Lead Cybersecurity

Job Description:

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

Join AT&T and help shape the future of communications and technology that connect the world. We value innovators who seek to explore the unknown and challenge the status quo. Bring your bold ideas and fearless spirit to redefine connectivity and transform how people share stories and experiences. At AT&T, you won't just imagine the future—you'll build it.

The Lead Cybersecurity Insider Risk Analyst is responsible for leading the response to high-priority and escalated cybersecurity incidents, overseeing the detection, analysis, response, reporting, and prevention of threats across AT&T employees, contractors and third-party vendors.  This senior analyst proactively drives the creation and deployment of new detection rules, adapting to active threats and evolving suspicious behaviors. The role requires a high degree of organization, advanced technical acumen, and the ability to manage complex incidents, mentor team members, and communicate effectively with both executive leadership and business units. The ideal candidate will excel in incident response leadership, technical investigation, and continuous improvement of security operations.

General Responsibilities

The Lead Cybersecurity Insider Risk Analyst leads escalated incident management as the primary investigator and incident handler, ensuring all tasks are executed efficiently and thoroughly. This role plays a key part in developing incident response processes, driving remediation, contributing to threat intelligence, and providing executive-level communication. The analyst also supports tabletop exercises and serves as a mentor and subject matter expert across the cybersecurity team.

Core Responsibilities

• Manage all cases as Lead Handler for escalated cybersecurity incidents.
• Oversee all tasks related to escalated cases as Lead Investigator.
• Investigate all escalated security events, ensuring comprehensive analysis and response.
• Assist with "Micro-hunts" to discover, analyze, and report on actionable threat intelligence.
• Support the development and continuous improvement of incident response processes.
• Drive remediation efforts for all cybersecurity incidents assigned to the team.
• Perform skilled triage of threats using advanced technical and business knowledge.
• Mentor team members in triage, leveraging business knowledge and incident response frameworks.
• Assist with scenario development for tabletop exercises across the Incident Response team.
• Document and communicate findings and after-action reports in formats required by leadership.
• Function as a mentor and subject matter expert to other Incident Responders.
• Serve as a scribe when requested, maintaining accurate records of incidents.
• Provide executive-level communications to leadership and stakeholders.

Technical Responsibilities

• Utilize case management tools, host/network analysis, and threat intelligence platforms for incident response.
• Apply strong knowledge in incident handling processes, lifecycle, and attack frameworks.
• Conduct in-depth analysis of threats, exploits, vulnerabilities, and malware families.
• Perform investigations across Windows, OSX, and Lenox operating systems.
• Leverage Endpoint Detection and Response (EDR) technologies and conduct cloud security analysis.
• Use SPLUNK and other analytics tools for advanced investigations and reporting.
• Understand company infrastructure, including VPNs, AVPNs, and business partner connectivity.
• Demonstrate expert familiarity with networking, internet communication methods, and general computing protocols.
• Design and implement new security detection methods in response to emerging threats.
• Collaborate with other Threat Analytic teams, understanding their functions and interactions.
• Mentor team members in skilled triage and advanced practices.
• Generate reports and documentation related to incident response activities.
• Maintain knowledge of SaaS services, mobility threats, and security in cloud environments.
• Exhibit strong understanding of scripting languages (e.g., Python, PowerShell, Bash) for automation and analysis.
• Assist with algorithm development and advanced threat intelligence analysis.

Technical Skills

• Working knowledge of at least four of the following: incident management technologies, OS hardening, cloud environments, host analysis, network forensics, malware reversing, intrusion detection, anomaly detection, threat research, threat intelligence, security alert design, data analysis.
• Strong knowledge of incident handling, lifecycle, and attack frameworks.
• Advanced proficiency in incident response, triage, and remediation.
• Expertise in host and network analysis, EDR technologies, and SPLUNK.
• Good understanding of cloud security analysis, internet-based threats, and SaaS services.
• Strong familiarity with company infrastructure (VPNs/AVPNs), mobility threats, and networking.
• Expert familiarity with general computing protocols and malware/network attack vectors.
• Experience designing and implementing security detection methods.
• Understanding of scripting languages for automation and analysis.
• Ability to mentor and train others at a senior level.

Soft Skills & Traits

• Excellent analytical and problem-solving skills, with the ability to perform core root cause analysis.
• Quick learner, able to absorb and teach new technologies and concepts.
• Highly effective collaborator, especially in remote or distributed teams.
• Excels in business communication methods and general soft skills.
• Strong understanding of the business, its entities, and how cybersecurity impacts the broader organization.
• Professional integrity and discretion in handling sensitive information.
• Commitment to continuous learning and staying current with emerging cybersecurity threats and best practices.

Education/Experience:

Bachelor's degree (BS/BA) desired in Computer Science or Cybersecurity. 5+ years of related experience. Certification is required in some areas.

Our Lead Cybersecurity earns between $128,400-$192,600 USD Annual, not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.  

Joining our team comes with amazing perks and benefits:

• Medical/Dental/Vision coverage  
• 401(k) plan  
• Tuition reimbursement program  
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)  
• Paid Parental Leave  
• Paid Caregiver Leave  
• Additional sick leave beyond what state and local law require may be available but is unprotected  
• Adoption Reimbursement  
• Disability Benefits (short term and long term)  
• Life and Accidental Death Insurance  
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal  
• Employee Assistance Programs (EAP)  
• Extensive employee wellness programs  
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories,
• AT&T internet (and fiber where available) and AT&T phone.

#LI-Onsite – Full-time office role-

Ready to join our team? Apply today.

Weekly Hours:

Time Type:

Location:

Salary Range:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.