att
att1d ago
New
USD 141300-211900/yr

Lead Cybersecurity – Insider Risk Analyst (Telemetry, Insider Risk Detection, and AI-Driven Security Operations)

Usa:nc:charlotte / Ibm Dr - Adm:8505 Ibm Drlead
Risk AnalystData & AI
0 views0 saves0 applied

Quick Summary

Key Responsibilities

Serve as lead handler for escalated insider risk and cyber incidents; establish investigation strategy, ensure timely execution, and drive incident closure.

Technical Tools
Risk AnalystData & AI

Join AT&T and help shape the future of communications and technology that connect the world. We value innovators who seek to explore the unknown and challenge the status quo. Bring your bold ideas and fearless spirit to redefine connectivity and transform how people share stories and experiences. At AT&T, you won’t just imagine the future—you’ll build it.

The Lead Cybersecurity Insider Risk Analyst leads the response to high-priority and escalated cybersecurity incidents, with a focus on insider risk and telemetry-driven detection. This role oversees end-to-end incident handling—including detection, analysis, containment, eradication, recovery, reporting, and prevention—across employees, contractors, and third-party vendors. The position also drives continuous improvement through development of new detection logic, micro-hunts, and the integration of automation and AI-assisted analytics to increase detection fidelity and reduce manual effort. Success in this role requires advanced technical depth, strong operational rigor, and the ability to communicate clearly with both technical teams and executive stakeholders. 

Key Roles and Responsibilities 

  • Incident leadership: Serve as lead handler for escalated insider risk and cyber incidents; establish investigation strategy, ensure timely execution, and drive incident closure. 
  • Advanced investigation and triage: Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence to determine scope, impact, and root cause. 
  • Detection engineering and continuous improvement: Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise. 
  • Micro-hunts and threat intelligence: Perform targeted hunts to discover emerging behaviors and translate findings into actionable detections, controls, and playbooks. 
  • Remediation and containment: Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services. 
  • Process and program maturity: Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios. 
  • Executive communication: Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries. 
  • Mentorship and SME support: Coach and mentor analysts in triage and investigation practices; serve as a subject matter expert across the incident response organization. 

  

Integrations, Automation, and AI-Driven Security Operations 

  • Build and maintain integrations between multiple enterprise security tools to improve automation, asset inventory accuracy, vulnerability identification, and response workflows. 
  • Implement AI-assisted monitoring and analytics to improve correlation, enrichment, prioritization, and triage of alerts; reduce manual effort and improve time to decision. 
  • Develop and maintain risk-scoring approaches for endpoints and users based on security posture, vulnerabilities, and behavioral signals. 
  • Produce trend analyses and operational health reporting (e.g., coverage, agent health, patch/compliance drift, and incident patterns) and translate results into improvement actions. 
  • Develop and maintain automation via APIs, scripting, and orchestration to support agent deployment/upgrade workflows, compliance checks and remediation, rapid scoping, containment support, targeted remediation, and continuous control validation. 

Technical Scope 

  • Use case management platforms, endpoint/network telemetry, and threat intelligence sources to investigate, document, and resolve incidents. 
  • Apply incident handling methodologies and attack frameworks (e.g., kill chain / MITRE ATT&CK-aligned thinking) to guide response and reporting. 
  • Perform in-depth analysis of threats, exploits, vulnerabilities, and malware families; validate hypotheses using host and network evidence. 
  • Conduct investigations across Windows, macOS, and Linux environments. 
  • Leverage Endpoint Detection and Response (EDR) tooling and cloud security telemetry to scope activity and support containment/remediation actions. 
  • Use Splunk and related analytics tooling to query, correlate, and operationalize security data for investigations and reporting. 
  • Demonstrate strong understanding of enterprise infrastructure and connectivity (e.g., VPN/partner connectivity) and common network protocols. 
  • Design, implement, and tune security detections in response to emerging threats and insider risk behaviors. 
  • Develop scripts and automation (e.g., Python, PowerShell, Bash) to enrich investigations and streamline operational workflows. 
  • Collaborate with partner analytic and engineering teams to align detections, telemetry, and response actions across the broader security ecosystem. 

  

Required Qualifications 

  • 5+ years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function. 
  • Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments. 
  • Proficiency with security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling. 
  • Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis. 
  • Ability to develop or maintain automation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations. 
  • Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders. 
  • Demonstrated integrity and discretion in handling sensitive investigations and confidential data. 

Preferred Qualifications 

  • Experience with Tanium (or comparable endpoint management/telemetry platforms) and building integrations across enterprise security tools. 
  • Experience implementing automation or orchestration in security operations (SOAR, APIs, pipelines, scripted workflows) to accelerate response and improve consistency. 
  • Experience applying AI-assisted analytics for alert enrichment, correlation/deduplication, prioritization, and operational reporting. 
  • Experience with insider risk programs, user/entity behavior analytics (UEBA), and behavior-based detection strategies. 
  • Experience investigating and responding to threats in cloud and SaaS environments. 
  • Experience mentoring analysts and contributing to training, playbooks, and tabletop exercise development. 
  • Relevant industry certifications (e.g., GCIA, GCIH, GCFA, CISSP, or equivalent) and/or a bachelor’s degree in a related field. 

No

Our Lead Cybersecurity earns between $141,300-$211,900 USD Annual, not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.  

What We Offer

~2 min read
Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories,
AT&T internet (and fiber where available) and AT&T phone.
Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone
40

Regular

USA:NC:Charlotte / Ibm Dr - Adm:8505 Ibm Dr

$141,300.00 - $211,900.00

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.

Location & Eligibility

Where is the job
Usa:nc:charlotte / Ibm Dr - Adm:8505 Ibm Dr
On-site at the office
Who can apply
Same as job location

Listing Details

Posted
July 9, 2026
First seen
July 10, 2026
Last seen
July 10, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
51%
Scored at
July 10, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

attLead Cybersecurity – Insider Risk Analyst (Telemetry, Insider Risk Detection, and AI-Driven Security Operations)USD 141300-211900