Security Internship Program

About the Program

The Security Internship Program is an opportunity for current UC Berkeley career staff to work alongside the Information Security Operations team.

  • The Information Security Office (ISO) will reimburse the home department for the percentage of time spent with ISO.  
  • Salary, classification, benefits and paid time-off accruals will remain the same. 
  • Timesheet:  The home department will continue to be responsible for the intern's timesheet, with input from ISO
  • Vacation Requests: Intern will submit a request by emailing both managers.  Upon email approval, the intern will record the time off in Caltime.

*Now collecting applications for Security Operations Internship - apply by EOB on Dec. 7*

Applicant Checklist

  1. Read about the internship below.
  2. Meet with your manager to seek support for applying for the internship.
  3. Submit an online application and email your resume to iso@berkeley.edu.
  4. If you have any questions about the program please contact Casey Hennig.

Benefits 

For staff, the internship is an opportunity for current Berkeley employees to develop a professional skill set in the information security domain and achieve breadth and depth of knowledge in the field. Interns will strengthen their career path potential, network with new colleagues, and contribute to the campus mission.

Specifically, staff will learn:

  • Security concepts and established campus procedures to ensure appropriate incident response

  • Security incident status and workflows

  • Research and analysis of security alerts 

  • Security configuration of campus IT systems

  • Incident response

For departments, interns will bring back knowledge of security practices and standards to the home department.


Departmental Overview

The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional Data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy Program Management, Service Management, Security Operations, Development and Engineering, and Security Assessments.

Responsibilities

The ISO teams are a close-knit group of talented information security professionals performing critical identity and access management and information security functions for the Campus. The Development and Engineering and Security Operations teams perform critical functions to promote the security of the campus network, including intrusion monitoring/detection, firewall management, vulnerability scanning, incident/breach response, and network registration. The Policy and Security Assessments teams deliver information security assessments and manage compliance activities, to assist campus units in meeting a variety of internal and regulatory data security obligations. 

This internship will be working directly with the Security Operations team. The Intern will contribute to the success of the campus Information Security program by supporting specific operational work, projects, and new initiatives within ISO. This work will vary with department needs.

 

Examples of potential responsibilities include:

Common problems solved by the employee:

  • Research and determine if aggressive network-based computer attacks are successful 

  • Review and estimate the likelihood and real-world impact of computer vulnerabilities

  • Deploy software and hardware-based monitoring systems

  Less frequent and more complex problems solved by the employee:

  • Work with outside consultants, lawyers, and law enforcement to collect and safeguard evidence that relates to UC Berkeley breaches and computer crimes 

  • Architect and build out security information and event management systems

  • Consolidates information from various technical teams and presents a high-level overview of possible impacts security events may have on the business process 

In addition, the Security Interns will be expected to complete an information security training course; either a general course or one focusing on a specific platform or specialty within information security.

Required Qualifications

The successful candidate will have a thorough knowledge of many of the following areas based on their role in their home department:

  • Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the infosec field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems / issues of diverse

  • Develops and maintains the security of data and systems as the primary responsibility of their position. 

  • Implements complex and / or moderate scale security controls to prevent unauthorized access or changes to department information, hardware, software and / or network infrastructure. Independently researches, analyzes and addresses attempted efforts to compromise security protocols. Advises their department on security prevention and best practices.

  • Applies, configures and manages complex security systems. Administers complex security configurations to control access to hardware, software and networks. Applies advanced encryption methods.

  • Basic skills at reading and interpreting system, web logs, and system health monitoring stats.

Work Hours and Conditions

Under a memorandum of understanding (MOU) between ISO and the home department, the Security Intern will maintain their current appointment, including job classification and salary. Additional conditions:

  • The internship will last between 4-6 months at 25-50% FTE (6 months at 50% is preferred but ISO is flexible based on operational needs of the home department)

  • Interns must obtain permission from their immediate supervisor and department manager

  • There must be a plan to cover workload in the home department during the internship

Work performed as part of the internship should be completed either onsite with ISO according to an established telecommuting agreement. Tasks specific to the internship should not be performed while working within the home department; however, the knowledge gained with the ISO teams enhances information security work within the home department.