ABOUT RENTSYNC::

Rentsync is a fast-growing company offering robust software solutions for the multifamily-housing industry. Our platforms—Rentsync, Rentals.ca Network, and more—help property-management companies streamline operations, improve tenant experience, and reach residents across Canada.

ESSENTIAL SKILLS & QUALIFICATIONS::

• 2-4 years of experience with hands-on exposure to security operations or GRC
• Practical SIEM experience: building detections/queries, investigations, dashboards, and tuning false positives.
• Experience administering EDR/application control (e.g., SentinelOne, ThreatLocker) and interpreting telemetry.
• Working knowledge of vulnerability management workflows and common tooling; ability to translate findings into developer-friendly guidance.
• Understanding of secure application practices (e.g., OWASP Top 10, dependency and secrets management).
• Familiarity with SOC 2 and PCI concepts, plus privacy obligations under PIPEDA and Quebec Law 25.
• Comfort with cloud (AWS/GCP), Linux fundamentals, networking basics, and scripting (Python/Bash/PowerShell) to automate tasks.
• Excellent written and verbal communication; able to influence without authority and collaborate across teams.

ADDITIONAL PREFERRED QUALIFICATIONS::

• Certifications: Security+, CySA+, SSCP, GSEC, CCSK/CC, CISA, or similar.
• Experience with Elastic/Splunk/Chronicle/Sentinel SIEMs; Sigma/KQL/ES-DSL/SPL rule writing.
• Exposure to Tenable/Nessus or Greenbone (OpenVAS), OWASP ZAP/Semgrep, SCA/SBOM tooling.
• Knowledge of frameworks/standards: NIST CSF, ISO 27001/27002, CIS Controls, GDPR.
• Experience in pentesting web applications with awareness of common risks (e.g., OWASP Top 10).

ABOUT THE ROLE::

We’re looking for a GRC & Cybersecurity Analyst who can operate across security operations, application security, and compliance. You’ll engineer SIEM content, investigate threats end-to-end, harden endpoints and applications, and drive continuous compliance (SOC 2, PCI, and privacy). You’ll partner with engineering, product, data, and vendors to reduce risk while enabling the business.
You’ll report to the Manager of IT & Cybersecurity and collaborate across the organization with engineering, product, IT, and HR teams.

RESPONSIBILITIES::

Security Operations & Engineering• Build, tune, and maintain SIEM detections and dashboards; integrate log sources, normalize data, and manage the rule lifecycle to reduce noise and increase signal.

• Continuously monitor alerts and perform triage, escalation, and case management with clear documentation.
• Lead end-to-end investigations: scope, containment, eradication, recovery, root-cause analysis, and lessons learned with action tracking.
• Administer and harden endpoint and application control tools (e.g., SentinelOne, ThreatLocker), identity/access policies, and related security configurations.
• Run vulnerability intake and initial triage across infrastructure and applications; prioritize risk; advise engineering on remediation and compensating controls.
• Improve application security: advocate for secure SDLC, threat modeling, SAST/DAST/secret scanning, dependency hygiene/SBOMs, and CI/CD guardrails.
• Create and maintain operational runbooks/playbooks and knowledge-base content to scale response and reduce MTTR.

GRC, Risk, & Privacy• Coordinate SOC 2 control operation, testing, and evidence collection (we use Vanta) and support PCI efforts (e.g., SAQ readiness, segmentation evidence, controls testing).

• Perform vendor security reviews and ongoing TPRM: questionnaires (e.g., SIG/CAIQ), contractual/DPA checks, and continuous monitoring.
• Plan and lead risk assessments; maintain the risk register; develop treatment plans; report on residual risk and control effectiveness.
• Guide product and engineering on privacy compliance (PIPEDA, Quebec Law 25; GDPR exposure a plus), privacy-by-design, and data minimization.
• Lead data governance: maintain data inventories/flows and retention standards; manage data-subject/deletion requests; steward data agreements with vendors.
• Plan and execute audits—internal security, vendor, and data audits—and track findings through remediation to closure.