Skip to main content
Back to jobs

Security Operations Analyst

External
takeaway logoTakeaway · Winnipeg Hargrave Street Office
Full-timeOn-siteToday
AWSAzureCloud SecurityCloudflareGCPIncident Response
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Requirements

  • SIEM and investigation platform proficiency - hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent)
  • Incident response competency - demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies
  • Detection engineering foundations - experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise
  • Cloud security knowledge - practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations
  • Endpoint telemetry analysis - ability to interpret endpoint telemetry during investigations; familiarity with the types

Additional Information

Ready for a challenge? Just Eat Takeaway is one of the world's leading online food delivery marketplaces, connecting millions of customers with hundreds of thousands of restaurant partners across multiple continents. Operating at significant scale across markets including the UK, Canada, Australia, and Europe, we depend on robust and resilient security operations to protect our customers, partners, and platform. Our Security Operations team sits at the heart of that mission - detecting, investigating, and responding to threats that matter. About this role Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents - catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare. We are building towards a modern, AI-augmented CSOC - one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments. A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track. Location: Calgary, Winnipeg or Toronto Reporting to: Technology Manager , CSOC These are some of the key ingredients to the role: - Triage, investigate, and analyse security incidents - own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform - Validate agentic investigation conclusions - review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality - Write and maintain playbooks - author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response - Implement and tune correlation rules - develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale - Handle cloud security incidents - investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators - Participate in the on-call rota - share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs - Contribute to threat detection improvement - proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them - Support threat intelligence operationalisation - apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources What will you bring to the table? For this role we need an independently competent analyst who requires minimal day-to-day direction and demonstrates consistent quality across core responsibilities.


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at takeaway? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect