Job Postings

Open Staff Positions:

Security Assessments Analyst 4

The Security Assessments team is a group of talented, and high-performing information security professionals, dedicated to reducing institutional risk through the critical analysis of information technology systems. The team excels at investigation and analysis. As part of this highly-technical group, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution.

Key responsibilities include:

  • Conduct security assessments across the institution.
  • Analyze assessment results to identify risks to institutional data.
  • Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements.
  • Document assessment findings and remediation plans, and present reports to campus stakeholders and external vendors.
  • Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems, services, and IT policies.
  • Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI Data Security Standards.
  • Participate in the documentation of assessment and compliance efforts including campus security requirements, guidelines, and processes.
  • Stay informed about the latest developments in the information security field and contribute to outreach efforts for educating campus users on emerging threats.


  • Significant (mid-career) Information Security or compliance work experience.
  • General knowledge of information security topics (e.g., basic cryptographic principles, common network protocols, information systems auditing, packet analysis, intrusion detection, computer forensics, web server configuration best practices, etc.).
  • Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate risks and key points to both technical and non-technical audiences.
  • Demonstrated ability to quickly understand diverse and complex business environments.
  • Demonstrated ability to interface with a variety of personalities.
  • Ability to contribute within a team of security professionals, as well as the capability to work independently with only general direction.
  • Alignment with our campus mission of excellence in teaching, research, and public service, and appreciation for how this affects our approaches to Information Security.

Preferred Qualifications

  • ISO 27000 and NIST (800-53, 800-171) information security standards
  • FERPA, PCI DSS, HIPAA, FISMA compliance
  • Information risk management concepts and application
  • Web application security and development best practices
  • Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues
  • UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in higher education and/or research environments

Salary & Benefits

Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:

How to Apply:

External Applicants click here:

Internal Applicants click here:

Please submit your cover letter and resume as a single attachment when applying.

The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world. In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:

We champion diversity.
We act with integrity.
We deliver.
We innovate.

Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.

Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.

The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see:
For the complete University of California nondiscrimination and affirmative action policy see:


Open Student Positions:

#3461618 Security Operations Assistant
To apply, go to and send resume, cover letter, and schedule to

Security Operations Assistant (Assistant III)
Department: Information Security and Policy
Hours: 10-15 hours/week, hours TBD
Salary: $21/hour
Duration: Ongoing
Summer commitment: Desired
Start date: ASAP

The Information Security Office (ISO) collaborates with partners across the Berkeley campus to monitor network activity for vulnerabilities and security incidents, assess data and systems to align in accordance with policies, provide a centralized authentication and authorization system, clarify campus obligations needed to protect data, and to educate the community in becoming a culture of security.

ISO is comprised of five teams: Policy Program Management, Service Management, Security Operations, Development and Engineering, and Security Assessments. This position is part of the Security Operations team, and reports to the Information Security Operations Manager.

The Information Security Operations team is a close-knit group of talented information security professionals performing critical information security functions for the institution, including monitoring/detection, vulnerability scanning, incident/breach response, and network registration. This position supports the activities of the Security Operations team by assisting our Operations Center analysts with management of security incidents and security-related help desk requests.

Responsibilities may include:
* Triaging incident reports, queries, and other requests to our Security email contact address (
* Answering Security phone tree calls and responding as appropriate
* Drafting and reviewing templates, best-practice articles, and other communications
* Route escalated alerts to tier 2 and 3 analyst support
* Assist in documenting commonly occurring issues and fixes
* Fielding customer information security question and requests via phone and email
* Documents incident status and solutions in incident database tools

Required Qualifications:
* Strong interest in the field of Information Security
* Excellent customer service skills
* Effective written communication skills
* Ability to troubleshoot
* Dependable and attentive to detail
* Ability to work autonomously on projects
* Adept in using the Google Productivity Suite

Preferred Qualifications :
* Working knowledge of key concepts in Information Security
* Awareness of campus policies, practices, and guidelines for Information Security
* Experience working in a front-line customer service or help desk role
* Familiarity with IT Service management software (RequestTracker RT, Jira, ServiceNow)
* Exposure to Information Security tools including vulnerability scanning, Security information and Event Management (SIEM) (Splunk, ArcSight, LogRhythm) or Vulnerability scanners (Nessus, Saint, NMap)

* Maintain confidentiality and objectivity in all matters business practices and clientele
* Be responsible with staff privileges, including use of equipment and access to restricted spaces
* Work assigned hours
* Report/meet with the hiring manager to discuss the status of assigned work
* Professional workplace behavior

Applicants must be currently enrolled students at UC Berkeley.