Security Operations Analyst

Just Eat Takeaway.com•Winnipeg, ON

1d•CA$79,440 - CA$88,800•Hybrid

About The Position

Just Eat Takeaway is a leading online food delivery marketplace operating at significant scale across multiple continents. The Security Operations team is crucial for protecting customers, partners, and the platform by detecting, investigating, and responding to threats. The Cyber Security Operations Centre (CSOC) is an internal team responsible for threat detection, investigation, and incident response, aiming to catch threats early and minimize impact. The team utilizes advanced tools like Palo Alto XSIAM as their SIEM and investigation platform, integrating data from various sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals. The role involves working towards a modern, AI-augmented CSOC where automated pipelines handle initial triage and analysis, allowing analysts to focus on validation, quality assurance, and complex threat investigation. This position requires analytical thinking, a willingness to work with and improve automated systems, and curiosity about threats in cloud-native environments. A CSOC Analyst is expected to be an independently operating practitioner capable of owning incidents end-to-end, writing detection content, assessing AI-driven investigation conclusions, and acting as an on-call responder. This role is suitable for an analyst with solid foundations ready for greater ownership and growth towards a senior or specialist track.

Requirements

Independently competent analyst who requires minimal day-to-day direction and demonstrates consistent quality across core responsibilities.
SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent)
Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies
Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise
Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations
Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents
Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them
Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information
Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately
Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively

Nice To Haves

Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day
Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent
Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations
Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it
Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations
Experience in a food delivery, e-commerce, or high-scale consumer platform environment
Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar

Responsibilities

Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform
Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality
Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response
Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale
Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators
Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs
Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them
Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources