University of California, Berkeley
Information Security Operations Analyst (0661U), Berkeley IT - #82143
University of California, Berkeley, Berkeley, California, United States, 94709
Information Security Operations Analyst (0661U), Berkeley IT
Join to apply for the
Information Security Operations Analyst (0661U), Berkeley IT
role at
University of California, Berkeley
About Berkeley At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive. Our culture of openness, freedom and belonging makes it a special place for students, faculty and staff. As a world‑leading institution, Berkeley is known for its academic and research excellence, public mission, diverse student body, and commitment to equity and social justice. Since our founding in 1868, we have driven innovation, creating global intellectual, economic and social value.
We are looking for applicants who reflect California's diversity and want to be part of an inclusive, equity‑focused community that views education as a matter of social justice. Please consider whether your values align with our Guiding Values and Principles, Principles of Community, and Strategic Plan. At UC Berkeley, we believe that learning is a fundamental part of working, and provide space for supportive colleague communities via numerous employee resource groups (staff organizations). Our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our full‑time staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities.
Departmental Overview The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus‑wide efforts to adequately secure institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Operations team and reports to the Information Security Operations Supervisor.
Position Summary The Information Security Operations team is a close‑knit group of talented information security professionals performing critical information security functions for the institution, including monitoring for intrusion, vulnerability scanning, incident/breach response, asset registration, designing and building security systems to help reduce risk, and the management of systems in support of these functions both on‑premises and in multiple cloud environments.
This position supports the activities of the Security Operations team as a Security Analyst, including security log/alert review, incident handling, security consulting, and architecture review. The successful candidate should have sufficient knowledge and experience to analyze and respond to security incidents of moderate scope and complexity, design and build security systems, and deploy commercial security tools and integrate with existing production operations.
Application Review Date The First Review Date for this job is: 12/22/2025.
Responsibilities
Advise and recommend complex security controls that are broad in scope to prevent attackers from accessing critical information or jeopardizing the most sensitive systems both on‑premises and in multiple cloud environments.
Research and address attempted efforts to compromise endpoints using endpoint detection and remediation agents.
Identify, develop, implement, and maintain complex campus‑wide, and in multiple cloud environments, systems for the detection and identification of malicious activity using both intrusion detection and intrusion prevention systems.
Research and analyze security alerts which may indicate efforts to compromise campus IT resources, and elevate alerts requiring further review where appropriate.
Designs and maintains highly complex security systems. Responsible for administering highly complex security policies and configurations to control access to hardware, software and networks. Applies and recommends highly advanced encryption methods.
Identify, develop, and implement complex systems for the detection and identification of malicious activity both on‑premises and in multiple cloud environments.
Track and monitor incoming security incidents, applying security concepts and established campus procedures to ensure an appropriate incident response.
Advise and provide leadership to campus IT personnel responding to security incidents on appropriate procedures and aid in the execution of incident response plans.
Directs forensic activity and produces reports in response to highly complex or broad‑scale security incidents in accordance with the campus or Office of the President policy. May lead a team of IT security professionals. Applies advanced IT security concepts, governmental regulations, departmental and campus, or Office of the President policies and procedures to provide input to, define or revise incident response processes.
Monitor security incident status and workflows, escalating unusual or problematic incidents to senior analysts for review and further action.
Advise members of the campus community with general questions or concerns about the security configuration of campus IT systems.
Triage security incidents and support tickets on a periodic analyst rotation.
Engages in continuous professional development and training and other duties as assigned.
Required Qualifications
Minimum of 5 years of general IT knowledge and experience, including support, troubleshooting, and security best practices for a variety of desktop/server operating systems and software.
Excellent written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences.
Strong interpersonal skills in order to work with both technical and non‑technical personnel at various levels in the organization.
Ability to serve as a lead for less experienced professionals on campus.
Advanced knowledge of key information security concepts, functions, and general best practices.
Seeks to understand different perspectives and cultures.
Contributes to a work climate where differences are valued and supported.
Bachelor's degree in related area and/or equivalent experience/training.
Preferred Qualifications
At least 3 years of experience as a Security Operations Analyst, utilizing network forensics and hands‑on experience with Network IDS/firewall log analysis, Endpoint Detection and Response (EDR), SIEM, vulnerability scanning, Cloud Security Posture Management, or incident handling/response.
Strong technologist with a pragmatic view and creative mind, and a natural collaborator with architects, engineers, developers, application owners, and service providers.
Experience serving as technical lead for engaging communities on information security issues in both on‑premises and cloud environments.
Ability to quickly learn and work within the UC Berkeley campus and system‑wide (Office of the President) security policies and standards.
Proficiency in working as part of a collaborative, cross‑functional, modern security team.
Demonstrated ability to assume independent and team‑based responsibilities.
Advanced knowledge of Intrusion Detection, Firewall, Host, and Network Forensics.
Experience in technologies such as SaaS, IaaS, PaaS, and other cloud environments.
Knowledge of Incident Handling Policies and Procedures.
Experience in the design and development of security architectures for cloud‑native and hybrid cloud‑based systems.
Ability to develop technical solutions to help mitigate observed security gaps and vulnerabilities.
Experience applying controls in alignment with acknowledged security frameworks (i.e. NIST, CIS, CSA, MITRE ATT&CK).
Salary & Benefits For information on the comprehensive benefits package offered by the University, please visit the University of California's Compensation & Benefits website.
Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience.
The budgeted annual salary range that the University reasonably expects to pay for this position is $112,400.00 - $163,200.00.
This is a full‑time (40 hours/week), career position that is eligible for UC Benefits.
This is an exempt monthly‑paid position.
How To Apply
To apply, please submit your resume and cover letter.
Other Information
This is not a visa opportunity.
This position is eligible for up to % hybrid work. Exact arrangements are determined in partnership with your supervisor to meet role responsibilities and department needs, and are subject to change.
Conviction History Background This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Misconduct SB 791 and AB 810 Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.
Equal Employment Opportunity The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.
Seniority level
Not Applicable
Employment type
Full‑time
Job function
Information Technology
Industries
Higher Education
Referral Source info This job is part of the Employee Referral Program. If a UC Berkeley employee is referring you, please ensure you select the
Referral Source
of "UCB Employee". Then enter the
Employee's Name
and
Berkeley E‑mail
address in the
Specific Referral Source
field. Please enter only one name and email.
#J-18808-Ljbffr
Information Security Operations Analyst (0661U), Berkeley IT
role at
University of California, Berkeley
About Berkeley At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive. Our culture of openness, freedom and belonging makes it a special place for students, faculty and staff. As a world‑leading institution, Berkeley is known for its academic and research excellence, public mission, diverse student body, and commitment to equity and social justice. Since our founding in 1868, we have driven innovation, creating global intellectual, economic and social value.
We are looking for applicants who reflect California's diversity and want to be part of an inclusive, equity‑focused community that views education as a matter of social justice. Please consider whether your values align with our Guiding Values and Principles, Principles of Community, and Strategic Plan. At UC Berkeley, we believe that learning is a fundamental part of working, and provide space for supportive colleague communities via numerous employee resource groups (staff organizations). Our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our full‑time staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities.
Departmental Overview The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus‑wide efforts to adequately secure institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Operations team and reports to the Information Security Operations Supervisor.
Position Summary The Information Security Operations team is a close‑knit group of talented information security professionals performing critical information security functions for the institution, including monitoring for intrusion, vulnerability scanning, incident/breach response, asset registration, designing and building security systems to help reduce risk, and the management of systems in support of these functions both on‑premises and in multiple cloud environments.
This position supports the activities of the Security Operations team as a Security Analyst, including security log/alert review, incident handling, security consulting, and architecture review. The successful candidate should have sufficient knowledge and experience to analyze and respond to security incidents of moderate scope and complexity, design and build security systems, and deploy commercial security tools and integrate with existing production operations.
Application Review Date The First Review Date for this job is: 12/22/2025.
Responsibilities
Advise and recommend complex security controls that are broad in scope to prevent attackers from accessing critical information or jeopardizing the most sensitive systems both on‑premises and in multiple cloud environments.
Research and address attempted efforts to compromise endpoints using endpoint detection and remediation agents.
Identify, develop, implement, and maintain complex campus‑wide, and in multiple cloud environments, systems for the detection and identification of malicious activity using both intrusion detection and intrusion prevention systems.
Research and analyze security alerts which may indicate efforts to compromise campus IT resources, and elevate alerts requiring further review where appropriate.
Designs and maintains highly complex security systems. Responsible for administering highly complex security policies and configurations to control access to hardware, software and networks. Applies and recommends highly advanced encryption methods.
Identify, develop, and implement complex systems for the detection and identification of malicious activity both on‑premises and in multiple cloud environments.
Track and monitor incoming security incidents, applying security concepts and established campus procedures to ensure an appropriate incident response.
Advise and provide leadership to campus IT personnel responding to security incidents on appropriate procedures and aid in the execution of incident response plans.
Directs forensic activity and produces reports in response to highly complex or broad‑scale security incidents in accordance with the campus or Office of the President policy. May lead a team of IT security professionals. Applies advanced IT security concepts, governmental regulations, departmental and campus, or Office of the President policies and procedures to provide input to, define or revise incident response processes.
Monitor security incident status and workflows, escalating unusual or problematic incidents to senior analysts for review and further action.
Advise members of the campus community with general questions or concerns about the security configuration of campus IT systems.
Triage security incidents and support tickets on a periodic analyst rotation.
Engages in continuous professional development and training and other duties as assigned.
Required Qualifications
Minimum of 5 years of general IT knowledge and experience, including support, troubleshooting, and security best practices for a variety of desktop/server operating systems and software.
Excellent written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences.
Strong interpersonal skills in order to work with both technical and non‑technical personnel at various levels in the organization.
Ability to serve as a lead for less experienced professionals on campus.
Advanced knowledge of key information security concepts, functions, and general best practices.
Seeks to understand different perspectives and cultures.
Contributes to a work climate where differences are valued and supported.
Bachelor's degree in related area and/or equivalent experience/training.
Preferred Qualifications
At least 3 years of experience as a Security Operations Analyst, utilizing network forensics and hands‑on experience with Network IDS/firewall log analysis, Endpoint Detection and Response (EDR), SIEM, vulnerability scanning, Cloud Security Posture Management, or incident handling/response.
Strong technologist with a pragmatic view and creative mind, and a natural collaborator with architects, engineers, developers, application owners, and service providers.
Experience serving as technical lead for engaging communities on information security issues in both on‑premises and cloud environments.
Ability to quickly learn and work within the UC Berkeley campus and system‑wide (Office of the President) security policies and standards.
Proficiency in working as part of a collaborative, cross‑functional, modern security team.
Demonstrated ability to assume independent and team‑based responsibilities.
Advanced knowledge of Intrusion Detection, Firewall, Host, and Network Forensics.
Experience in technologies such as SaaS, IaaS, PaaS, and other cloud environments.
Knowledge of Incident Handling Policies and Procedures.
Experience in the design and development of security architectures for cloud‑native and hybrid cloud‑based systems.
Ability to develop technical solutions to help mitigate observed security gaps and vulnerabilities.
Experience applying controls in alignment with acknowledged security frameworks (i.e. NIST, CIS, CSA, MITRE ATT&CK).
Salary & Benefits For information on the comprehensive benefits package offered by the University, please visit the University of California's Compensation & Benefits website.
Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience.
The budgeted annual salary range that the University reasonably expects to pay for this position is $112,400.00 - $163,200.00.
This is a full‑time (40 hours/week), career position that is eligible for UC Benefits.
This is an exempt monthly‑paid position.
How To Apply
To apply, please submit your resume and cover letter.
Other Information
This is not a visa opportunity.
This position is eligible for up to % hybrid work. Exact arrangements are determined in partnership with your supervisor to meet role responsibilities and department needs, and are subject to change.
Conviction History Background This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Misconduct SB 791 and AB 810 Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.
Equal Employment Opportunity The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.
Seniority level
Not Applicable
Employment type
Full‑time
Job function
Information Technology
Industries
Higher Education
Referral Source info This job is part of the Employee Referral Program. If a UC Berkeley employee is referring you, please ensure you select the
Referral Source
of "UCB Employee". Then enter the
Employee's Name
and
Berkeley E‑mail
address in the
Specific Referral Source
field. Please enter only one name and email.
#J-18808-Ljbffr