Job posting: University of California, Berkeley, IT Security Analyst 3

[Allison Henry <akhenry () BERKELEY EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We are currently recruiting for an IT Security Analyst 3 to maintain
internal systems and provide support to our Security Operation
programs. Please see the full job description below and if interested
apply at jobs.berkeley.edu.

Also, we will be posting an additional Security Analyst 4 position
shortly, which will focus on development and systems integration.

- -- 
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu


Job Title: IT Security Analyst 3 #16025 (7338U)
Job ID:    16025
Location:  Main Campus-Berkeley

Departmental Overview

The Information Security Office (ISO) coordinates the risk management
process for UC Berkeley's information systems and directs campus-wide
efforts to adequately secure institutional data. The Information
Security Office is led by the Chief Information Security Officer and
consists of two teams, the Operations team and the Assessment team.
The Operations team, System and Network Security (SNS), is responsible
for implementing and operating detection programs and security
services for the campus, as well as incident response and breach
management. The Assessment team is responsible for managing the campus
information system asset inventory and overseeing compliance of campus
information systems to internal and external standards.

The Information Security Office works closely with IT Policy to
develop and maintain the security policy framework for campus. The ISO
also coordinates with other key groups involved in risk management for
the campus, and the ISO also coordinates with peers across higher
education to share information and solutions to information security
challenges.

This position is part of the Security Operations team and reports to
the Operations manager. The position is a one-year contract with the
potential to extend.

Responsibilities

? Maintain security operations environment and working with other
operations staff to implement and extend security operations programs.

? Maintain the operations environment includes system administration
work: managing hardware replacement cycles, updating the standard RHEL
image, documentation of the baseline image and machines, coordinating
with other security staff to install and configure additional software
on top of the baseline image, very aggressive system patching, account
management, monitoring of services, responding to monitoring alerts,
and monitoring the backup process.

? Implementing several efficiency-related projects to system
administration will be an early responsibility for the position.

? Implement and extend security operations programs covers a very wide
array of activities, but will focus initially on log collection and
analysis in our SIEM deployment.

? Design and implement various logging and log relay strategies to
receive logs from a diverse set of applications and technologies on
campus managed by different teams, receiving and processing data from
critical infrastructure (BigFix, flow data, Secunia, hardware
firewalls, load balances, Active Directory, Kerberos, and others),
maintaining and ensuring logs from campus groups meet minimum
requirements, writing custom parsers for unusual log formats,
developing correlations in the SIEM, analyzing logs, and responding to
potentially critical security alerts identified by this log analysis.

? Future efforts will include tuning of operation security systems
(Nessus, Snort, Intrushield, Bro, and others), work with network taps
including potentially 100Gbit networking and openflow, evaluation of
new security software and appliances in order to meet specific
security standard objectives for campus, and participation in design
discussions for changes to the operational environment.

Required Qualifications

Three or more years of experience managing RHEL systems is required,
including experience with hardware, basic networking, secure
configuration, monitoring and backups. A strong interest in security
and ability to demonstrate an understanding of security concepts is
essential. Knowledge of and ability to adhere to security best
practices for supported platforms is essential, including system
hardening, monitoring, hardware/host firewall configuration and
management, etc. Strong written communication skills, in order to
clearly document system design, configuration, and security practices,
are also required. Experience with two or more of the following is
required:

? Virtualization technologies
? Vulnerability scanning and detection
? Intrusion detection
? Log collection and analysis
? Web servers
? Virtualized networking, Openflow, IPv6 or other beyond-the-basics
networking

The ideal candidate has a strong desire to learn about the topics on
the above list which are not already known

Preferred Qualifications

? Experience with Network Intrusion Detection Systems
? Windows, Mac or BSD administration experience
? Bash, perl or python scripting experience
? Familiarity with hardening standards such as CIS, NIST, NSA
? GSEC certification

Salary & Benefits

For information on the comprehensive benefits package offered by the
University visit:

http://atyourservice.ucop.edu/forms_pubs/misc/benefits_of_belonging.pdf

How to Apply

Please visit jobs.berkeley.edu and search for this posting for this
posting. Please submit your cover letter and resume as a single
attachment when applying.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlHIbLgACgkQKzbis0Yjv208fQCgwDYFQkAROqoE9fp7zRzzuIcV
rnEAoKGiBxABHiAxxNTO3CQLVMCDihOg
=/Pmx
-----END PGP SIGNATURE-----