Re: Job opening: UC Berkeley - Security Analyst IV - Application Security Testing (2 year appointment, 2 positions)

[Leon DuPree <duprleo () GMAIL COM>]

I had a question if anyone had any recommended specifications for IBM APP
Scan for Source code Analysis and Vulnerability Scan?
Example:
Server Type
Operating System
Ram
Capacity

Just wanted to know about Real world feedback in order to avoid some
pitfalls of not sizing or configuring properly :)


Leon DuPree
Eastern Michigan University
PhD Candidate IA


On Thu, Jun 21, 2012 at 8:09 PM, Kate Riley <ktriley () berkeley edu> wrote:
> Security Analyst IV - Application Security Testing
>
> Departmental Overview
>
> System and Network Security (SNS) is responsible for leading IT security
> for the UC Berkeley campus.  Responsibilities include evaluating,
> designing, implementing and maintaining security programs to enable
> departments to comply with campus policy, standards and best practices.
>  SNS coordinates with IT Policy, providing input on the development of
> campus policy, security exceptions, and incident response.  SNS provides
> campus leadership on IT security issues, including training and outreach
> initiatives.  SNS coordinates with peers across higher education
> institutions to share information and approaches to solve IT security
> challenges.
>
>
> Responsibilities
>
> The primary focus for this 2 year position is application security
> testing of key campus systems.  The testing process is based closely on
> industry standard approaches, delivering a pass/fail grade for tested
> applications, along with recommendations and  remediation guidance.  The
> testing process includes threat modeling, data flow diagramming, as well
> as hands-on testing.  As a member of System and Network Security you
> will be part of growing team of campus security professionals that
> operate and implement security services for the University of
> California, Berkeley.
>
>     Conduct regular in-depth vulnerability assessments at multiple
> layers for applications, including but not limited to web applications
>
>     Understand and analyze a wide variety of technologies used to
> implement critical campus systems
>
>     Correctly and quickly analyze, filter, and classify results from
> vulnerability scanners
>
>     Conduct risk based security code reviews, both static and dynamic
>
>     Accurately document system deficiencies and provide guidance for
> remediation
>
>     Communicate the complexities of application security with a wide
> variety of audience, ranging from senior management to programmers
>
>     Research and develop testing tools, techniques, and process
> improvements to advance the quality of the testing process itself
>
>     Manage the testing engagement schedule with application teams across
> campus, including multiple simultaneous engagements
>
>     Perform additional incidental IT security duties as assigned
>
>
> Required Qualifications
>
>     Demonstrable professional IT security experience, including
> experience conducting application security assessments
>     Experience identifying and explaining risks resulting from common
> web and application vulnerabilities (e.g. OWASP top 10)
>     Hands on experience as a application penetration tester
>     Experience working with vulnerability scanning tools (e.g. AppScan,
> Burp Suite Pro, WebInspect)
>     Knowledgeable in application security concepts, including
> application security frameworks and threat modeling methodologies
>     Familiarity with software development lifecycle best practices and
> approaches
>     Working experience in both Unix and Windows environment, Macintosh a
> plus
>
>
> Preferred Qualifications
>
>     Experience as a web application developer or similar relevant coding
> experience
>     Experience with Linux or Windows system administration
>     Experience with database administration, especially with Oracle, MS
> SQL Server, PostgreSQL and MySQL
>
>
> Salary & Benefits
>
> The salary range for the position of Security Analyst IV is $95580 -
> $116820 annually, depending on qualifications and experience.
>
> For information on the comprehensive benefits package offered by the
> University visit:
>
> http://atyourservice.ucop.edu/forms_pubs/misc/benefits_of_belonging.pdf
>
>
> How to Apply
>
> Please visit jobs.berkeley.edu and find job ID 14098, or visit:
>
>
> https://hrw-vip-prod.is.berkeley.edu/psp/JOBSPROD/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL?Page=HRS_CE_HM_PRE&Action=A&SiteId=1
>
> Submit your cover letter and resume as a single attachment when
> applying.  Applications must include a cover letter to be considered.
>
>
> Criminal Background Check
>
> This position has been designated as sensitive and may require a
> Criminal Background Check. We reserve the right to make employment
> contingent upon successful completion of a Criminal Background Check.
>
>
> Other Information
>
> This posting is for two full-time 2 year appointments, with the
> possibility of extension. The positions are located in downtown Berkeley
> within an easy walk to BART.
>
>
> Equal Employment Opportunity
>
> The University of California, Berkeley is an Equal
> Opportunity/Affirmative Action Employer


-- 
Leon DuPree


2 Timothy 2:15 Study to shew thyself approved unto God, a workman that
needeth not to be ashamed, rightly dividing the word of truth.