Offensive Security Analyst

The Opportunity

Within our Enterprise Cybersecurity organization, you will work closely with the Security Intelligence team and be responsible for performing threat research, leverage real world adversarial techniques and create detections.

The Team

Within the Security Operations Center, partner with Incident Response Teams for Red/Purple Team assessments and work with Security Intelligence to identify and test real world adversarial tactics, techniques, and procedures.

The Impact

Utilize both manual and automated synthesize OSINT, simulate threat actor TTPs and create detections.

Key Responsibilities

• Threat research, detection, and response activities, including the development and maintenance of detection content and threat hunting missions.
• Analyze and synthesize intelligence from various sources to identify risks and provide actionable insights.
• Create and execute adversary simulation exercises (red/purple team) to evaluate and enhance security controls and incident response effectiveness.
• Research and develop offensive security techniques, tools, and automation frameworks to improve simulation and testing capabilities.
• Advise on threat mitigation strategies for emerging threats and vulnerabilities.
• Support incident response engagements and provide expert advisory on scoping, containment, and eradication strategies.
  
  

The Minimum Qualifications

• Associates degree
• 2+ years of experience in cyber security
  
  

The Ideal Qualifications

• Degree in Cyber Security
• 4+ years of experience in information security, focusing on threat detection, incident response, and adversary simulation (red and purple teaming).
• Expertise in developing threat detection rules, both signature-based and behavior-based analytics.
• Hands-on experience with offensive security tools such as CobaltStrike, Mythic, Evilginx, Outflank C2, and OST.
• Proficient in multiple programming languages including Python, C#, C/C++ and GoLang and familiarity with Windows/MacOS internals.
• Proficient with SIEM and EDR platforms, including but not limited to Splunk, SumoLogic, and CrowdStrike Falcon EDR/LogScale.
• Strong understanding of identity management platforms like Okta, Microsoft EntraID, and Active Directory, including identity-based attacks.
• Security automation expertise using Python scripting, Palo Alto Cortex XSOAR, and GitOps practices.
  
  

What to Expect as Part of MassMutual and the Team

• Regular collaboration with the Security Intelligence Team and other stakeholders.
• Focused one-on-one time with your manager.
• Access to mentorship opportunities.
• Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups.
• Access to learning content on Degreed and other informational platforms.
  
  

MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.

EEO Statement (Opens in new window)

MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment. The job description includes the main duties of this position, which may evolve over time. You may be required to perform other duties not listed.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.

Salary Range: $86,200.00-$113,100.00