• Support the ongoing operation of the ISO 27001-aligned Information Security Management System (ISMS), including evidence collection, control implementation, and audit readiness. • Work with DevOps and cloud teams to implement and monitor security controls across AWS infrastructure and services (e.g., EC2, IAM, S3, RDS). • Manage and operationalise vulnerability management using tools like Tenable, AWS Inspector, and Snyk: schedule scans, triage findings, and track remediation efforts. • Administer and ensure compliance of endpoints using Jamf (macOS) and Microsoft Intune (Windows). • Monitor alerts and findings from AWS-native tools (e.g., GuardDuty, Security Hub) and assist in coordinating incident response activities. • Produce and maintain management reports and dashboards detailing: • Vulnerability status and trends • ISMS control effectiveness • Endpoint security compliance • Audit readiness and risk treatment status. • Support maintenance of ISMS documentation, including SoA, risk assessments, corrective actions, and control mapping. • Participate in internal and external audits by preparing evidence and delivering technical walkthroughs. • Support policy implementation, training activities, and DevOps-aligned security processes. • Prepare the organisation for also achieving SOC 2 certification. • Specify and implement security and compliance protocols for Alchemy SaaS products. • Begin to identify and work with tooling and partners to initiate the creation of a hybrid external/internal SOC. • Contribute to incident response testing and post-incident reviews when applicable.

• Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments • Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams • Track remediation progress and produce reporting dashboards and metrics for leadership • Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews • Own and respond to client security questionnaires, RFPs, and due diligence requests • Contribute to continuous improvement of security tooling and processes

Harbor is seeking a Security Analyst to join our internal IT Operations team. This role is responsible for strengthening Harbor’s security posture through proactive vulnerability management, third-party risk management (TPRM), and client-facing security assurance activities. The ideal candidate brings hands-on experience with vulnerability scanning tools (particularly Qualys), strong analytical skills, and the ability to communicate security practices effectively across internal and external stakeholders. This is a fully remote position located in Canada or the Philippines and must align with United States working business hours (EST). Key Responsibilities: Vulnerability Management (Qualys-Focused) - Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments - Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams - Track remediation progress and produce reporting dashboards and metrics for leadership - Continuously improve vulnerability management processes, including SLAs, exception handling, and risk acceptance workflows Third-Party Risk Management (TPRM) - Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews - Evaluate vendor security posture using standardized frameworks (e.g., SIG, CAIQ, or equivalent) - Maintain vendor risk inventory and ensure alignment with internal security policies Client Security Questionnaires & Assurance - Own and respond to client security questionnaires, RFPs, and due diligence requests - Collaborate with internal stakeholders to ensure accurate, consistent, and timely responses - Maintain a centralized knowledge base of standard responses to improve efficiency and consistency - Support audits and client security reviews as needed Security Posture & Governance - Review, update, and maintain security policies, standards, and procedures - Identify gaps in current security controls and recommend improvements aligned with industry frameworks (e.g., SOC2, ISO 27001) - Partner with IT and engineering teams to enhance overall security posture and maturity - Stay current on emerging threats, vulnerabilities, and best practices Incident Support & General Security Operations - Assist in the investigation and response to security incidents and vulnerabilities - Support internal security initiatives, including awareness, compliance, and risk reduction efforts - Contribute to continuous improvement of security tooling and processes Required Qualifications: - 4+ years of experience in information security, cybersecurity, or a related field - Hands-on experience with vulnerability management tools (preferably Qualys) - Experience responding to client security questionnaires or audit requests - Foundational understanding of network security concepts (firewalls, SIEM, IDS/IPS, endpoint protection) - Familiarity with risk management principles, including third-party/vendor risk - Familiarity with M365 Security Tools, Exchange Online Protection, Purview, a plus. Preferred Qualifications - Experience with TPRM programs or vendor risk platforms - Knowledge of security frameworks (ISO 27001, SOC 2) - Experience with remediation tracking and security metrics/reporting - Familiarity with penetration testing concepts and vulnerability exploitation techniques Education & Certifications - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience) About Us: Harbor is the preeminent provider of expert services across strategy, legal technology, operations, and intelligence. Our globally integrated team of 800+ strategists, technologists, and specialists navigate alongside our clients – leading law firms, corporations, and their law departments – to provide essential resources and invaluable insights. Anchored in a rich heritage of deep knowledge, steadfast relationships, and mutual respect, our unwavering dedication lies in shaping the future of the legal industry and fostering enduring partnerships within our community and ecosystem. Harbor is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, marital status, civil union status, national origin, ancestry, age, parental status, disabled status, veteran status, or any other legally protected classification, in accordance with applicable law.

Role Description - Configure, troubleshoot, and maintain security infrastructure. - Respond to security alerts through investigation, documentation, and taking action as needed. - Provide audit support through evidence collection and implementing security controls. - Perform security assessments to support risk assessment and management activities. - Identify opportunities to improve security infrastructure and configurations. - Work cross-functionally with other teams on security initiatives. Qualifications - Strong interpersonal skills to collaborate inside and outside the team. - Strong willingness to learn, incorporate constructive feedback, and consistently improve technical skills. - Basic experience with security tooling, such as antivirus, remote access solutions, and MDM. - Basic experience with Linux and Windows environments. - Basic experience with Cloud platforms (AWS, Azure, GCP, etc.). - Basic experience with modern identity providers such as Azure AD or Google Workplace. - Familiarity with DevOps related concepts is a plus (CI/CD, GitOps, etc.). Company Description Level Data is a leader in K-12 education data solutions, offering innovative data management and integration services that empower schools to streamline operations, enhance student performance, and maintain accurate, real-time data. Our tools help educational institutions simplify data quality, reporting, and compliance - allowing educators to focus on what matters most: student success. Level Data is a fast-growing, software-as-a-service company.