Security Operations Analyst

Just Eat Takeaway.comWinnipeg, ON
CA$79,440 - CA$88,800Hybrid

About The Position

Just Eat Takeaway is a leading online food delivery marketplace operating at significant scale across multiple continents. The Security Operations team is crucial for protecting customers, partners, and the platform by detecting, investigating, and responding to threats. The Cyber Security Operations Centre (CSOC) is an internal team responsible for threat detection, investigation, and incident response, aiming to catch threats early and minimize impact. The team utilizes advanced tools like Palo Alto XSIAM as their SIEM and investigation platform, integrating data from various sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals. The role involves working towards a modern, AI-augmented CSOC where automated pipelines handle initial triage and analysis, allowing analysts to focus on validation, quality assurance, and complex threat investigation. This position requires analytical thinking, a willingness to work with and improve automated systems, and curiosity about threats in cloud-native environments. A CSOC Analyst is expected to be an independently operating practitioner capable of owning incidents end-to-end, writing detection content, assessing AI-driven investigation conclusions, and acting as an on-call responder. This role is suitable for an analyst with solid foundations ready for greater ownership and growth towards a senior or specialist track.

Requirements

  • Independently competent analyst who requires minimal day-to-day direction and demonstrates consistent quality across core responsibilities.
  • SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent)
  • Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies
  • Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise
  • Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations
  • Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents
  • Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them
  • Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information
  • Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately
  • Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively

Nice To Haves

  • Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day
  • Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent
  • Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations
  • Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it
  • Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations
  • Experience in a food delivery, e-commerce, or high-scale consumer platform environment
  • Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar

Responsibilities

  • Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform
  • Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality
  • Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response
  • Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale
  • Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators
  • Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs
  • Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them
  • Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources

Benefits

  • Monthly Skip spend allowance
  • Generous PTO with a buy and sell program with up to 5 extra days
  • Up to 20 weeks top up for parental leave
  • Flexible medical & dental insurance for you and your family
  • Access world-class training resources
  • Exclusive offers from Workperks from hundreds of top brands
  • RRSP contributions with diverse investment portfolios
  • Paid sick time
  • Access to well-being support programs
  • Freedom to work from almost anywhere in the world for 4 weeks a year
  • Mentorship programs
  • Global mobility pathways
  • Wellness-first culture rooted in true diversity and inclusion
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service