The Information Security team is responsible for managing security tools, security initiatives and programs, and mitigating risks faced by AvalonBay. This is a highly technical, hands-on role that requires a wide and deep experience in the technical aspects of security as well as the soft skills needed to move at the speed of business. This position requires practical knowledge of securitytechnologies, operations and concepts as well as data privacy and protection.
Responsibilities include but are not limited to:
- Develop a set of security standards and best practices for the organization and recommend security enhancements to management as needed; develop strategies to respond to and recover from security incidents/breaches; educate the workforce on information security through training and building awareness.
- Install and use software (e.g. firewalls, data encryption programs) to protect organization's sensitive information; assist with installation or processing of new security products and procedures.
- Conduct or manage penetration testing, in which simulated attacks on systems are highlighted to find any weaknesses that might be exploited by a malicious party.
- Manage security tools that help identify intrusions and watch for irregular system or user behavior.
- Lead technical and forensic investigation into how the incident/breach occurred and the extent of the damage; prepare reports of findings to be reported to management.
- Bachelor’s degree from an accredited university required; Computer Science program strongly preferred
- 4+ years experience as an engineer, implementing and monitoring security measures for the protection of computer systems, networks and information
- 4+ years experience identifying and defining system security requirements
- Ability to research, architect and drive complex technical solutions consisting of multiple technologies
- Thorough understanding of the latest security principles, techniques and protocols
- Experience with data stream and data messaging services including syslog, web API GET calls, JSON, etc.
- Experience with data management technologies (e.g. SQL Studio, Data Synchronization Studio)
- Working knowledge of network protocols and Wintel/Linux/Unix system internals and transport protocols (TCP, TLS, HTTP/S, UDP)