Skip to main content
Technology

Lead Cybersecurity – Insider Risk Analyst (Telemetry, Insider Risk Detection, and AI-Driven Security Operations)

Charlotte, North Carolina

Apply now

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

Join AT&T and help shape the future of communications and technology that connect the world. We value innovators who seek to explore the unknown and challenge the status quo. Bring your bold ideas and fearless spirit to redefine connectivity and transform how people share stories and experiences. At AT&T, you won’t just imagine the future—you’ll build it.

The Lead Cybersecurity Insider Risk Analyst leads the response to high-priority and escalated cybersecurity incidents, with a focus on insider risk and telemetry-driven detection. This role oversees end-to-end incident handling—including detection, analysis, containment, eradication, recovery, reporting, and prevention—across employees, contractors, and third-party vendors. The position also drives continuous improvement through development of new detection logic, micro-hunts, and the integration of automation and AI-assisted analytics to increase detection fidelity and reduce manual effort. Success in this role requires advanced technical depth, strong operational rigor, and the ability to communicate clearly with both technical teams and executive stakeholders. 

Key Roles and Responsibilities 

  • Incident leadership: Serve as lead handler for escalated insider risk and cyber incidents; establish investigation strategy, ensure timely execution, and drive incident closure. 
  • Advanced investigation and triage: Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence to determine scope, impact, and root cause. 
  • Detection engineering and continuous improvement: Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise. 
  • Micro-hunts and threat intelligence: Perform targeted hunts to discover emerging behaviors and translate findings into actionable detections, controls, and playbooks. 
  • Remediation and containment: Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services. 
  • Process and program maturity: Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios. 
  • Executive communication: Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries. 
  • Mentorship and SME support: Coach and mentor analysts in triage and investigation practices; serve as a subject matter expert across the incident response organization. 

Integrations, Automation, and AI-Driven Security Operations 

  • Build and maintain integrations between multiple enterprise security tools to improve automation, asset inventory accuracy, vulnerability identification, and response workflows. 
  • Implement AI-assisted monitoring and analytics to improve correlation, enrichment, prioritization, and triage of alerts; reduce manual effort and improve time to decision. 
  • Develop and maintain risk-scoring approaches for endpoints and users based on security posture, vulnerabilities, and behavioral signals. 
  • Produce trend analyses and operational health reporting (e.g., coverage, agent health, patch/compliance drift, and incident patterns) and translate results into improvement actions. 
  • Develop and maintain automation via APIs, scripting, and orchestration to support agent deployment/upgrade workflows, compliance checks and remediation, rapid scoping, containment support, targeted remediation, and continuous control validation. 

Technical Scope 

  • Use case management platforms, endpoint/network telemetry, and threat intelligence sources to investigate, document, and resolve incidents. 
  • Apply incident handling methodologies and attack frameworks (e.g., kill chain / MITRE ATT&CK-aligned thinking) to guide response and reporting. 
  • Perform in-depth analysis of threats, exploits, vulnerabilities, and malware families; validate hypotheses using host and network evidence. 
  • Conduct investigations across Windows, macOS, and Linux environments. 
  • Leverage Endpoint Detection and Response (EDR) tooling and cloud security telemetry to scope activity and support containment/remediation actions. 
  • Use Splunk and related analytics tooling to query, correlate, and operationalize security data for investigations and reporting. 
  • Demonstrate strong understanding of enterprise infrastructure and connectivity (e.g., VPN/partner connectivity) and common network protocols. 
  • Design, implement, and tune security detections in response to emerging threats and insider risk behaviors. 
  • Develop scripts and automation (e.g., Python, PowerShell, Bash) to enrich investigations and streamline operational workflows. 
  • Collaborate with partner analytic and engineering teams to align detections, telemetry, and response actions across the broader security ecosystem. 

Required Qualifications 

  • 5+ years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function. 
  • Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments. 
  • Proficiency with security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling. 
  • Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis. 
  • Ability to develop or maintain automation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations. 
  • Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders. 
  • Demonstrated integrity and discretion in handling sensitive investigations and confidential data. 

Preferred Qualifications 

  • Experience with Tanium (or comparable endpoint management/telemetry platforms) and building integrations across enterprise security tools. 
  • Experience implementing automation or orchestration in security operations (SOAR, APIs, pipelines, scripted workflows) to accelerate response and improve consistency. 
  • Experience applying AI-assisted analytics for alert enrichment, correlation/deduplication, prioritization, and operational reporting. 
  • Experience with insider risk programs, user/entity behavior analytics (UEBA), and behavior-based detection strategies. 
  • Experience investigating and responding to threats in cloud and SaaS environments. 
  • Experience mentoring analysts and contributing to training, playbooks, and tabletop exercise development. 
  • Relevant industry certifications (e.g., GCIA, GCIH, GCFA, CISSP, or equivalent) and/or a bachelor’s degree in a related field. 


Education/Experience: Bachelor’s degree (BS/BA) desired in Computer Science or Cybersecurity. 5+ years of related experience. Certification is required in some areas.

Supervisor:

No

Our Lead Cybersecurity earns between $141,300-$211,900 USD Annual, not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.  

Joining our team comes with amazing perks and benefits:

  • Medical/Dental/Vision coverage  
  • 401(k) plan  
  • Tuition reimbursement program  
  • Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)  
  • Paid Parental Leave  
  • Paid Caregiver Leave  
  • Additional sick leave beyond what state and local law require may be available but is unprotected  
  • Adoption Reimbursement  
  • Disability Benefits (short term and long term)  
  • Life and Accidental Death Insurance  
  • Supplemental benefit programs: critical illness/accident hospital indemnity/group legal  
  • Employee Assistance Programs (EAP)  
  • Extensive employee wellness programs  
  • Employee discounts up to 50% off on eligible AT&T mobility plans and accessories,
  • AT&T internet (and fiber where available) and AT&T phone.

#LI-Onsite – Full-time office role-

Ready to join our team? Apply today.

Our Lead Cybersecurity jobs earn between $141,300.00 - $211,900.00 USD Annual. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

  • Medical/Dental/Vision coverage
  • 401(k) plan
  • Tuition reimbursement program
  • Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
  • Paid Parental Leave
  • Paid Caregiver Leave
  • Additional sick leave beyond what state and local law require may be available but is unprotected
  • Adoption Reimbursement
  • Disability Benefits (short term and long term)
  • Life and Accidental Death Insurance
  • Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
  • Employee Assistance Programs (EAP)
  • Extensive employee wellness programs
  • Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone

Weekly Hours:

40

Time Type:

Regular

Location:

USA:NC:Charlotte / Ibm Dr - Adm:8505 Ibm Dr

Salary Range:

$141,300.00 - $211,900.00

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.

Job ID R-113755 Date posted 07/09/2026
Apply now

Benefits

Your needs? Met. Your wants? Considered. Take a look at our comprehensive benefits.

  • Paid Time Off
  • Tuition Assistance
  • Medical and dental plans
  • Discounts
  • Training & Development

Learn more about benefits

Our hiring process

Apply Now

Confirm your qualifications align with the job requirements and submit your application.

Assessments

You may be required to complete one or more assessments, depending on the role.

Interview

Get ready to put your best foot forward! More than one interview may be necessary.

Conditional Job Offer

We’ll reach out to discuss a conditional job offer and the next steps to joining the team.

Background Check

Timing is important – complete the necessary actions to proceed with onboarding.

Welcome to the Team!

Congratulations! It’s time to experience #LifeAtATT.

Check your email (and SPAM) throughout the process for important messages and next steps.

Join our talent network

Didn’t find what you were looking for here? Sign up for our job alerts and get the latest AT&T news.

Sign up for the talent network

Don't Miss Out

Join our Talent Network to be the first to know about new job openings, special announcements and behind-the-scenes information.

Skip, I’d rather go straight to the application

AT&T Info and Alerts. Max 12 messages/month Privacy Policy (opens in new window). You may opt-out at anytime by sending STOP to short code 20013. Msg & data rates may apply.

By submitting your information, you acknowledge that you have read our privacy policy (opens in new window) and consent to receive email communication from AT&T for our U.S. Talent Network.