Information Security Operations Analyst (0661U), Berkeley IT - #82143

At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.

As a world-leading institution, Berkeley is known for its academic and research excellence, public mission, diverse student body, and commitment to equity and social justice. Since our founding in 1868, we have driven innovation, creating global intellectual, economic and social value.

We are looking for applicants who reflect California's diversity and want to be part of an inclusive, equity-focused community that views education as a matter of social justice. Please consider whether your values align with our Guiding Values and Principles, Principles of Community, and Strategic Plan.

At UC Berkeley, we believe that learning is a fundamental part of working, and provide space for supportive colleague communities via numerous employee resource groups (staff organizations). Our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our full-time staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities. Find out more about how you can grow your career at UC Berkeley.

Departmental Overview

The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Operations team and reports to the Information Security Operations Supervisor.

Position Summary

The Information Security Operations team is a close-knit group of talented information security professionals performing critical information security functions for the institution, including monitoring for intrusion, vulnerability scanning, incident/breach response, asset registration, designing and building security systems to help reduce risk, and the management of systems in support of these functions both on-premises and in multiple cloud environments.

This position supports the activities of the Security Operations team as a Security Analyst, including security log/alert review, incident handling, security consulting, and architecture review. The successful candidate should have sufficient knowledge and experience to analyze and respond to security incidents of moderate scope and complexity, design and build security systems, and deploy commercial security tools and integrate with existing production operations.

Application Review Date

The First Review Date for this job is: 12/22/2025.

Responsibilities

The successful candidate will implement highly complex and broad-scale security controls to detect and prevent unauthorized access or changes to campus hardware, software, and network infrastructure utilizing tools such as firewalls, network TAPs, intrusion detection/prevention systems (IDS/IPS), Endpoint Detection and Remediation (EDR) agents, and Security Information and Event Management (SIEM) systems. These services provide security to all of UCB computers, networks, users, and information both on campus in the cloud and for remote workers. Responsible for providing research, analysis and solutions to address attempted efforts to compromise security protocols. Proactively addresses the negative impact on the campus caused by theft, destruction, alteration or denial of access of information. Advises the campus community on security prevention, best practices and secure software.

• Advise and recommend complex security controls that are broad in scope to prevent attackers from accessing critical information or jeopardizing the most sensitive systems both on-premises and in multiple cloud environments.
• Research and address attempted efforts to compromise endpoints using endpoint detection and remediation agents.
• Identify, develop, implement, and maintain complex campus-wide, and in multiple cloud environments, systems for the detection and identification of malicious activity using both intrusion detection and intrusion prevention systems.
• Research and analyze security alerts which may indicate efforts to compromise campus IT resources, and escalate alerts requiring further review where appropriate.

Designs and maintains highly complex security systems. Responsible for administering highly complex security policies and configurations to control access to hardware, software and networks. Applies and recommends highly advanced encryption methods.

• Identify, develop, and implement complex systems for the detection and identification of malicious activity both on-premises and in multiple cloud environments.
• Track and monitor incoming security incidents, applying security concepts and established campus procedures to ensure an appropriate incident response
• Advise and provide leadership to campus IT personnel responding to security incidents on appropriate procedures and aid in the execution of incident response plans.

Directs forensic activity and produces reports in response to highly complex or broad-scale security incidents in accordance with the campus or Office of the President policy. May lead a team of IT security professionals. Applies advanced IT security concepts, governmental regulations, departmental and campus, or Office of the President policies and procedures to provide input to, define or revise incident response processes.

• Monitor security incident status and workflows, escalating unusual or problematic incidents to senior analysts for review and further action
• Advise members of the campus community with general questions or concerns about the security configuration of campus IT systems

Triage security incidents and support tickets on a periodic analyst rotation.

Engages in continuous professional development and training and other duties as assigned.

Required Qualifications

• Minimum of 5 years of general IT knowledge and experience, including support, troubleshooting, and security best practices for a variety of desktop/server operating systems and software.
• Excellent written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences.
• Strong interpersonal skills in order to work with both technical and non-technical personnel at various levels in the organization.
• Ability to serve as a lead for less experienced professionals on campus.
• Advanced knowledge of key information security concepts, functions, and general best practices.
• Seeks to understand different perspectives and cultures.
• Contributes to a work climate where differences are valued and supported.
• Bachelor's degree in related area and/or equivalent experience/training.

Preferred Qualifications

• At least 3 years of experience as a Security Operations Analyst, utilizing network forensics and hands-on experience with Network IDS/firewall log analysis, Endpoint Detection and Response (EDR), SIEM, vulnerability scanning, Cloud Security Posture Management, or incident handling/response.
• Strong technologist with a pragmatic view and creative mind, and a natural collaborator with architects, engineers, developers, application owners, and service providers.
• Experience serving as technical lead for engaging communities on information security issues in both on-premises and cloud environments.
• Ability to quickly learn and work within the UC Berkeley campus and system-wide (Office of the President) security policies and standards.
• Proficiency in working as part of a collaborative, cross-functional, modern security team.
• Demonstrated ability to assume independent and team-based responsibilities.
• Advanced knowledge of Intrusion Detection, Firewall, Host, and Network Forensics.
• Experience in technologies such as SaaS, IaaS, PaaS, and other cloud environments:
• Knowledge of Incident Handling Policies and Procedures.
• Experience in the design and development of security architectures for cloud-native and hybrid cloud-based systems
• Ability to develop technical solutions to help mitigate observed security gaps and vulnerabilities
• Experience applying controls in alignment with acknowledged security frameworks (i.e. NIST, CIS, CSA, MITRE ATT&CK.

Salary & Benefits

For information on the comprehensive benefits package offered by the University, please visit the University of California's Compensation & Benefits website.

Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience.

The budgeted annual salary range that the University reasonably expects to pay for this position is $112,400.00 - $163,200.00.

• This is a full-time (40 hours/week), career position that is eligible for UC Benefits.
• This is an exempt monthly-paid position.

How to Apply

• To apply, please submit your resume and cover letter.

Other Information

• This is not a visa opportunity.
• This position is eligible for up to % hybrid work. Exact arrangements are determined in partnership with your supervisor to meet role responsibilities and department needs, and are subject to change.

Conviction History Background

This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.

Misconduct

SB 791 and AB 810 Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

"Misconduct" means any violation of the policies or laws governing conduct at the applicant's previous place of employment, including, but not limited to, violations of policies or laws prohibiting sexual harassment, sexual assault, or other forms of harassment, discrimination, dishonesty, or unethical conduct, as defined by the employer. For reference, below are UC's policies addressing some forms of misconduct:

UC Sexual Violence and Sexual Harassment Policy

UC Anti-Discrimination Policy

Abusive Conduct in the Workplace

Equal Employment Opportunity

The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.

This job is part of the Employee Referral Program. If a UC Berkeley employee is referring you, please ensure you select the Referral Source of "UCB Employee". Then enter the Employee's Name and Berkeley E-mail address in the Specific Referral Source field. Please enter only one name and email.