Lead Cybersecurity - Network Threat Analyst

AT&T AT&T · Telecom · Charlotte, NC

This role focuses on developing and operationalizing AI-assisted threat analysis workflows within cybersecurity. The analyst will perform deep technical analysis of network threats, use intelligence sources, configure monitoring systems, and recommend remediation. A key part of the role involves creating and integrating AI tools for tasks like enrichment, clustering, summarization, and triage, while also evaluating AI outputs for accuracy and bias, and defining quality metrics for AI-assisted analysis. The role requires collaboration with data science and platform teams to onboard new AI capabilities and provide guidance on AI usage.

What you'd actually do

  1. Develop, test, and operationalize AI-assisted threat analysis workflows (e.g., enrichment, clustering, summarization, and triage) to improve speed and consistency of investigations.
  2. Evaluate and validate AI outputs for accuracy, bias, and security relevance; apply human-in-the-loop review and document decision rationale for key analytical judgments.
  3. Perform deep technical analysis of suspicious network activity using internal network collection platforms, including but not limited to flow analysis, packet analysis, review of metadata and intelligence sources.
  4. Configure and optimize internal and external threat monitoring systems to increase AT&T's intelligence holdings to maintain a high standard of quality for network cyber indicators.
  5. Create and maintain reusable prompts, playbooks, and automation scripts that integrate AI with existing detection, telemetry, and case-management workflows.

Skills

Required

  • Deep technical analysis of suspicious network activity
  • Network analysis tools and techniques (flow analysis, packet analysis)
  • Proprietary and open-source intelligence sources analysis
  • Configure and optimize threat monitoring systems
  • Identify and implement new analysis techniques
  • Detect network threats beyond common tools
  • Reduce False Positive or False Negative detections
  • Improve detection logic
  • Implement new automation solutions
  • Create detailed and accurate reports and professional briefings
  • Recommend and oversee implementation of technical requirements
  • Develop, test, and operationalize AI-assisted threat analysis workflows
  • Evaluate and validate AI outputs for accuracy, bias, and security relevance
  • Use AI tools in alignment with enterprise security, privacy, and data-handling requirements
  • Create and maintain reusable prompts, playbooks, and automation scripts
  • Define and track quality metrics for AI-assisted analysis
  • Partner with detection engineering, data science, and platform teams
  • Provide guidance to analysts on effective and responsible use of AI
  • Common cybersecurity concepts, tools, and frameworks (NIST, MITRE ATT&CK, SIEM, IDS/IPS)
  • Common network threats, attack methods and techniques
  • Common network concepts, technologies, controls, and protocols
  • Cyber-attack stages
  • Network analysis tools/technologies (Wireshark, Netwitness, SNORT, SURICATA, ZEEK, PCAP, NETFLOW)
  • Programming or scripting languages (Python, PowerShell)
  • Investigative tools and techniques
  • Identify network threats and create detective measures and IOCs
  • Identify patterns and trends in data
  • Identify False Positives and False Negatives
  • Use and configure threat intelligence platforms and tools (MISP, ThreatQ, OpenCTI)
  • Stay current with the latest developments in cybersecurity and threat intelligence
  • Work independently and collaboratively
  • Use Windows and Linux
  • Use Open-Source Research Techniques
  • Adhere to established rules, regulations, conventions, and information protection requirements
  • Apply feedback to future work products
  • Effectively communicate complex information

Nice to have

  • Relevant cybersecurity certifications (CISSP, Security+, CEH)
  • Ability to qualify for a TS/SCI security clearance

What the JD emphasized

  • AI-assisted threat analysis workflows
  • Evaluate and validate AI outputs
  • Define and track quality metrics for AI-assisted analysis
  • Use AI tools in alignment with enterprise security, privacy, and data-handling requirements

Other signals

  • Develop, test, and operationalize AI-assisted threat analysis workflows
  • Evaluate and validate AI outputs for accuracy, bias, and security relevance
  • Define and track quality metrics for AI-assisted analysis