This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.
The Lead Cybersecurity Insider Risk Analyst leads the response to high-priority and escalated cybersecurity incidents, with a focus on insider risk and telemetry-driven detection. This role oversees end-to-end incident handling—including detection, analysis, containment, eradication, recovery, reporting, and prevention—across employees, contractors, and third-party vendors. The position also drives continuous improvement through development of new detection logic, micro-hunts, and the integration of automation and AI-assisted analytics to increase detection fidelity and reduce manual effort. Success in this role requires advanced technical depth, strong operational rigor, and the ability to communicate clearly with both technical teams and executive stakeholders.
Key Roles and Responsibilities
- Incident leadership:Serve as lead handler for escalated insider risk and cyber incidents;establishinvestigation strategy, ensuretimelyexecution, and drive incident closure.
- Advanced investigation and triage:Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence todeterminescope, impact, and root cause.
- Detection engineering and continuous improvement:Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise.
- Micro-hunts and threat intelligence:Perform targeted hunts to discover emerging behaviors and translate findings into actionable detections, controls, and playbooks.
- Remediation and containment:Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services.
- Process and program maturity:Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios.
- Executive communication:Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries.
- Mentorship and SME support:Coach and mentor analysts in triage and investigation practices; serve as a subject matter expert across the incident response organization.
Integrations, Automation, and AI-Driven Security Operations
- Build andmaintainintegrations between multiple enterprise security tools to improve automation, asset inventory accuracy, vulnerability identification, and response workflows.
- Implement AI-assisted monitoring and analytics to improve correlation, enrichment, prioritization, and triage of alerts; reduce manual effort and improve time to decision.
- Develop andmaintainrisk-scoring approaches for endpoints and users based on security posture, vulnerabilities, and behavioral signals.
- Produce trend analyses and operational health reporting (e.g., coverage, agent health, patch/compliance drift, and incident patterns) and translate results into improvement actions.
- Develop andmaintainautomation via APIs, scripting, and orchestration to support agent deployment/upgrade workflows, compliance checks and remediation, rapid scoping, containment support, targeted remediation, and continuous control validation.
Technical Scope
- Use case management platforms, endpoint/network telemetry, and threat intelligence sources to investigate, document, and resolve incidents.
- Apply incident handling methodologies and attack frameworks (e.g., kill chain / MITRE ATT26CK-aligned thinking) to guide response and reporting.
- Perform in-depth analysis of threats, exploits, vulnerabilities, and malware families;validatehypotheses using host and network evidence.
- Conduct investigations across Windows, macOS, and Linux environments.
- Leverage Endpoint Detection and Response (EDR) tooling and cloud security telemetry to scope activity and support containment/remediation actions.
- Use Splunk and relatedanalytics toolingto query, correlate, and operationalize security data for investigations and reporting.
- Demonstratestrongunderstanding of enterprise infrastructure and connectivity (e.g., VPN/partner connectivity) and common network protocols.
- Design, implement, and tune security detections in response to emerging threats and insider risk behaviors.
- Develop scripts and automation (e.g., Python, PowerShell, Bash) to enrich investigations and streamline operational workflows.
- Collaborate with partneranalyticand engineering teams to align detections, telemetry, and response actions across the broader security ecosystem.
Required Qualifications
- 5+ years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function.
- Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments.
- Proficiencywith security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling.
- Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis.
- Ability to develop ormaintainautomation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations.
- Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders.
- Demonstrated integrity and discretion in handling sensitive investigations and confidential data.
Preferred Qualifications
- Experience with Tanium (or comparable endpoint management/telemetry platforms) and building integrations across enterprise security tools.
- Experience implementing automation or orchestration in security operations (SOAR, APIs, pipelines, scripted workflows) to accelerate response and improve consistency.
- Experience applying AI-assisted analytics for alert enrichment, correlation/deduplication, prioritization, and operational reporting.
- Experience with insider risk programs, user/entity behavior analytics (UEBA), and behavior-based detection strategies.
- Experience investigating and responding to threats in cloud and SaaS environments.
- Experience mentoring analysts and contributing to training, playbooks, and tabletop exercise development.
- Relevant industry certifications (e.g., GCIA, GCIH, GCFA, CISSP, or equivalent) and/or a bachelor27s degree in a related field.
Education/Experience: Bachelor27s degree (BS/BA) desired in Computer Science or Cybersecurity. 5+ years of related experience. Certification is required in some areas.
Supervisor:
No
Our Lead Cybersecurity earns between$141,300-$211,900 USD Annual, not to mention all the other amazing rewards that working at AT26T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.
Joining our team comes with amazing perks and benefits:
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT26T mobility plans and accessories,
- AT26T internet (and fiber where available) and AT26T phone.
#LI-Onsite 6 Full-time office role-
Ready to join our team? Apply today.
Our Lead Cybersecurity jobs earn between $141,300.00 - $211,900.00 USD Annual. Not to mention all the other amazing rewards that working at AT26T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.
Joining our team comes with amazing perks and benefits:
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT26T mobility plans and accessories, AT26T internet (and fiber where available) and AT26T phone
Weekly Hours:
40
Time Type:
Regular
Location:
USA:NC:Charlotte / Ibm Dr - Adm:8505 Ibm Dr
Salary Range:
$141,300.00 - $211,900.00