Lead Cybersecurity
About The Position
This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered. Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it. Lead Cybersecurity Analyst providing technical and operational leadership for a 24x7 SOC team, ensuring consistent execution of monitoring, triage, incident response, and escalation processes. This role sets and enforces operational standards, coordinates shift activities, delegates administrative and operational tasks, and serves as the primary interface between the SOC and senior leadership as well as cross-functional business units. The Lead Analyst drives continuous improvement across people, process, and technology to strengthen detection, response, and reporting outcomes.
Requirements
- 5+ years of cybersecurity operations experience, including SOC monitoring and incident response.
- 1–2+ years in a lead/shift-lead role with demonstrated operational leadership.
- Hands-on experience with SIEM/SOAR and alert triage workflows; ability to guide investigations end-to-end.
- Strong understanding of incident response lifecycle, log analysis, and attacker techniques (e.g., MITRE ATT&CK).
- Experience setting procedures/standards and improving operational processes in a 24x7 environment.
- Bachelor’s degree (BS/BA) desired in Computer Science or Cybersecurity.
- 5+ years of related experience.
- Certification is required in some areas.
Responsibilities
- Lead daily SOC operations across shifts to ensure continuous monitoring and timely response to security events.
- Coordinate shift handoffs and ensure accurate case documentation.
- Provide real-time direction during active incidents, including prioritization, tasking, and escalation.
- Maintain operational readiness (coverage, tooling availability, playbooks, and procedures).
- Define, document, and enforce SOC operational standards (SLAs, response time targets, escalation criteria, and documentation quality).
- Drive continuous improvement initiatives (use case tuning, reduction of false positives, workflow optimization).
- Assist with onboarding, cross-training, and skills development plans for analysts.
- Communicate incident status clearly to technical and non-technical stakeholders, ensuring timely and accurate updates.
- Contribute to executive-ready reporting and operational briefings.
- Track and report SOC Metrics (MTTA/MTTR, case volume, false positive rates, SLA compliance, escalation rates).
- Identify recurring issues and propose corrective actions (process, detection, or tooling changes).
Benefits
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
