Senior Information Security Analyst

Are you a highly motivated and experienced Information Security professional passionate about protecting critical assets and data? If so, you might be a great fit for the Senior Information Security Analyst role here at ASSA ABLOY Opening Solutions Americas!

In this pivotal role, you'll be instrumental in safeguarding our organization's information systems, infrastructure, and data from evolving cyber threats. You'll leverage your deep technical expertise to lead initiatives and contribute significantly to our overall security posture, driving continuous improvement and strategic security alignment.

This is an office-based position located in New Haven, CT.

What you will be doing

• Incident Response & Management:
  
  • Lead and actively participate in the end-to-end incident response lifecycle, from detection and analysis to containment, eradication, recovery, and post-incident review.
  • Develop, refine, and implement incident response plans and playbooks, ensuring they align with industry best practices.
  • Conduct forensic analysis on compromised systems to identify root causes, impact, and indicators of compromise (IOCs).
  • Collaborate with cross-functional teams (IT Operations, Legal, etc.) during security incidents to ensure a coordinated and effective response, including effective crisis communication with stakeholders.
    
    
• Threat Detection & Vulnerability Management:
  • Perform advanced threat hunting to proactively identify and mitigate emerging threats and sophisticated attack techniques (TTPs).
  • Conduct comprehensive vulnerability assessments and penetration testing (internal and external) to identify weaknesses in systems, applications, and networks.
  • Manage and optimize vulnerability management programs, including scanning, analysis, prioritization, and remediation tracking.
  • Analyze threat intelligence feeds to understand new attack vectors and inform defensive strategies.
  • Engage in purple teaming exercises to continuously refine and improve defensive capabilities based on offensive insights.
    
    
• Security Architecture & Engineering Support:
  • Provide expert guidance on security best practices for new and existing systems, applications, and cloud environments (e.g., AWS, Azure, GCP).
  • Support the design, implementation, and optimization of various security technologies, including SIEM/SOAR platforms, Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and Web Application Firewalls (WAF).
  • Actively contribute to DevSecOps initiatives, integrating security controls and practices into the software development lifecycle (SDLC) and CI/CD pipelines, including performing threat modeling on applications and systems early in their development.
  • Identify and implement opportunities for automation and orchestration of security tasks, tool integrations, and playbook development to enhance efficiency.
  • Develop and implement security policies, standards, and procedures in alignment with industry frameworks (e.g., NIST, ISO 27001, MITRE ATT&CK) and the evolving legal and regulatory landscape around data privacy and cybersecurity (e.g., GDPR, CCPA, HIPAA, PCI DSS).
    
    
• Security Operations & Monitoring:
  • Monitor security events and alerts from various sources (SIEM, EDR, network devices) to detect and respond to potential security incidents.
  • Develop and tune security monitoring rules, alerts, and dashboards.
  • Participate in on-call rotations for critical security incidents as needed.
  • Assist with internal and external audits, providing necessary documentation and evidence of compliance.
    
    
• Strategic Security & Leadership:
  • Serve as a subject matter expert within the information security domain, staying abreast of emerging technologies and trends (e.g., AI in cybersecurity, Zero Trust architecture, quantum computing risks, supply chain security).
  • Lead small to medium-sized security projects and initiatives, demonstrating strong project management skills.
  • Communicate complex technical security concepts clearly and concisely to both technical and non-technical stakeholders, including senior management, aligning security initiatives with business goals and translating technical risks into business risks.
  • Contribute to the development and delivery of security awareness and training programs for employees.
  • Recommend cost-effective security measures and maintain an awareness of security solution budgets.
  • Evaluate, select, and manage relationships with security vendors and their solutions, including understanding SLAs and security clauses in contracts.

What we are looking for

Education and Experience:

• 6-9 years of demonstrated experience in information security, with a strong focus on incident response, vulnerability management, and security operations.
• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field; or equivalent experience

Technical Skills:

• In-depth knowledge of network protocols, operating systems (Windows, Linux), and cloud security principles.
• Proficiency with security tools such as SIEM (e.g., Splunk), EDR (e.g., SentinelOne), vulnerability scanners (e.g., Rapid7), and penetration testing tools (e.g., Metasploit).
• Experience with scripting languages like Python, PowerShell, or Bash for automation and analysis.
• Understanding of identity and access management (IAM) concepts and technologies.
• Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes) is a plus.

Additional:

• Exceptional analytical and problem-solving skills with a keen eye for detail.
• Strong written and verbal communication and presentation skills.
• Ability to work independently and collaboratively in a fast-paced, evolving environment, demonstrating a continuous improvement mindset.
• Strong organizational skills.
• Demonstrated ability to adapt to new technologies and threats quickly.

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional) - Highly preferred
• CISM (Certified Information Security Manager)
• GIAC Certifications (e.g., GCIH, GCIA, GPEN, GSEC)
• Cloud Security Certifications (e.g., AWS Certified Security - Specialty, Azure Security Engineer Associate)

What we offer 

We’re passionate about providing amazing opportunities and benefits, so that you can enjoy a lifelong career with us. We are proud to offer: 

• Continuous professional development opportunities and an environment that fosters internal growth and mobility.
• Competitive compensation and benefits package which includes multiple healthcare options, tuition reimbursement, and matching 401k.
• Generous holiday schedule and paid time off to refresh and recharge.
• Employee pricing on our products and discount programs for travel, entertainment, and more! 

We review applications regularly, so don’t hesitate, apply today! 

ASSA ABLOY is an Equal Opportunity Employer/Minorities/Females/Disabled/Veteran 

#LI-OSA
#LI-EL1

We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 63,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. 

As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.