What you'd actually do

Set and drive the AI/ML + Automation strategy and multi-quarter roadmap for Cyber Threat Analytics, aligning outcomes to a centralized logging & monitoring environment, autonomous monitoring, and rapid response objectives.

Own delivery of advanced threat analytics capabilities by developing and operationalizing AI/ML approaches that improve detection of sophisticated threats and measurably reduce analyst burden (through automation and higher-fidelity analytics).

Lead production-grade ML/DL pipeline deployment for prioritized threat use-cases (e.g., botnet detection, IPv6 scan detection, and malicious activity in encrypted traffic), ensuring repeatable model training, daily/continuous execution at scale, and sustained detection performance.

Direct automation and orchestration programs that turn detections into action—driving complex automations and orchestrations for threat detection and rapid response, including playbook-centric execution and operational workflow integration.

Operationalize AI-enabled investigation/assistant capabilities to accelerate triage and investigation, leveraging agent/assistant patterns that can plan and execute multi-step investigative tasks and return validated outputs quickly.

Skills

Required

10+ years of relevant experience or equivalent combination of education and work experience.
Demonstrated foundational experience working with associated agile and various reporting technologies (e.g. JIRA, MS Project, MS PowerPoint, PowerBI).
Expert level understanding of security logs and the ability to rapidly search, report, and troubleshoot within various datasets.
Strong understanding of compliance, controls, risk, change management, and CI/CD pipelines.
Expert understanding of Cloud architecture & technologies
Excellent analytical, problem-solving, organizational, and communication skills.

Nice to have

Master's degree (MS/MA) desired in Computer Science or Cybersecurity.

What the JD emphasized

AI/ML + Automation strategy

production-grade ML/DL pipeline deployment

AI/ML approaches

automation and orchestration programs

AI-enabled investigation/assistant capabilities

agent/assistant patterns

AI/ML analytics enablement

AI/ML and automation at scale

engineering rigor for AI/ML

model risk + operational risk governance for AI/ML-driven detections

AI/ML-driven detections

AI/ML and security concepts

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

Join AT&T and help shape the future of communications and technology that connect the world. We value innovators who seek to explore the unknown and challenge the status quo. Bring your bold ideas and fearless spirit to redefine connectivity and transform how people share stories and experiences. At AT&T, you won’t just imagine the future—you’ll build it.

This Director will be responsible for leading the technical management, creation, and delivery of Cyber Threat Analytical platforms and programs. This position will be part of a team of developers and engineers supporting multiple applications leveraging an agile environment while serving as an SME related to our cybersecurity logging and monitoring environments within AT&T. The candidate will also lead day-to-day tasks leveraging JIRA, automated metrics, reports, and providing program updates directly to senior leadership.

Responsibilities include, but are not limited to:

Set and drive the AI/ML + Automation strategy and multi-quarter roadmap for Cyber Threat Analytics, aligning outcomes to a centralized logging & monitoring environment, autonomous monitoring, and rapid response objectives.
Own delivery of advanced threat analytics capabilities by developing and operationalizing AI/ML approaches that improve detection of sophisticated threats and measurably reduce analyst burden (through automation and higher-fidelity analytics).
Lead production-grade ML/DL pipeline deployment for prioritized threat use-cases (e.g., botnet detection, IPv6 scan detection, and malicious activity in encrypted traffic), ensuring repeatable model training, daily/continuous execution at scale, and sustained detection performance.
Direct automation and orchestration programs that turn detections into action—driving complex automations and orchestrations for threat detection and rapid response, including playbook-centric execution and operational workflow integration.
Operationalize AI-enabled investigation/assistant capabilities to accelerate triage and investigation, leveraging agent/assistant patterns that can plan and execute multi-step investigative tasks and return validated outputs quickly.
Drive platform-native AI/ML analytics enablement in Cortex XSIAM (e.g., notebook-based analysis and anomaly identification feedback loops), ensuring the team can analyze, visualize, and productionize insights back into operations.
Partner across the telemetry pipeline ecosystem (e.g., ingestion, normalization, routing, and cost optimization efforts) to ensure end-to-end data availability and quality required for AI/ML and automation at scale, including continued advancement of critical feeds and integrations.
Establish and enforce engineering rigor for AI/ML in cyber operations: standards for secure SDLC, automation/scripting practices, testing/lab validation, promotion to production, and safe change management for detection + automation content.
Own model risk + operational risk governance for AI/ML-driven detections: monitoring for drift/quality regressions, controlling false positives, ensuring explainability where needed, and aligning to cybersecurity AI risk management expectations.
Lead day-to-day execution across a portfolio of initiatives (AI/ML, automations, investigations, integrations), balancing delivery, BAU support, and continuous improvement while meeting tight deadlines and operational urgency.
Provide people leadership for a multi-disciplinary team (ML engineers, data scientists, automation engineers, detection/analytics engineers): hiring, mentoring, performance management, skills development, and creating a high-ownership culture.
Run a cross-geo operating model (US + India) that sustains engineering throughput and operational coverage, including flexibility to support US morning hours and weekend coverage where required by mission needs.
Maintain continuous awareness of the evolving threat landscape and translate emerging threat patterns into backlog priorities for new detections, models, and automations (including proactive research and forward-looking planning).
Executive stakeholder management and communication: communicate complex AI/ML and security concepts clearly to technical and non-technical stakeholders; provide SME guidance, decision support, and concise leadership reporting.
Own the “automation-to-integration” expansion path by driving adoption of out-of-the-box integrations where possible and prioritizing custom build where necessary, using a clear inventory-based approach to accelerate time-to-value.

Required Skills:

10+ years of relevant experience or equivalent combination of education and work experience.
Demonstrated foundational experience working with associated agile and various reporting technologies (e.g. JIRA, MS Project, MS PowerPoint, PowerBI).
Expert level understanding of security logs and the ability to rapidly search, report, and troubleshoot within various datasets.
Strong understanding of compliance, controls, risk, change management, and CI/CD pipelines.
Expert understanding of Cloud architecture & technologies
Excellent analytical, problem-solving, organizational, and communication skills.

Education/Experience: Master's degree (MS/MA) desired in Computer Science or Cybersecurity. 10+ years of related experience.

Supervisor:

Yes

Our Director Cybersecurity earns between $188,100-$282,100 USD Annual, not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories,
AT&T internet (and fiber where available) and AT&T phone.

#LI-Onsite – Full-time office role-

Ready to join our team? Apply today.

Weekly Hours:

Time Type:

Regular

Location:

USA:NC:Charlotte / Ibm Dr - Adm:8505 Ibm Dr

**Salary Range: **

$188,100.00 - $282,100.00

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.