Key skills
CloudCyber SecuritySDLCAIMLAnalyticsJiraAgileCI/CDLeadershipStakeholder ManagementRisk ManagementMentoringChange ManagementCommunication
About this role
Role Overview
- Set and drive the AI/ML + Automation strategy and multi-quarter roadmap for Cyber Threat Analytics, aligning outcomes to a centralized logging & monitoring environment, autonomous monitoring, and rapid response objectives.
- Own delivery of advanced threat analytics capabilities by developing and operationalizing AI/ML approaches that improve detection of sophisticated threats and measurably reduce analyst burden (through automation and higher-fidelity analytics).
- Lead production-grade ML/DL pipeline deployment for prioritized threat use-cases (e.g., botnet detection, IPv6 scan detection, and malicious activity in encrypted traffic), ensuring repeatable model training, daily/continuous execution at scale, and sustained detection performance.
- Direct automation and orchestration programs that turn detections into action—driving complex automations and orchestrations for threat detection and rapid response, including playbook-centric execution and operational workflow integration.
- Operationalize AI-enabled investigation capabilities to accelerate triage and investigation, leveraging agent/assistant patterns that can plan and execute multi-step investigative tasks and return validated outputs quickly.
- Drive platform-native AI/ML analytics enablement in Cortex XSIAM (e.g., notebook-based analysis and anomaly identification feedback loops), ensuring the team can analyze, visualize, and productionize insights back into operations.
- Partner across the telemetry pipeline ecosystem (e.g., ingestion, normalization, routing, and cost optimization efforts) to ensure end-to-end data availability and quality required for AI/ML and automation at scale, including continued advancement of critical feeds and integrations.
- Establish and enforce engineering rigor for AI/ML in cyber operations: standards for secure SDLC, automation/scripting practices, testing/lab validation, promotion to production, and safe change management for detection + automation content.
- Own model risk + operational risk governance for AI/ML-driven detections: monitoring for drift/quality regressions, controlling false positives, ensuring explainability where needed, and aligning to cybersecurity AI risk management expectations.
- Lead day-to-day execution across a portfolio of initiatives (AI/ML, automations, investigations, integrations), balancing delivery, BAU support, and continuous improvement while meeting tight deadlines and operational urgency.
- Provide people leadership for a multi-disciplinary team (ML engineers, data scientists, automation engineers, detection/analytics engineers): hiring, mentoring, performance management, skills development, and creating a high-ownership culture.
- Run a cross-geo operating model (US + India) that sustains engineering throughput and operational coverage, including flexibility to support US morning hours and weekend coverage where required by mission needs.
- Maintain continuous awareness of the evolving threat landscape and translate emerging threat patterns into backlog priorities for new detections, models, and automations (including proactive research and forward-looking planning).
- Executive stakeholder management and communication: communicate complex AI/ML and security concepts clearly to technical and non-technical stakeholders; provide SME guidance, decision support, and concise leadership reporting.
- Own the “automation-to-integration” expansion path by driving adoption of out-of-the-box integrations where possible and prioritizing custom build where necessary, using a clear inventory-based approach to accelerate time-to-value.
Requirements
- 10+ years of relevant experience or equivalent combination of education and work experience.
- Demonstrated foundational experience working with associated agile and various reporting technologies (e.g. JIRA, MS Project, MS PowerPoint, PowerBI).
- Expert level understanding of security logs and the ability to rapidly search, report, and troubleshoot within various datasets.
- Strong understanding of compliance, controls, risk, change management, and CI/CD pipelines.
- Expert understanding of Cloud architecture & technologies
- Excellent analytical, problem-solving, organizational, and communication skills.
Tech Stack
- Cloud
- Cyber Security
- SDLC
Benefits
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.