Role Description The Security Analyst on the Governance, Risk, and Compliance (GRC) team plays a critical role in safeguarding sensitive information resources and data, ensuring organizational compliance with industry regulations. This position supports the development, implementation, and monitoring of security policies, risk management processes, and compliance frameworks such as HIPAA, TAC 202, UTS 165, and NIST cybersecurity standards. - Under direct supervision, supports the organization’s information resources, security environments, and applications to ensure they remain adequately protected and aligned with the NIST Cybersecurity Framework (CSF). - Assists in activities across the CSF functions: Identify, Protect, Detect, Respond, and Recover. - Supports asset classification, implements security controls, monitors for anomalous activity, and participates in 24/7 incident response processes. - Completes CompTIA CySA+ certification training and successfully passes the exam within 90 days of hire. - Works assigned shifts supporting 24x7x365 Tier 1 SOC operations. - Performs alert triage across on-premises and cloud security technologies, including SIEM, IDS, antivirus, cloud services, Windows servers, network infrastructure, DLP, UBA, and user-submitted security reports. - Applies basic security controls to contain malicious activity and prevent unauthorized disclosure of sensitive information. - Escalates alerts to Tier 2 based on severity and priority, supporting follow-on incident response activities. - Contributes to SOC workflow improvements by identifying false positives and recommending process enhancements. - Assists with incident response through resolution and helps develop after-action reports. - Participates in ongoing skill development to strengthen investigation and response capabilities. - Adheres to internal controls, reporting structures, and all applicable standards, processes, and procedures. - Performs other related duties as assigned by management. Qualifications - Bachelor's degree and one (1) year of IT or security experience. An equivalent combination of education and experience relevant to the role may be considered. - 3 years of cybersecurity experience (preferred). - Proficiency in Python, Rust, C, C+, Java, and/or PowerShell (preferred). - Academic and/or working experience with TCP/IP networking, and networking services such as DNS, SMTP, DHCP, etc. (preferred). - Familiarity with Windows, MacOS, Linux-variant operating systems, such as the file system structure, system services, and typical behavior of endpoints and servers (preferred). - Experience with cloud-based services such as Microsoft Office 365 and Azure productivity tools (preferred). Requirements - Any qualifications to be considered as equivalents in lieu of stated minimums require the prior approval of the Chief Human Resources Officer or designee. - Must be routinely reviewed to determine whether they are able to maintain the security or integrity of critical infrastructure. Benefits - Actual salary commensurate with experience. - Remote Local position, Rotating Shifts, Including Nights and Weekends. Equal Employment Opportunity UTMB Health strives to provide equal opportunity employment without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, genetic information, disability, veteran status, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law. As a Federal Contractor, UTMB Health takes affirmative action to hire and advance protected veterans and individuals with disabilities.

Role Description Security compliance doesn't run itself — and at a company processing real-time pricing decisions for thousands of hotels worldwide, getting it right matters. As Security Engineer at Duetto, you'll be the operational backbone of our security programme: - Keeping SOC 2 and ISO 27001 evidence current. - Running access reviews. - Managing vendor security assessments. - Supporting RFPs. - Ensuring the governance infrastructure that underpins customer trust and audit readiness stays organised and on track. It's a detail-oriented, cross-functional role that touches Engineering, IT, Legal, HR, and Sales — and it's central to how Duetto earns and keeps the confidence of enterprise customers globally. Qualifications - 2–4+ years of experience in security GRC, IT audit, compliance, security operations, risk management, or technical programme coordination. - Familiarity with SOC 2, ISO 27001, NIST CSF, access reviews, vendor security, and audit evidence collection. - Experience using Vanta or a comparable GRC/compliance platform. - Strong documentation, follow-up, and project tracking skills. - The ability to work with technical teams and understand security evidence in context. - Strong written communication skills for RFPs, questionnaires, policies, and audit responses. Requirements - Experience in SaaS environments. - Familiarity with AWS evidence, MDM, endpoint security, vulnerability management, and incident response documentation. - Experience supporting customer security reviews or sales security questionnaires. - A basic understanding of GDPR, DPA, DTIA, DPF, and subprocessor management. Benefits - Compliance work with real commercial stakes. - Cross-functional exposure from day one. - AI is how we work. - A growing security programme with real scope. Company Description Duetto is the hospitality industry's leading revenue management platform, founded in 2012 by former Wynn Resorts executives who knew the industry needed better technology. We built the world's first Revenue & Profit Operating System — a suite of tools that goes beyond room pricing to give hotels, resorts, and casinos a complete picture of their revenue and profitability. - Trusted by clients ranging from independent boutique hotels to global chains. - Named the #1 Revenue Management Software by HotelTechAwards four years running. - Recognized as the #1 Best Place to Work in Hotel Tech in 2025. - Backed by GrowthCurve Capital since 2024, accelerating investment in AI.

Role Description As an Intermediate Security Analyst, you’ll play a hands-on role in protecting our technology environment while helping improve how we operate. In this contract opportunity, you’ll support day‑to‑day firewall operations using the Palo Alto Networks platform and work closely with experienced security engineers who are eager to mentor and share knowledge. You’ll also have the opportunity to identify inefficiencies in our security operations and help introduce practical automation or technology-driven improvements that make our processes more effective and scalable. This role is open to remote candidates across Canada. Qualifications - Experience in information security, network security, or IT operations - Hands‑on exposure to Palo Alto Networks firewalls (PAN‑OS), including monitoring and rule management - A foundational understanding of networking concepts such as TCP/IP, DNS, routing, and NAT - Experience reviewing firewall logs and understanding traffic flow and security policies - Exposure to improving operational processes through scripting, automation, or technology enhancements (e.g., dashboards, workflows, or tooling) Requirements - Collaborating with cross‑functional teams in a fast‑paced, operational environment - Analyzing logs, alerts, and network traffic to identify security or connectivity issues - Spotting opportunities to improve processes and reduce manual effort through automation or tooling - Following established runbooks while thinking critically about how processes can evolve - Communicating clearly and documenting work in a structured, meaningful way Benefits - Remote‑friendly work options for candidates located anywhere in Canada - Access to mentorship, learning opportunities, and hands‑on experience with enterprise‑grade security platforms - A collaborative, people‑first culture that values curiosity, improvement, and knowledge sharing - Opportunities to contribute to meaningful security and operational initiatives that protect our customers and organization

Role Description The Cybersecurity Analyst is a frontline operational role responsible for monitoring, investigating, and responding to security alerts and incidents across the organization’s security tool stack, with a primary focus on Cisco Secure Workload, Cisco Secure Endpoint, and Cisco Umbrella. This position is centered on alert triage, investigation, and execution of incident response activities, leveraging established detections, playbooks, and procedures to identify threats, assess impact, and drive timely remediation. - Monitor, analyze, and respond to security events and incidents utilizing Cisco Secure Workload, Cisco Secure Endpoint, and Cisco Umbrella. - Conduct thorough investigations of security alerts to identify root causes, assess impact, and coordinate effective remediation. - Leverage Cisco Secure Workload (CSW), Cisco Secure Endpoint (CSE), and Cisco Umbrella to enforce network, endpoint, and DNS-layer security controls and mitigate threats. - Perform detailed investigation of security alerts, correlate events across multiple sources, and drive timely incident response. - Collaborate with cross-functional teams (IT, Network, and Application owners) to identify and remediate security risks and vulnerabilities. - Develop and maintain incident response documentation, procedures, and runbooks. - Contribute to the continuous improvement of security monitoring, detection, and response capabilities. - Stay abreast of evolving cyber threats, tactics, techniques, and procedures (TTPs), and emerging industry trends. Qualifications - Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). - Minimum of 5+ years of hands-on experience in cybersecurity operations, preferably within a Security Operations Center (SOC). - Demonstrated expertise with Cisco security technologies, specifically: - Cisco Secure Workload (CSW) - Cisco Secure Endpoint (CSE) - Cisco Umbrella - Strong knowledge of endpoint security, workload security, network security, and threat detection methodologies. - Solid understanding of networking protocols, DNS, and security architecture principles. - Preferred Qualifications - Experience with CrowdStrike Falcon platform for endpoint detection and response. - Proficiency in ServiceNow (SNOW) for incident, problem, and change management. - Relevant industry certifications such as CyberOps, Security+, CySA+, GCIH, CCNA or equivalent. - Experience integrating security tools with SIEM platforms and ticketing systems. Requirements - Should be willing to accept a long-term work-from-home arrangement. - Should be amenable to a permanent night shift schedule.