Job opening: UC Berkeley - Information Security Assessment Specialist

[Kate Riley <ktriley () BERKELEY EDU>]

We are currently recruiting for a Security Analyst for our Assessment
and Compliance team.  Please see the full job description below and if
interested apply at jobs.berkeley.edu, Job ID 16605


Information Security Assessment Specialist

Departmental Overview

The Information Security Office (ISO) coordinates the risk management
process for UC Berkeley's information systems and directs campus-wide
efforts to adequately secure institutional data.  The Information
Security Office is led by the Chief Information Security Officer and
consists of two teams, the Operations team and the Assessments &
Compliance team.  The Operations team is responsible for implementing
and operating detection programs and security services for the campus,
as well as incident response and breach management.  The Assessments &
Compliance team evaluates information systems and manages information
security compliance activities.

This position is part of the security assessment team and reports to the
assessment manager.  The position is a one-year contract (eligible for
full benefits) with the potential to extend.

Responsibilities

The Information Security Assessments & Compliance team is a close-knit
group of talented information security professionals delivering
assessments and managing compliance activities. The team excels at
investigation and analysis. As part of this highly-technical group, you
will encounter a wide variety of information systems that meet the needs
of researchers, students, and administrators. You will have the
opportunity to evaluate and critically analyze applications, networks,
and systems in a complex, heterogeneous environment. Your work will have
a direct and meaningful impact on data security at a world-class
research institution.

As an Information Security Assessment Specialist, you will:

* Conduct security assessments and penetration tests across the
institution, both manually and through automated tools
* Analyze assessment results to identify risks to institutional data
* Consult with institutional stakeholders to assess systems and
processes against both internal campus security policy and external
compliance requirements
* Document assessment findings and remediation plans, and present
reports to campus stakeholders and external vendors
* Provide technical advice and consultation to personnel involved with
development, deployment, administration, and security of the
institution's systems and services
* Carry out vulnerability research related to campus information systems
* Participate in the documentation of assessment and compliance efforts
including campus security requirements, guidelines, and processes
* Stay informed about the latest developments in the information
security field and contribute to outreach efforts educating campus users
on emerging threats

Required Qualifications

* Minimum of 5 years Information Security work experience (or
Security-focused job in other IT domains)
* Hands-on experience testing applications, networks, and systems for
known and unknown vulnerabilities
* Experience with vulnerability assessment tools and penetration testing
techniques (e.g., web application scanners, intercepting proxies,
network vulnerability scanners, packet capture and analysis software,
network mapping and port scanners, exploit automation platforms, etc.)
* General knowledge of information security topics (e.g., basic
cryptographic principles, common network protocols, information systems
auditing, packet analysis, intrusion detection, computer forensics, web
server configuration best practices, etc.)
* Excellent written and oral communication skills, including the ability
to compose concise and accurate assessment reports as well as the
ability to articulate key points to both technical and non-technical
audiences
* Demonstrated ability to quickly understand diverse and complex
business environments
* Demonstrated ability to interface with a variety of personalities
* Ability to contribute within a team of security professionals, as well
as the capability to work independently with only general direction

Preferred Qualifications

* Knowledge of OWASP Top 10, CWE/SANS Top 25, or SANS Top 20 Critical
Security Controls
* Programming / debugging skills with proficiency in one or more of the
following; Java, JavaScript, PHP, ASP.NET, Python, Ruby, or other
scripting languages. Experience as a developer is a plus.
* Familiarity with federal, state, and industry-based data
security/privacy regulations
* SANS, ISC2, or Offensive Security (OSCP/OSCE) certifications


Salary & Benefits

The salary range for the position of IT Security Analyst 4 is $71,600 -
$140,800 annually, depending on qualifications and experience.  The
midpoint salary is $106,200.  The position is a one-year contract with
the potential to extend.

For information on the comprehensive benefits package offered by the
University visit:
http://atyourservice.ucop.edu/forms_pubs/misc/benefits_of_belonging.pdf

How to Apply

Please visit jobs.berkeley.edu and look for this posting. Submit your
cover letter and resume as a single attachment when applying.

Applications must include a cover letter to be considered; applications
without cover letters will not be considered.

Criminal Background Check

This position has been designated as sensitive and requires a Criminal
Background Check. We reserve the right to make employment contingent
upon successful completion of a Criminal Background Check.

Other Information

This posting is for a contract appointment.  The work location is
downtown Berkeley within an easy walk to BART.

Equal Employment Opportunity

The University of California, Berkeley is an Equal
Opportunity/Affirmative Action Employer