Harbor is seeking a Security Analyst to join our internal IT Operations team. This role is responsible for strengthening Harbor’s security posture through proactive vulnerability management, third-party risk management (TPRM), and client-facing security assurance activities. The ideal candidate brings hands-on experience with vulnerability scanning tools (particularly Qualys), strong analytical skills, and the ability to communicate security practices effectively across internal and external stakeholders.

This is a fully remote position located in Canada or the Philippines and must align with United States working business hours (EST).

Key Responsibilities:

Vulnerability Management (Qualys-Focused)

• Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments
• Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams
• Track remediation progress and produce reporting dashboards and metrics for leadership
• Continuously improve vulnerability management processes, including SLAs, exception handling, and risk acceptance workflows

Third-Party Risk Management (TPRM)

• Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews
• Evaluate vendor security posture using standardized frameworks (e.g., SIG, CAIQ, or equivalent)
• Maintain vendor risk inventory and ensure alignment with internal security policies

Client Security Questionnaires & Assurance

• Own and respond to client security questionnaires, RFPs, and due diligence requests
• Collaborate with internal stakeholders to ensure accurate, consistent, and timely responses
• Maintain a centralized knowledge base of standard responses to improve efficiency and consistency
• Support audits and client security reviews as needed

Security Posture & Governance

• Review, update, and maintain security policies, standards, and procedures
• Identify gaps in current security controls and recommend improvements aligned with industry frameworks (e.g., SOC2, ISO 27001)
• Partner with IT and engineering teams to enhance overall security posture and maturity
• Stay current on emerging threats, vulnerabilities, and best practices

Incident Support & General Security Operations

• Assist in the investigation and response to security incidents and vulnerabilities
• Support internal security initiatives, including awareness, compliance, and risk reduction efforts
• Contribute to continuous improvement of security tooling and processes

Required Qualifications:

• 4+ years of experience in information security, cybersecurity, or a related field
• Hands-on experience with vulnerability management tools (preferably Qualys)
• Experience responding to client security questionnaires or audit requests
• Foundational understanding of network security concepts (firewalls, SIEM, IDS/IPS, endpoint protection)
• Familiarity with risk management principles, including third-party/vendor risk
• Familiarity with M365 Security Tools, Exchange Online Protection, Purview, a plus.

Preferred Qualifications

• Experience with TPRM programs or vendor risk platforms
• Knowledge of security frameworks (ISO 27001, SOC 2)
• Experience with remediation tracking and security metrics/reporting
• Familiarity with penetration testing concepts and vulnerability exploitation techniques

Education & Certifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)