Lead Cybersecurity - Insider Risk Engineer

AT&T AT&T · Telecom · Charlotte, NC

The Lead Cybersecurity - Insider Risk Engineer role at AT&T focuses on building and deploying AI-enabled solutions to enhance security operations. This involves developing AI/ML and GenAI components, including data preparation, prompt and workflow design, evaluation, and lightweight model development. The role supports moving prototypes into production services, focusing on use cases like text classification, summarization, routing, search, Q&A, and extraction. Key responsibilities include creating and iterating on LLM prompts, RAG patterns, implementing evaluation methods for AI outputs, and supporting the model lifecycle. The role also involves integrating AI components into existing applications and collaborating with stakeholders on success metrics and guardrails.

What you'd actually do

  1. Build AI prototypes and small services that solve defined problems (e.g., text classification, summarization, routing, search, Q&A, extraction).
  2. Develop and maintain data pipelines for AI use cases (collect, clean, label, transform) using approved data sources.
  3. Create and iterate on LLM prompts, agent/workflow logic, and retrieval-augmented generation (RAG) patterns for internal knowledge use cases.
  4. Implement evaluation methods for AI outputs (quality, groundedness, hallucination checks, latency, cost) and report results.
  5. Support model lifecycle tasks: experiment tracking, versioning, basic MLOps (packaging, deployment, monitoring).

Skills

Required

  • Python
  • Data structures
  • APIs
  • Software engineering practices (testing, code reviews, Git)
  • Data handling with pandas/SQL
  • ML basics (train/test splits, overfitting, common metrics)
  • LLM application patterns
  • AI/ML framework or platform (PyTorch, TensorFlow, scikit-learn, or common LLM tooling)
  • Documentation writing
  • Communication of tradeoffs (quality vs cost vs latency)

Nice to have

  • GenAI application development patterns
  • RAG (embeddings, vector databases, chunking strategies)
  • Prompt engineering and prompt versioning
  • Tool/function calling and agentic workflows
  • Output evaluation and red-teaming basics (prompt injection awareness, safety filters)
  • MLOps concepts: CI/CD for ML, model registry, feature stores, monitoring drift
  • Cloud services (AWS/Azure/GCP)
  • Containerization (Docker)
  • Privacy/security fundamentals for AI systems
  • Partnering with or supporting a SOC
  • SIEM/EDR concepts and data
  • Threat intelligence & IOC handling
  • Incident response lifecycle and case management processes
  • Secure software practices

What the JD emphasized

  • 0–2 years of experience
  • Strong fundamentals in Python
  • Working knowledge of: Data structures, APIs, and basic software engineering practices (testing, code reviews, Git)
  • Working knowledge of: Data handling with pandas/SQL
  • Working knowledge of: ML basics (train/test splits, overfitting, common metrics) and/or LLM application patterns
  • Familiarity with at least one AI/ML framework or platform (coursework/labs acceptable): PyTorch, TensorFlow, scikit-learn, or common LLM tooling.
  • Ability to write clear documentation and communicate tradeoffs (quality vs cost vs latency).
  • Experience with GenAI application development patterns
  • RAG (embeddings, vector databases, chunking strategies)
  • Prompt engineering and prompt versioning
  • Tool/function calling and agentic workflows
  • Output evaluation and red-teaming basics (prompt injection awareness, safety filters)
  • Exposure to MLOps concepts: CI/CD for ML, model registry, feature stores, monitoring drift.
  • Experience with cloud services (any of AWS/Azure/GCP) and containerization (Docker).
  • Basic understanding of privacy/security fundamentals for AI systems (data handling, access controls, logging).
  • Experience partnering with or supporting a SOC
  • Familiarity with SIEM/EDR concepts and data
  • Exposure to threat intelligence & IOC handling
  • Working knowledge of incident response lifecycle and case management processes
  • Awareness of secure software practices (secrets management, least privilege, dependency hygiene) when building and deploying AI services.

Other signals

  • AI-enabled solutions
  • AI/ML and GenAI components
  • prototypes into reliable services
  • LLM prompts, agent/workflow logic, and RAG patterns
  • evaluation methods for AI outputs
  • model lifecycle tasks
  • integrating AI components into existing applications