About the role
About Rentsync::
Rentsync is a fast-growing company offering robust software solutions for the multifamily-housing industry. Our platforms—Rentsync, Rentals.ca Network, and more—help property-management companies streamline operations, improve tenant experience, and reach residents across Canada.
About the Role::
We’re looking for a GRC & Cybersecurity Analyst who can operate across security operations, application security, and compliance. You’ll engineer SIEM content, investigate threats end-to-end, harden endpoints and applications, and drive continuous compliance (SOC 2, PCI, and privacy). You’ll partner with engineering, product, data, and vendors to reduce risk while enabling the business.
You’ll report to the Manager of IT & Cybersecurity and collaborate across the organization with engineering, product, IT, and HR teams.
Responsibilities::
Security Operations & Engineering• Build, tune, and maintain SIEM detections and dashboards; integrate log sources, normalize data, and manage the rule lifecycle to reduce noise and increase signal.
- Continuously monitor alerts and perform triage, escalation, and case management with clear documentation.
- Lead end-to-end investigations: scope, containment, eradication, recovery, root-cause analysis, and lessons learned with action tracking.
- Administer and harden endpoint and application control tools (e.g., SentinelOne, ThreatLocker), identity/access policies, and related security configurations.
- Run vulnerability intake and initial triage across infrastructure and applications; prioritize risk; advise engineering on remediation and compensating controls.
- Improve application security: advocate for secure SDLC, threat modeling, SAST/DAST/secret scanning, dependency hygiene/SBOMs, and CI/CD guardrails.
- Create and maintain operational runbooks/playbooks and knowledge-base content to scale response and reduce MTTR.
GRC, Risk, & Privacy• Coordinate SOC 2 control operation, testing, and evidence collection (we use Vanta) and support PCI efforts (e.g., SAQ readiness, segmentation evidence, controls testing).
- Perform vendor security reviews and ongoing TPRM: questionnaires (e.g., SIG/CAIQ), contractual/DPA checks, and continuous monitoring.
- Plan and lead risk assessments; maintain the risk register; develop treatment plans; report on residual risk and control effectiveness.
- Guide product and engineering on privacy compliance (PIPEDA, Quebec Law 25; GDPR exposure a plus), privacy-by-design, and data minimization.
- Lead data governance: maintain data inventories/flows and retention standards; manage data-subject/deletion requests; steward data agreements with vendors.
- Plan and execute audits—internal security, vendor, and data audits—and track findings through remediation to closure.
Essential Skills & Qualifications::
- 2-4 years of experience with hands-on exposure to security operations or GRC
- Practical SIEM experience: building detections/queries, investigations, dashboards, and tuning false positives.
- Experience administering EDR/application control (e.g., SentinelOne, ThreatLocker) and interpreting telemetry.
- Working knowledge of vulnerability management workflows and common tooling; ability to translate findings into developer-friendly guidance.
- Understanding of secure application practices (e.g., OWASP Top 10, dependency and secrets management).
- Familiarity with SOC 2 and PCI concepts, plus privacy obligations under PIPEDA and Quebec Law 25.
- Comfort with cloud (AWS/GCP), Linux fundamentals, networking basics, and scripting (Python/Bash/PowerShell) to automate tasks.
- Excellent written and verbal communication; able to influence without authority and collaborate across teams.
Additional Preferred Qualifications::
- Certifications: Security+, CySA+, SSCP, GSEC, CCSK/CC, CISA, or similar.
- Experience with Elastic/Splunk/Chronicle/Sentinel SIEMs; Sigma/KQL/ES-DSL/SPL rule writing.
- Exposure to Tenable/Nessus or Greenbone (OpenVAS), OWASP ZAP/Semgrep, SCA/SBOM tooling.
- Knowledge of frameworks/standards: NIST CSF, ISO 27001/27002, CIS Controls, GDPR.
- Experience in pentesting web applications with awareness of common risks (e.g., OWASP Top 10).
Technologies You’ll Work With::
Elastic or Splunk (SIEM), SentinelOne, ThreatLocker, Tenable/Nessus or Greenbone, AWS & GCP, Linux, GitHub, CI/CD, Vanta, Cloudflare Zero Trust, Opsgenie/PagerDuty, OWASP ZAP/Semgrep, Terraform/Kubernetes (awareness), MySQL/PostgreSQL, and common web stacks.
Rentsync is an equal opportunity employer. If you are selected to participate in the interview process and require unique accommodations, please don’t hesitate to let us know.
Successful candidates may be required to complete a criminal background check in the final phase of the interview process.
About Rentsync
Rentsync (formerly Landlord Web Solutions) provides marketing solutions for the multifamily industry in both Canada and the U.S. The company offers a leading purpose-built rental marketing platform, which includes a content management system (CMS) and ad syndication, giving clients the ability to both showcase and advertise their rental portfolio all from one place. In addition to its software offerings, Rentsync Studios offers multifamily clients a variety of marketing services, including website design, digital advertising and lease-up marketing. Visit us at rentsync.com.
About the role
About Rentsync::
Rentsync is a fast-growing company offering robust software solutions for the multifamily-housing industry. Our platforms—Rentsync, Rentals.ca Network, and more—help property-management companies streamline operations, improve tenant experience, and reach residents across Canada.
About the Role::
We’re looking for a GRC & Cybersecurity Analyst who can operate across security operations, application security, and compliance. You’ll engineer SIEM content, investigate threats end-to-end, harden endpoints and applications, and drive continuous compliance (SOC 2, PCI, and privacy). You’ll partner with engineering, product, data, and vendors to reduce risk while enabling the business.
You’ll report to the Manager of IT & Cybersecurity and collaborate across the organization with engineering, product, IT, and HR teams.
Responsibilities::
Security Operations & Engineering• Build, tune, and maintain SIEM detections and dashboards; integrate log sources, normalize data, and manage the rule lifecycle to reduce noise and increase signal.
- Continuously monitor alerts and perform triage, escalation, and case management with clear documentation.
- Lead end-to-end investigations: scope, containment, eradication, recovery, root-cause analysis, and lessons learned with action tracking.
- Administer and harden endpoint and application control tools (e.g., SentinelOne, ThreatLocker), identity/access policies, and related security configurations.
- Run vulnerability intake and initial triage across infrastructure and applications; prioritize risk; advise engineering on remediation and compensating controls.
- Improve application security: advocate for secure SDLC, threat modeling, SAST/DAST/secret scanning, dependency hygiene/SBOMs, and CI/CD guardrails.
- Create and maintain operational runbooks/playbooks and knowledge-base content to scale response and reduce MTTR.
GRC, Risk, & Privacy• Coordinate SOC 2 control operation, testing, and evidence collection (we use Vanta) and support PCI efforts (e.g., SAQ readiness, segmentation evidence, controls testing).
- Perform vendor security reviews and ongoing TPRM: questionnaires (e.g., SIG/CAIQ), contractual/DPA checks, and continuous monitoring.
- Plan and lead risk assessments; maintain the risk register; develop treatment plans; report on residual risk and control effectiveness.
- Guide product and engineering on privacy compliance (PIPEDA, Quebec Law 25; GDPR exposure a plus), privacy-by-design, and data minimization.
- Lead data governance: maintain data inventories/flows and retention standards; manage data-subject/deletion requests; steward data agreements with vendors.
- Plan and execute audits—internal security, vendor, and data audits—and track findings through remediation to closure.
Essential Skills & Qualifications::
- 2-4 years of experience with hands-on exposure to security operations or GRC
- Practical SIEM experience: building detections/queries, investigations, dashboards, and tuning false positives.
- Experience administering EDR/application control (e.g., SentinelOne, ThreatLocker) and interpreting telemetry.
- Working knowledge of vulnerability management workflows and common tooling; ability to translate findings into developer-friendly guidance.
- Understanding of secure application practices (e.g., OWASP Top 10, dependency and secrets management).
- Familiarity with SOC 2 and PCI concepts, plus privacy obligations under PIPEDA and Quebec Law 25.
- Comfort with cloud (AWS/GCP), Linux fundamentals, networking basics, and scripting (Python/Bash/PowerShell) to automate tasks.
- Excellent written and verbal communication; able to influence without authority and collaborate across teams.
Additional Preferred Qualifications::
- Certifications: Security+, CySA+, SSCP, GSEC, CCSK/CC, CISA, or similar.
- Experience with Elastic/Splunk/Chronicle/Sentinel SIEMs; Sigma/KQL/ES-DSL/SPL rule writing.
- Exposure to Tenable/Nessus or Greenbone (OpenVAS), OWASP ZAP/Semgrep, SCA/SBOM tooling.
- Knowledge of frameworks/standards: NIST CSF, ISO 27001/27002, CIS Controls, GDPR.
- Experience in pentesting web applications with awareness of common risks (e.g., OWASP Top 10).
Technologies You’ll Work With::
Elastic or Splunk (SIEM), SentinelOne, ThreatLocker, Tenable/Nessus or Greenbone, AWS & GCP, Linux, GitHub, CI/CD, Vanta, Cloudflare Zero Trust, Opsgenie/PagerDuty, OWASP ZAP/Semgrep, Terraform/Kubernetes (awareness), MySQL/PostgreSQL, and common web stacks.
Rentsync is an equal opportunity employer. If you are selected to participate in the interview process and require unique accommodations, please don’t hesitate to let us know.
Successful candidates may be required to complete a criminal background check in the final phase of the interview process.
About Rentsync
Rentsync (formerly Landlord Web Solutions) provides marketing solutions for the multifamily industry in both Canada and the U.S. The company offers a leading purpose-built rental marketing platform, which includes a content management system (CMS) and ad syndication, giving clients the ability to both showcase and advertise their rental portfolio all from one place. In addition to its software offerings, Rentsync Studios offers multifamily clients a variety of marketing services, including website design, digital advertising and lease-up marketing. Visit us at rentsync.com.