Director Cybersecurity – AI/ML/Automation, Cyber Threat Analytics

AT&T

Director leading Cybersecurity AI/ML/Automation initiatives, ensuring threat analysis and response capabilities for AT&T's systems. Overseeing teams, projects, and strategy in cybersecurity analytics.

Posted 6/17/2026full-timeCharlotte • North Carolina • 🇺🇸 United StatesLead💰 $188,100 - $282,100 per yearWebsite

Tech Stack

Tools & technologies

CloudCyber SecuritySDLC

About the role

Key responsibilities & impact

Set and drive the AI/ML + Automation strategy and multi-quarter roadmap for Cyber Threat Analytics, aligning outcomes to a centralized logging & monitoring environment, autonomous monitoring, and rapid response objectives.
Own delivery of advanced threat analytics capabilities by developing and operationalizing AI/ML approaches that improve detection of sophisticated threats and measurably reduce analyst burden (through automation and higher-fidelity analytics).
Lead production-grade ML/DL pipeline deployment for prioritized threat use-cases (e.g., botnet detection, IPv6 scan detection, and malicious activity in encrypted traffic), ensuring repeatable model training, daily/continuous execution at scale, and sustained detection performance.
Direct automation and orchestration programs that turn detections into action—driving complex automations and orchestrations for threat detection and rapid response, including playbook-centric execution and operational workflow integration.
Operationalize AI-enabled investigation capabilities to accelerate triage and investigation, leveraging agent/assistant patterns that can plan and execute multi-step investigative tasks and return validated outputs quickly.
Drive platform-native AI/ML analytics enablement in Cortex XSIAM (e.g., notebook-based analysis and anomaly identification feedback loops), ensuring the team can analyze, visualize, and productionize insights back into operations.
Partner across the telemetry pipeline ecosystem (e.g., ingestion, normalization, routing, and cost optimization efforts) to ensure end-to-end data availability and quality required for AI/ML and automation at scale, including continued advancement of critical feeds and integrations.
Establish and enforce engineering rigor for AI/ML in cyber operations: standards for secure SDLC, automation/scripting practices, testing/lab validation, promotion to production, and safe change management for detection + automation content.
Own model risk + operational risk governance for AI/ML-driven detections: monitoring for drift/quality regressions, controlling false positives, ensuring explainability where needed, and aligning to cybersecurity AI risk management expectations.
Lead day-to-day execution across a portfolio of initiatives (AI/ML, automations, investigations, integrations), balancing delivery, BAU support, and continuous improvement while meeting tight deadlines and operational urgency.
Provide people leadership for a multi-disciplinary team (ML engineers, data scientists, automation engineers, detection/analytics engineers): hiring, mentoring, performance management, skills development, and creating a high-ownership culture.
Run a cross-geo operating model (US + India) that sustains engineering throughput and operational coverage, including flexibility to support US morning hours and weekend coverage where required by mission needs.
Maintain continuous awareness of the evolving threat landscape and translate emerging threat patterns into backlog priorities for new detections, models, and automations (including proactive research and forward-looking planning).
Executive stakeholder management and communication: communicate complex AI/ML and security concepts clearly to technical and non-technical stakeholders; provide SME guidance, decision support, and concise leadership reporting.
Own the “automation-to-integration” expansion path by driving adoption of out-of-the-box integrations where possible and prioritizing custom build where necessary, using a clear inventory-based approach to accelerate time-to-value.

Requirements

What you’ll need

10+ years of relevant experience or equivalent combination of education and work experience.
Demonstrated foundational experience working with associated agile and various reporting technologies (e.g. JIRA, MS Project, MS PowerPoint, PowerBI).
Expert level understanding of security logs and the ability to rapidly search, report, and troubleshoot within various datasets.
Strong understanding of compliance, controls, risk, change management, and CI/CD pipelines.
Expert understanding of Cloud architecture & technologies
Excellent analytical, problem-solving, organizational, and communication skills.

Benefits

Comp & perks

Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

AIMLautomationthreat analyticsML/DL pipelinemodel trainingdata availabilitySDLCrisk governancecompliance

Soft Skills

leadershipcommunicationanalytical skillsproblem-solvingorganizational skillsmentoringperformance managementteam collaborationstakeholder managementcontinuous improvement