Job opening: UC Berkeley - Security Analyst IV - Application Security Testing (2 year appointment, 2 positions)

[Kate Riley <ktriley () BERKELEY EDU>]

Security Analyst IV - Application Security Testing

Departmental Overview

System and Network Security (SNS) is responsible for leading IT security
for the UC Berkeley campus.  Responsibilities include evaluating,
designing, implementing and maintaining security programs to enable
departments to comply with campus policy, standards and best practices.
 SNS coordinates with IT Policy, providing input on the development of
campus policy, security exceptions, and incident response.  SNS provides
campus leadership on IT security issues, including training and outreach
initiatives.  SNS coordinates with peers across higher education
institutions to share information and approaches to solve IT security
challenges.


Responsibilities

The primary focus for this 2 year position is application security
testing of key campus systems.  The testing process is based closely on
industry standard approaches, delivering a pass/fail grade for tested
applications, along with recommendations and  remediation guidance.  The
testing process includes threat modeling, data flow diagramming, as well
as hands-on testing.  As a member of System and Network Security you
will be part of growing team of campus security professionals that
operate and implement security services for the University of
California, Berkeley.

    Conduct regular in-depth vulnerability assessments at multiple
layers for applications, including but not limited to web applications

    Understand and analyze a wide variety of technologies used to
implement critical campus systems

    Correctly and quickly analyze, filter, and classify results from
vulnerability scanners

    Conduct risk based security code reviews, both static and dynamic

    Accurately document system deficiencies and provide guidance for
remediation

    Communicate the complexities of application security with a wide
variety of audience, ranging from senior management to programmers

    Research and develop testing tools, techniques, and process
improvements to advance the quality of the testing process itself

    Manage the testing engagement schedule with application teams across
campus, including multiple simultaneous engagements

    Perform additional incidental IT security duties as assigned


Required Qualifications

    Demonstrable professional IT security experience, including
experience conducting application security assessments
    Experience identifying and explaining risks resulting from common
web and application vulnerabilities (e.g. OWASP top 10)
    Hands on experience as a application penetration tester
    Experience working with vulnerability scanning tools (e.g. AppScan,
Burp Suite Pro, WebInspect)
    Knowledgeable in application security concepts, including
application security frameworks and threat modeling methodologies
    Familiarity with software development lifecycle best practices and
approaches
    Working experience in both Unix and Windows environment, Macintosh a
plus


Preferred Qualifications

    Experience as a web application developer or similar relevant coding
experience
    Experience with Linux or Windows system administration
    Experience with database administration, especially with Oracle, MS
SQL Server, PostgreSQL and MySQL


Salary & Benefits

The salary range for the position of Security Analyst IV is $95580 -
$116820 annually, depending on qualifications and experience.

For information on the comprehensive benefits package offered by the
University visit:

http://atyourservice.ucop.edu/forms_pubs/misc/benefits_of_belonging.pdf


How to Apply

Please visit jobs.berkeley.edu and find job ID 14098, or visit:

https://hrw-vip-prod.is.berkeley.edu/psp/JOBSPROD/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL?Page=HRS_CE_HM_PRE&Action=A&SiteId=1

Submit your cover letter and resume as a single attachment when
applying.  Applications must include a cover letter to be considered.


Criminal Background Check

This position has been designated as sensitive and may require a
Criminal Background Check. We reserve the right to make employment
contingent upon successful completion of a Criminal Background Check.


Other Information

This posting is for two full-time 2 year appointments, with the
possibility of extension. The positions are located in downtown Berkeley
within an easy walk to BART.


Equal Employment Opportunity

The University of California, Berkeley is an Equal
Opportunity/Affirmative Action Employer