Internals
19.25
$ per hour
Summer Preferred

The Information Security Analyst ...
Collaborates with the InfoSec team and other staff:
  • Provides regular progress updates to supervisors and the team.
  • Works with other teams to accomplish SAIT security goals.
  • Assists in hiring and training new staff.
  • Acts as a resource for other students and staff, especially for security-related matters.
Proactively works to improves the security posture of SAIT and its clients:
  • Responds promptly to possible threats and security incidents, coordinating with the appropriate people, teams, and resources.
  • Analyzes network traffic and vulnerability scans to help align SAIT goals with best security practices.
  • Analyzes and presents SAIT's security landscape to both technical and non-technical audiences using supported findings and building necessary tools along the way.
  • Conducts penetration testing of software and services to ensure they meet campus security standards.
Coordinates ongoing security awareness education and training:
  • Spearheads relevant security-centered educational programs and events for staff and students.
  • Promotes security awareness among SAIT staff, students, and the campus at large.
  • Trains the appropriate people and staff in relevant security skills.
Examples of Projects and Daily Tasks:
  • Incident response.
    • Block or take potentially compromised machines off the network.
    • Perform forensics analysis on devices that may contain sensitive data.
    • Alert the appropriate personnel in the event of a possible threat or attack.
  • Provide progress updates for the past week during a weekly check-in meeting with the InfoSec team.
  • Coordinate with the Unix Operations team to set up a server for pentesting a service.
  • Manage and analyze Nessus vulnerability scans and Snort intrusion detection system alerts.
  • Meet regularly with the InfoSec lead and CSO to provide updates and suggest improvements to existing procedures.
  • Give a presentation on different methods of authentication.
What You'll Bring to the Job
Required Skills:
  • Effective written and verbal communication skills and the ability to interact professionally with diverse groups of clients and staff
  • Experience prioritizing tasks
  • Expertise in teaching, mentoring, or training others (including those who do not have a technical background)
  • Ability and motivation to learn new technologies quickly and with minimal supervision
  • Excellent organizational and problem-solving skills
  • Excellent analytical and public speaking skills to a variety of different audiences
  • Knowledge of basic web technologies
  • Basic knowledge of computer networking
  • Proficiency in at least one scripting/programming language
  • Experience carrying out a technical project independently
  • Minimum GPA of 2.0
Bonus:
  • Knowledge of security tools, including vulnerability scanners and intrusion detection systems
  • Scripting experience
  • UNIX system administration experience
  • Windows system and domain administration experience
  • Knowledge of internet architecture and protocols
  • Firewall management and configuration experience
  • Network and computer forensics experience
  • Experience writing documentation
  • Attention to detail
  • Penetration testing experience
  • Participation in capture the flag (CTF) events
  • Minimum GPA of 2.3
What You'll Learn on the Job
  • Nessus vulnerability scanner
  • Snort intrusion detection system and its related GUI projects like Snorby
  • Enterprise network infrastructure and organization, business-wise and technical
  • Working in a startup-like environment
  • Interacting with colleagues from every generation
  • Public speaking
  • Emergency incident response and planning
  • Penetration testing techniques, tools, and related skills
Availability & Training Requirements
  1. The period of employment for this position begins upon hire and continues at least through the end of 2017-2018 academic year.
  2. Must be a currently enrolled UC Berkeley student.
  3. Must be available for 2-5 hours per week of training during the spring 2017 semester, including New Staff Orientation on Friday, April 7.
  4. Must be available to work 12-20 hours per week during the academic year.
  5. Must provide at least 3 hours per week of work during business hours at the Residential and Student Services Building (RSSB).
  6. Must be available to respond to emergency situations that may occur at any time on any day.
  7. Must participate in Residential Computing Consultant (RCC) training during week of August 7, 2017.
  8. Required to attend all-staff training on August 18, 2017.
  9. Must clear a criminal background check due to the level of data access and access to systems and physical spaces required by the position.
  10. Continued employment is contingent upon satisfactory job performance evaluation by the Lead InfoSec Engineer and Chief Security Officer of SAIT.
The Interview
What to Expect

Information Security Analyst interview candidates will meet with a panel of current SAIT Information Security staff, including, but not limited to, the Chief Security Officer and the succeeding Lead InfoSec Engineer. The interview will last about one hour and will include general behavioral questions as well as specific technical questions related to security, software engineering, UNIX systems, Windows systems, and computer networking. Candidates will likely be asked about specific technologies and past work experiences, particularly those highlighted on their resume. They will also be asked to bring a BearFacts transcript to verify that they meet the minimum GPA requirement.

Sample Interview Questions
  • Give an example of a presentation on a technical topic that you might present differently to different audiences. What specifically are some of the key differences?
  • What is cross-site scripting?
  • What is whitelisting? Blacklisting? When is each preferable over the other?
  • Describe a time you completed a technical project. What were some of the key challenges, and what were your solutions to those challenges?
  • You are auditing the security of the piece of software that stores user login information. What are some things you would look for and write about in your report?

This job is currently not open for hiring

Have a question? Email us at hiring@rescomp.berkeley.edu.