Internals

Information Security Analyst

  • Hourly Rate: 17.25
  • Summer Commitment: Preferred

Position Overview

The Information Security Analyst (ISA), under the guidance of the Lead Information Security Engineer and the supervision of the Chief Security Officer (CSO) of Student Affairs - Information Technologies, is responsible for monitoring security-related activities in Student Affairs. In support of UC Berkeley's mission of teaching, research, and public service, the ISA strives to protect Student Affairs business processes and technology resources through ongoing data review and analysis. The ISA is responsible for overseeing the vulnerability management and intrusion detection processes in Student Affairs using existing tools and processes. The ISA is also expected to review system, account, and network logs and configurations with the intention of identifying unauthorized access or potential security issues.

Through the course of his/her work, the ISA is expected to identify opportunities to improve security or efficiency through tool and process improvements. The ISA will work closely with the Information Security Engineers to draft project proposals which will then be carried out by the Information Security Engineers. ISA is also responsible for assisting the CSO with postmortem analysis of staff computers to check for data loss and analysis of attack vectors. The ISA will be the primary liaison between network security staff on campus for administrative/business security issues. The ISA communicates regularly with staff of Systems and Network Security (SNS), updates them on active security cases, and aids them in constructing new security policies to reflect changing security trends.

Qualifications

Required: working knowledge of *NIX or the ability to learn; ability to perform vulnerability scans using the Nessus application; ability to review and interpret intrusion detection logs created by the Snort intrusion detection system; ability to perform basic SQL queries at the command line and interact with complex databases; ability to communicate professionally with campus security staff and represent Student Affairs; ability to design new processes and procedures to improve efficiency and security; must be willing to learn new skills and tools as needed; effective oral and written communication skills and the ability to interact professionally with a diverse group of people; ability to work productively in teams; attention to detail; minimum GPA of 2.0.

Preferred: systems administration experience with either Windows or Unix; solid understanding of firewalls and firewall concepts; experience writing documentation; friendly and approachable, GPA of 2.3 or higher.

Terms of Employment

  1. The period of employment for this position commences upon hire and continues through the end of the 2012-2013 academic year.
  2. The ISA is paid a wage of $17.25 per hour. The position's classification title is Assistant III. The ISA must be a currently enrolled UC Berkeley student with a minimum GPA of 2.0 (2.3 or higher preferred). Students with less than a 2.3 may be asked to limit their work hours.
  3. The ISA will participate in a required training program during the Spring 2012 semester, including a mandatory orientation on Friday, April 6th, 2012.
  4. The ISA must participate in staff training during the week of August 6th, 2012.
  5. The ISA is required to work 12-15 hours per week during the academic year. A work schedule will be determined in consultation with the Chief Security Officer of Student Affairs IT.
  6. This position is subject to a criminal background check. Driving is preferred. If driving, a DMV check for valid driver's license and driving record is required (anyone who works at University Village in Albany must drive the departmental vehicle). Position meets the following criteria:
    • Possession of key or card access to computer storage areas.
      • Control over campus-wide or departmental business processes, either through functional roles or systems security access, including responsibility for development or maintenance of critical business systems.
    • Operation of University vehicles as part of assigned job duties.
    • Specific job duties: Requires access to both on and off site computer equipment storage as well as access to business databases. Driving is preferred to get to various units and locations.
  7. It is a requirement that anyone in this position work in a safe and responsible manner while not putting him/herself or others at risk. This includes complying with applicable policies and regulations; using personal safety gear; observing warning signs; learning about potential hazards; and reporting unsafe conditions.
  8. Employment with the Information Technologies unit is subject to the applicant's ability to provide appropriate documentation and sign necessary papers for employment in conformance with state laws and University regulations.
  9. Continued employment is contingent upon satisfactory job performance evaluation by the Lead Information Security Engineer and the CSO.

Job Duties

(60%) Systems and Network Security Analysis

  • Perform weekly vulnerability scans using the Nessus (or other) vulnerability scans.
  • Review vulnerability scan reports and escalate relevant issues to the appropriate IT team. Follow-up to ensure that identified issues are resolved in a timely manner.
  • Plan and conduct periodic security and configuration audits on Student Affairs IT managed hosts using the Center For Internet Security and other standards to be identified by the ISA.
  • Help establish policies regarding restricted data, enforcing security compliance, and implementing best practices to consolidate restricted data in a secure manner.
  • Perform data scans using entityFinder, egrep, or other data loss prevention tools
  • Review Nmap network scans for odd or unauthorized network services
  • Regularly analyze network traffic involving Student Affairs IT managed hosts using network intrusion detection tools.
  • Perform account audits using in-house account audit tool and additional processes to be developed by the ISA.
  • Work collaboratively with SysAdmins and Programmers to enforce security baselines and expectations.
  • Enforce departmental security policy on Student Affairs IT managed hosts in close conjunction with the Desktop Consultant and Desktop Administrator teams.
  • Identify gaps in the existing security posture and propose additional projects to secure resident and administrative data.

(15%) Resolve Network Security Incidents

  • Respond promptly to reported security violations involving business systems received from campus departments and organizations outside the University.
  • Investigate validity of security reports (check appropriate logs, request further information).
  • As necessary, follow up with involved staff/administrators regarding the cause of the incident (assess staff member's awareness of the situation and clearly communicate recommendations to avoid future incidents). Conduct audits and collect evidence on administrative machines when necessary.
  • Document and update security incidents with in-house incident tracking system. Communicate case status and findings to the security mailing list and the organization forwarding the complaint (using discretion to maintain confidentiality).
  • Assist other teams in developing tools and procedures related to network access control and monitoring.
  • Enforce the Campus computing policies and respond to staff and resident inquiries about them.

(10%) Administrative Duties

  • Keep online calendar updated regularly.
  • Ensure that all ISA projects are documented (ongoing status reports and a summary report).
  • Meet with Lead ISE weekly with status reports.
  • Check email regularly.

(10%) Support ResComp and Information Security Analyst

  • Provide support to the Information Security Analyst in understanding security incidents and alerts
  • Act as an escalation point for security incidents with business implications or unclear resolutions
  • Assist in development of security policies and practices.
  • Investigate suspicious network activity (bandwidth spikes, DHCP problems).

(5%) Ongoing Training

  • Read security mailing lists and websites (Secunia, Security Focus, unisog@sans.org, ucb-security, micronet) in order to keep up-to-date with the latest security issues.
  • Investigate new security tools and technologies that may be suitable for deployment.

This job is not currently open for hiring