Main Nav

Security Analyst IV - Application Security Testing Departmental Overview System and Network Security (SNS) is responsible for leading IT security for the UC Berkeley campus. Responsibilities include evaluating, designing, implementing and maintaining security programs to enable departments to comply with campus policy, standards and best practices. SNS coordinates with IT Policy, providing input on the development of campus policy, security exceptions, and incident response. SNS provides campus leadership on IT security issues, including training and outreach initiatives. SNS coordinates with peers across higher education institutions to share information and approaches to solve IT security challenges. Responsibilities The primary focus for this 2 year position is application security testing of key campus systems. The testing process is based closely on industry standard approaches, delivering a pass/fail grade for tested applications, along with recommendations and remediation guidance. The testing process includes threat modeling, data flow diagramming, as well as hands-on testing. As a member of System and Network Security you will be part of growing team of campus security professionals that operate and implement security services for the University of California, Berkeley. Conduct regular in-depth vulnerability assessments at multiple layers for applications, including but not limited to web applications Understand and analyze a wide variety of technologies used to implement critical campus systems Correctly and quickly analyze, filter, and classify results from vulnerability scanners Conduct risk based security code reviews, both static and dynamic Accurately document system deficiencies and provide guidance for remediation Communicate the complexities of application security with a wide variety of audience, ranging from senior management to programmers Research and develop testing tools, techniques, and process improvements to advance the quality of the testing process itself Manage the testing engagement schedule with application teams across campus, including multiple simultaneous engagements Perform additional incidental IT security duties as assigned Required Qualifications Demonstrable professional IT security experience, including experience conducting application security assessments Experience identifying and explaining risks resulting from common web and application vulnerabilities (e.g. OWASP top 10) Hands on experience as a application penetration tester Experience working with vulnerability scanning tools (e.g. AppScan, Burp Suite Pro, WebInspect) Knowledgeable in application security concepts, including application security frameworks and threat modeling methodologies Familiarity with software development lifecycle best practices and approaches Working experience in both Unix and Windows environment, Macintosh a plus Preferred Qualifications Experience as a web application developer or similar relevant coding experience Experience with Linux or Windows system administration Experience with database administration, especially with Oracle, MS SQL Server, PostgreSQL and MySQL Salary & Benefits The salary range for the position of Security Analyst IV is $95580 - $116820 annually, depending on qualifications and experience. For information on the comprehensive benefits package offered by the University visit: How to Apply Please visit and find job ID 14098, or visit: Submit your cover letter and resume as a single attachment when applying. Applications must include a cover letter to be considered. Criminal Background Check This position has been designated as sensitive and may require a Criminal Background Check. We reserve the right to make employment contingent upon successful completion of a Criminal Background Check. Other Information This posting is for two full-time 2 year appointments, with the possibility of extension. The positions are located in downtown Berkeley within an easy walk to BART. Equal Employment Opportunity The University of California, Berkeley is an Equal Opportunity/Affirmative Action Employer