpoints and users based on security posture, vulnerabilities, and behavioral signals.
  • Produce trend analyses and operational health reporting (e.g., coverage, agent health, patch/compliance drift, and incident patterns) and translate results into improvement actions.
  • Develop andmaintainautomation via APIs, scripting, and orchestration to support agent deployment/upgrade workflows, compliance checks and remediation, rapid scoping, containment support, targeted remediation, and continuous control validation.

Technical Scope

  • Use case management platforms, endpoint/network telemetry, and threat intelligence sources to investigate, document, and resolve incidents.
  • Apply incident handling methodologies and attack frameworks (e.g., kill chain / MITRE ATT26CK-aligned thinking) to guide response and reporting.
  • Perform in-depth analysis of threats, exploits, vulnerabilities, and malware families;validatehypotheses using host and network evidence.
  • Conduct investigations across Windows, macOS, and Linux environments.
  • Leverage Endpoint Detection and Response (EDR) tooling and cloud security telemetry to scope activity and support containment/remediation actions.
  • Use Splunk and relatedanalytics toolingto query, correlate, and operationalize security data for investigations and reporting.
  • Demonstratestrongunderstanding of enterprise infrastructure and connectivity (e.g., VPN/partner connectivity) and common network protocols.
  • Design, implement, and tune security detections in response to emerging threats and insider risk behaviors.
  • Develop scripts and automation (e.g., Python, PowerShell, Bash) to enrich investigations and streamline operational workflows.
  • Collaborate with partneranalyticand engineering teams to align detections, telemetry, and response actions across the broader security ecosystem.

Required Qualifications

  • 5+ years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function.
  • Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments.
  • Proficiencywith security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling.
  • Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis.
  • Ability to develop ormaintainautomation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations.
  • Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders.
  • Demonstrated integrity and discretion in handling sensitive investigations and confidential data.

Preferred Qualifications

  • Experience with Tanium (or comparable endpoint management/telemetry platforms) and building integrations across enterprise security tools.
  • Experience implementing automation or orchestration in security operations (SOAR, APIs, pipelines, scripted workflows) to accelerate response and improve consistency.
  • Experience applying AI-assisted analytics for alert enrichment, correlation/deduplication, prioritization, and operational reporting.
  • Experience with insider risk programs, user/entity behavior analytics (UEBA), and behavior-based detection strategies.
  • Experience investigating and responding to threats in cloud and SaaS environments.
  • Experience mentoring analysts and contributing to training, playbooks, and tabletop exercise development.
  • Relevant industry certifications (e.g., GCIA, GCIH, GCFA, CISSP, or equivalent) and/or a bachelor27s degree in a related field.


Education/Experience: Bachelor27s degree (BS/BA) desired in Computer Science or Cybersecurity. 5+ years of related experience. Certification is required in some areas.

Supervisor:

No

Our Lead Cybersecurity earns between$141,300-$211,900 USD Annual, not to mention all the other amazing rewards that working at AT26T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

  • Medical/Dental/Vision coverage
  • 401(k) plan
  • Tuition reimbursement program
  • Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
  • Paid Parental Leave
  • Paid Caregiver Leave
  • Additional sick leave beyond what state and local law require may be available but is unprotected
  • Adoption Reimbursement
  • Disability Benefits (short term and long term)
  • Life and Accidental Death Insurance
  • Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
  • Employee Assistance Programs (EAP)
  • Extensive employee wellness programs
  • Employee discounts up to 50% off on eligible AT26T mobility plans and accessories,
  • AT26T internet (and fiber where available) and AT26T phone.

#LI-Onsite 6 Full-time office role-

Ready to join our team? Apply today.

Our Lead Cybersecurity jobs earn between $141,300.00 - $211,900.00 USD Annual. Not to mention all the other amazing rewards that working at AT26T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

  • Medical/Dental/Vision coverage
  • 401(k) plan
  • Tuition reimbursement program
  • Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
  • Paid Parental Leave
  • Paid Caregiver Leave
  • Additional sick leave beyond what state and local law require may be available but is unprotected
  • Adoption Reimbursement
  • Disability Benefits (short term and long term)
  • Life and Accidental Death Insurance
  • Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
  • Employee Assistance Programs (EAP)
  • Extensive employee wellness programs
  • Employee discounts up to 50% off on eligible AT26T mobility plans and accessories, AT26T internet (and fiber where available) and AT26T phone

Weekly Hours:

40

Time Type:

Regular

Location:

USA:NC:Charlotte / Ibm Dr - Adm:8505 Ibm Dr

Salary Range:

$141,300.00 - $211,900.00

About AT&T

Cricket Wireless is a U.S.-based company that offers prepaid wireless voice, text, and data services. Cricket Wireless was founded in 1999 by Leap Wireless International, Inc. Currently, it operates as a subsidiary of AT&T Inc.

AT&T Careers

Joining AT&T means becoming part of a global team known for driving innovation and leading the telecommunications industry. It's an opportunity to grow your career at one of the most diverse and resource-rich companies in the world. Work You'll Do At AT&T, we're not just about phone lines and data plans. We're about connecting people and fostering relationships. As a member of our team, you'll help deliver cutting-edge solutions across various sectors, ensuring that our services are not only available but also transformative. Lead with Innovation Embrace a role at AT&T where technology meets creativity. Our professionals lead the market in developing and deploying technology solutions that transform how people communicate and do business. We are pioneers in creating new paths for technology, with a focus on sustainable and responsible innovation. Join a Diverse and Inclusive Team AT&T is committed to diversity and inclusion, ensuring that all employees can thrive. We are proud to offer diversity training and leadership programs that empower our team members to grow professionally and personally. Our culture is one of inclusivity, where every voice is heard and valued. Explore Job Opportunities Whether you're looking for an entry-level position or a more senior role, AT&T offers a range of job opportunities across various fields. From engineering to marketing, our team is composed of skilled professionals who are leaders in their respective areas. Internship Programs Kickstart your career with an AT&T internship. Gain hands-on experience, work on real projects, and learn from leaders in the industry. Our internships provide a robust platform for learning and growth, helping you build skills that are crucial for future success. Benefits and Growth AT&T is dedicated to the growth and development of its employees. We offer comprehensive benefits, including health care, retirement plans, and continuous professional development opportunities. With resources like career coaching and resume workshops, we support your journey every step of the way. Networking and Professional Development Expand your professional network within AT&T through various networking events, mentorship opportunities, and collaborative projects. Our focus on career development is designed to help you reach your professional goals, enhancing your skills and preparing you for leadership roles. Stay Connected Join Our Team Discover the career you've always wanted by exploring the open positions at AT&T. We are constantly on the lookout for passionate, innovative, and driven individuals to join our team. Check out our current job listings and find where your skills and interests align with our needs. Keep Up to Date Stay informed with the latest career tips, company news, and industry insights—all from the professionals who are part of our team. AT&T is a place where you can make an impact, leading the way in the telecommunications industry. Job Alert Emails Customize your experience by signing up for job alerts that match your career preferences. Stay ahead of the curve and be the first to know about exciting and rewarding opportunities at AT&T. At AT&T, your career is poised for success, equipped with the right tools, culture, and team to make it happen. Join us and be part of a company that values innovation, leadership, and a diverse workforce.
Learn more about AT&T
Size
203,000 employees
Market Cap
$131.2 billion
Industry
Net Income
-$5.1 billion
Founded
1983
5 Year Trend
+0.6%
Revenue
$171.7 billion
NASDAQ

Similar Jobs

More Jobs at AT&T

More Information Technology Jobs

Find similar Lead Cybersecurity – Insider Risk Analyst (Telemetry, Insider Risk Detection, and AI-Driven Security Operations) jobs: