What are the responsibilities and job description for the Vulnerability, Threat and Exposure Management Engineer (68133BR) position at Harvard University?
Position Description
Harvard University Information Technology (HUIT) is a community of Information Technology professionals committed to delivering service and technological solutions in support of teaching, learning, research and administration. We are recruiting an IT workforce that has both breadth in their ability to collaborate and innovate across disciplines – and depth in specific areas of expertise. HUIT offers opportunities for IT professionals to learn and work in a unique technology landscape and service-focused environment. If you are a technically proficient, nimble, user-focused, and accountable IT professional who also connects with the importance of collaborating well in a team environment, we are looking for you!
This is a fully benefitted, full-time Harvard University position that has been funded through December 31, 2026. There is the possibility of renewal, contingent on funding and department & university priorities .
Harvard’s Information Security and Data Privacy (ISDP) team is a prominent office with university-wide purview and an important purpose: to safeguard the systems and data that propel Harvard’s noble mission and to bolster the university’s trustworthiness as a steward of personal information. We’re passionate about privacy and security, and our work is meaningful, impactful, and deeply rewarding.
In ISDP, team health comes first. We cultivate a culture of openness, positivity, growth, and trust. We even have a Chief Fun Officer role to arrange our team activities! Ours is a collegial environment where we support one another and where we encourage taking risks in the name of progress.
Lead comprehensive collaboration, design, development, and implementation of enterprise-wide vulnerability and threat exposure management strategies. Oversee the creation and execution of robust security architectures, solutions, and policies to proactively identify, assess, and mitigate cyber threats across the organization's attack surface.
Want to be part of something new? At Harvard, we’re taking the novel approach of fully integrating data privacy and information security into a single program that we’re calling “PrivSec.” By combining the two, these complementary pursuits can act in concert and on equal footing, where the whole is greater than the sum of its parts. Our PrivSec journey is just beginning, with strong potential for creating a new standard to be emulated elsewhere.
Typical Core Duties:
The following Additional Qualifications are strongly preferred. If you meet some, but not all, you are still encouraged to apply; we value employees with a willingness to learn:
Please provide a cover letter with your application.
Please note:
Harvard University welcomes individuals with disabilities to apply for positions and participate in its programs and activities. If you would like to request an accommodation or have questions about the physical access provided, please contact our University Disability Resources Department.
Work Format Details
This position is Hybrid (partially onsite/partially remote) with the possibility of fully remote.
About Us
More About HUIT:
Our Mission: huit.harvard.edu/about
We empower the Harvard community with essential and transformative technologies to advance education, knowledge, and discovery.
HUIT’s core values are:
HUIT’s IT Academy aims to enable each IT staff person to grow professionally and become a trusted partner to her or his team. The IT Academy is built on the belief that every IT staff member across the University (including technology employees at each school and campus) can grow in her or his area of expertise as well as building strong people and project management skills. Learn more here: https://itacademy.harvard.edu/
Benefits
We invite you to visit Harvard's Total Rewards website ( https://hr.harvard.edu/totalrewards ) to learn more about our outstanding benefits package, which may include:
Information Technology
Department Office Location
USA - MA - Cambridge
Job Code
I0459P IT Info Security Professnl V
Work Format
Hybrid (partially on-site, partially remote)
Sub-Unit
Salary Grade
059
Department
ISDP
Union
00 - Non Union, Exempt or Temporary
Time Status
Full-time
Pre-Employment Screening
Identity
Commitment to Equity, Inclusion, and Belonging
Harvard University views equity, inclusion, and belonging as the pathway to achieving inclusive excellence and fostering a campus culture where everyone can thrive. We strive to create a community that draws upon the widest possible pool of talent to unify this excellence while fully embracing individuals from varied backgrounds, cultures, races, identities, life experiences, perspectives, beliefs, and values.
EEO Statement
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.
LinkedIn Recruiter Tag (for internal use only)
Harvard University Information Technology (HUIT) is a community of Information Technology professionals committed to delivering service and technological solutions in support of teaching, learning, research and administration. We are recruiting an IT workforce that has both breadth in their ability to collaborate and innovate across disciplines – and depth in specific areas of expertise. HUIT offers opportunities for IT professionals to learn and work in a unique technology landscape and service-focused environment. If you are a technically proficient, nimble, user-focused, and accountable IT professional who also connects with the importance of collaborating well in a team environment, we are looking for you!
This is a fully benefitted, full-time Harvard University position that has been funded through December 31, 2026. There is the possibility of renewal, contingent on funding and department & university priorities .
Harvard’s Information Security and Data Privacy (ISDP) team is a prominent office with university-wide purview and an important purpose: to safeguard the systems and data that propel Harvard’s noble mission and to bolster the university’s trustworthiness as a steward of personal information. We’re passionate about privacy and security, and our work is meaningful, impactful, and deeply rewarding.
In ISDP, team health comes first. We cultivate a culture of openness, positivity, growth, and trust. We even have a Chief Fun Officer role to arrange our team activities! Ours is a collegial environment where we support one another and where we encourage taking risks in the name of progress.
Lead comprehensive collaboration, design, development, and implementation of enterprise-wide vulnerability and threat exposure management strategies. Oversee the creation and execution of robust security architectures, solutions, and policies to proactively identify, assess, and mitigate cyber threats across the organization's attack surface.
Want to be part of something new? At Harvard, we’re taking the novel approach of fully integrating data privacy and information security into a single program that we’re calling “PrivSec.” By combining the two, these complementary pursuits can act in concert and on equal footing, where the whole is greater than the sum of its parts. Our PrivSec journey is just beginning, with strong potential for creating a new standard to be emulated elsewhere.
Typical Core Duties:
- Serve as a vulnerability management and exposure management expert, guiding project teams in compliance with enterprise IT security policies, regulations, and recommending strategic solutions for continuous security posture improvement.
- Implement and oversee vulnerability scanning, threat intelligence integration, and risk prioritization processes to enhance the organization's security stance.
- Research, design, and advocate for new technologies, architectures, and procedures that support proactive threat exposure management and align with Harvard's mission.
- Ensure accurate and timely vulnerability metrics and reporting; prepare specialized threat exposure analyses and ad hoc reports.
- Act as a trusted advisor to clients/staff on matters of vulnerability management and continuous threat exposure.
- Abide by and follow the Harvard University IT Code of Conduct.
- Minimum of seven years’ post-secondary education or relevant work experience
The following Additional Qualifications are strongly preferred. If you meet some, but not all, you are still encouraged to apply; we value employees with a willingness to learn:
- Proficiency in vulnerability scanning tools, threat intelligence platforms, and risk assessment methodologies.
- In-depth knowledge of CVSS scoring systems and ability to prioritize vulnerabilities based on organizational risk.
- Strong understanding of attack surface management and continuous monitoring techniques.
- Demonstrated experience with vulnerability management systems and data query tools.
- Familiarity with diverse areas of potential exposure, including but not limited to: application source code security, operational technology (OT) environments, container security, and cloud security posture. management (CSPM). While comprehensive expertise across all domains is rare, a strong understanding of at least two areas and willingness to learn and adapt to others is highly desirable.
- Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred
- IT Security Certifications required; e.g., CISSP, CISA/CISM, CEH, or GIAC certifications
- Additional certifications in vulnerability management or threat intelligence preferred
- Work is performed in an office setting
Please provide a cover letter with your application.
Please note:
- Harvard University requires pre-employment reference and background screening.
- We are unable to provide work authorization and/or visa sponsorship.
- This position has a 180-day orientation and review period.
Harvard University welcomes individuals with disabilities to apply for positions and participate in its programs and activities. If you would like to request an accommodation or have questions about the physical access provided, please contact our University Disability Resources Department.
Work Format Details
This position is Hybrid (partially onsite/partially remote) with the possibility of fully remote.
- Fully remote is for work locations over 150 miles from campus and within an approved Harvard registered payroll state. All remote work must be completed in a registered state, which includes Massachusetts, Connecticut, Maine, New Hampshire, Rhode Island, Vermont, Georgia, Illinois, Maryland, New Jersey, New York, Virginia, Washington, and California (CA for exempt positions only) Harvard registered payroll state . Certain visa types and funding sources may limit work location. Individuals must meet work location sponsorship requirements prior to employment.
About Us
More About HUIT:
Our Mission: huit.harvard.edu/about
We empower the Harvard community with essential and transformative technologies to advance education, knowledge, and discovery.
HUIT’s core values are:
- Human-centered
- University-focused
- Innovation-driven
- Team-oriented
HUIT’s IT Academy aims to enable each IT staff person to grow professionally and become a trusted partner to her or his team. The IT Academy is built on the belief that every IT staff member across the University (including technology employees at each school and campus) can grow in her or his area of expertise as well as building strong people and project management skills. Learn more here: https://itacademy.harvard.edu/
Benefits
We invite you to visit Harvard's Total Rewards website ( https://hr.harvard.edu/totalrewards ) to learn more about our outstanding benefits package, which may include:
- Paid Time Off: 3-4 weeks of accrued vacation time per year (3 weeks for support staff and 4 weeks for administrative/professional staff), 12 accrued sick days per year, 12.5 holidays plus a Winter Recess in December/January, 3 personal days per year (prorated based on date of hire), and up to 12 weeks of paid leave for new parents who are primary care givers.
- Health and Welfare: Comprehensive medical, dental, and vision benefits, disability and life insurance programs, along with voluntary benefits. Most coverage begins as of your start date.
- Work/Life and Wellness: Child and elder/adult care resources including on campus childcare centers, Employee Assistance Program, and wellness programs related to stress management, nutrition, meditation, and more.
- Retirement: University-funded retirement plan with contributions from 5% to 15% of eligible compensation, based on age and earnings with full vesting after 3 years of service.
- Tuition Assistance Program: Competitive program including $40 per class at the Harvard Extension School and reduced tuition through other participating Harvard graduate schools.
- Tuition Reimbursement: Program that provides 75% to 90% reimbursement up to $5,250 per calendar year for eligible courses taken at other accredited institutions.
- Professional Development: Programs and classes at little or no cost, including through the Harvard Center for Workplace Development and LinkedIn Learning.
- Commuting and Transportation: Various commuter options handled through the Parking Office, including discounted parking, half-priced public transportation passes and pre-tax transit passes, biking benefits, and more.
- Harvard Facilities Access, Discounts and Perks: Access to Harvard athletic and fitness facilities, libraries, campus events, credit union, and more, as well as discounts to various types of services (legal, financial, etc.) and cultural and leisure activities throughout metro-Boston.
Information Technology
Department Office Location
USA - MA - Cambridge
Job Code
I0459P IT Info Security Professnl V
Work Format
Hybrid (partially on-site, partially remote)
Sub-Unit
Salary Grade
059
Department
ISDP
Union
00 - Non Union, Exempt or Temporary
Time Status
Full-time
Pre-Employment Screening
Identity
Commitment to Equity, Inclusion, and Belonging
Harvard University views equity, inclusion, and belonging as the pathway to achieving inclusive excellence and fostering a campus culture where everyone can thrive. We strive to create a community that draws upon the widest possible pool of talent to unify this excellence while fully embracing individuals from varied backgrounds, cultures, races, identities, life experiences, perspectives, beliefs, and values.
EEO Statement
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.
LinkedIn Recruiter Tag (for internal use only)
Salary : $5,250