Information Security Consultant – Threat Intelligence Analyst

The Opportunity
Within our Enterprise Cybersecurity organization, you will execute day‑to‑day threat intake, triage, and analysis to protect the enterprise and field organizations. Convert raw signals (brand/domain impersonation, credential and account exposure, payment/credit compromise, bot‑log activity, external threat chatter) into validated findings, concise reports, and timely escalations.
The Team
As a Security Intel Analyst you work within the Security Operations Center and partner with Incident Response Teams, Offensive Security, DFIR, Cyber Third Party, Business Information Security Officers, Executive Management and other key stakeholders, advising them on the latest cyber threats.

The Impact
Your attention to detail, and rapid, yet thoughtful processing of information will translate into actionable intel to protect Mass Mutual.

• Monitor and triage inbound alerts related to domain impersonation, credential exposure, bot‑log listings, payment/credit exposure, vulnerability chatter, and relevant external threat activity.
• Validate and categorize events (malicious, suspicious, benign) using corroborating evidence and defined criteria; document decision points and rationale.
• Escalate and coordinate with the appropriate owners (e.g., security operations, incident response, fraud, brand/communications) following established workflows.
• Maintain case records with reproducible notes, supporting artifacts, and status updates through closure.
• Perform structured analysis to transform data into intelligence: outline assumptions, weigh confidence, and articulate likely impact and recommended actions.
• Produce flash advisories for time‑sensitive threats, emerging threat briefs for significant trends, and field vulnerability summaries to highlight exposures relevant to the field environment.
• Assist detection engineering teams by researching adversary TTPs, validating indicators, and providing context for detection logic development.
• Fulfill RFIs from internal teams; gather, analyze, and deliver answers aligned to intelligence requirements and timelines.
• Support investigations by researching indicators, mapping findings to threat models, and providing recommendations.
• Participate in information‑sharing activities to stay informed on emerging threats and contribute relevant insights when appropriate.
• Maintain program documentation and track key performance indicators, such as case volumes, response times, and process adherence, ensuring accuracy and currency.
• Engage in team collaboration and knowledge‑sharing, including contributing to process documentation, supporting onboarding, and participating in regular team discussions.
• Identify opportunities for process improvement to enhance efficiency and consistency in alert handling, escalation, and reporting workflow

The Minimum Qualifications

• Associates degree
• 2 years of experience in cyber security

The Ideal

Qualifications:

• Familiarity with alert triage and escalation workflows, including identifying false positives and prioritizing based on risk.
• Understanding of common attack vectors and techniques (e.g., phishing, credential abuse, malware delivery) and how they relate to detection and response processes.
• Ability to analyze security events, perform basic log review, and correlate indicators to identify potential threats.
• Strong documentation and case management discipline, ensuring accurate and complete records for investigations.
• Effective communication skills for summarizing findings and providing clear updates to technical and non‑technical stakeholders.
• Ability to work in a fast‑paced environment, manage multiple tasks, and collaborate with SOC, IR, and engineering teams.
• Exposure to SIEM alert handling, security monitoring, or basic detection tuning.
• Experience assisting with incident investigations, including researching indicators and providing context for detection engineering or response teams.
• Familiarity with threat modeling concepts (e.g., MITRE ATT&CK, kill chain) and how they apply to detection and response.
• Basic knowledge of network and endpoint fundamentals (e.g., logs, authentication flows, common protocols).
• Participation in tabletop exercises, after‑action…