Investigate and research cyber threats using network analysis tools and techniques.
Derive actionable threat intelligence and provide analytical support to the Chief Security Office Cyber Operations organization.
Perform deep technical analysis of suspicious network activity using internal network collection platforms, including but not limited to flow analysis, packet analysis, review of metadata and intelligence sources.
Use proprietary and open-source intelligence sources to analyze and interpret network telemetry, produce informative products, briefs, reports, and indicators of compromise.
Configure and optimize internal and external threat monitoring systems to increase AT&T's intelligence holdings to maintain a high standard of quality for network cyber indicators.
Document findings and recommend remediation action to a team of highly technical professionals with expertise in cybersecurity, threat intelligence, threat detection, networking, log, malware, and vulnerability analysis.
Identify and implement new analysis techniques, beyond those currently available.
Detect network threats beyond the capabilities of common tools.
Reduce the risk of False Positive or False Negative detections and improve detection logic for advanced and targeted threats that are missed by existing tools and controls.
Implement new automation solutions to improve workflow efficiency.
Create detailed and accurate reports and professional briefings documenting findings to share with a variety of audiences.
Recommend and oversee implementation of technical requirements to ensure platform meets analysis needs.
Develop, test, and operationalize AI-assisted threat analysis workflows (e.g., enrichment, clustering, summarization, and triage) to improve speed and consistency of investigations.
Evaluate and validate AI outputs for accuracy, bias, and security relevance; apply human-in-the-loop review and document decision rationale for key analytical judgments.
Use AI tools in alignment with enterprise security, privacy, and data-handling requirements; ensure sensitive data is protected and only approved tools and datasets are used.
Create and maintain reusable prompts, playbooks, and automation scripts that integrate AI with existing detection, telemetry, and case-management workflows.
Define and track quality metrics for AI-assisted analysis (e.g., precision/recall impact, time-to-triage, false positive reduction) and iterate based on outcomes.
Partner with detection engineering, data science, and platform teams to onboard new AI capabilities, test changes safely, and transition prototypes into repeatable operations.
Provide guidance to analysts on effective and responsible use of AI during investigations, including limitations, verification steps, and escalation paths.
Requirements
Bachelor's degree in computer science, cybersecurity, information technology, or a related field.
5+ years of experience in cybersecurity, threat intelligence, networking or a related field.
Demonstrated Knowledge or use of: Common cybersecurity concepts, tools, and frameworks (e.g., NIST, MITRE ATT&CK, SIEM, IDS/IPS, etc.)
Common network threats, attack methods and techniques (DDoS, brute force, spoofing, MITM, etc.)
Common network concepts, technologies, controls, and protocols (e.g. IDS/IPS/Routing/VPN/ICMP/BGP/UDP/TCP/SSL/HTTP/SMTP, etc.)
Programming or scripting languages (e.g., Python, PowerShell, or equivalent)
Investigative tools and techniques.
Demonstrated ability to: Identify network threats and create detective measures and IOCs.
Identify patterns and trends in data with strong analytical and problem-solving skills.
Identify False Positives and False Negatives.
Use and configure threat intelligence platforms and tools (e.g., MISP, ThreatQ, OpenCTI or equivalent).
Stay current with the latest developments in cybersecurity and threat intelligence.
Work independently and collaboratively in a fast-paced & dynamic environment.
Use Windows and Linux.
Use Open-Source Research Techniques to discover related threats.
Adhere to established rules, regulations, conventions, and information protection requirements with a demonstrated sense of responsibility and ethics.
Apply feedback to future work products.
Effectively communicate to convey complex information in a clear and concise manner in both written and oral formats.
Use AI tools, analysis techniques, and technologies and expertly apply them to network threat analysis, including validating outputs and documenting methodology.
Desired: Relevant cybersecurity certifications (e.g., CISSP, Security+, CEH, or equivalent)
Ability to qualify for a TS/SCI security clearance.
Tech Stack
Cyber Security
Linux
Python
SMTP
TypeScript
Benefits
Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected