Ready for a challenge? Just Eat Takeaway is one of the world's leading online food delivery marketplaces, connecting millions of customers with hundreds of thousands of restaurant partners across multiple continents. Operating at significant scale across markets including the UK, Canada, Australia, and Europe, we depend on robust and resilient security operations to protect our customers, partners, and platform. Our Security Operations team sits at the heart of that mission — detecting, investigating, and responding to threats that matter. About this role Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents — catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare. We are building towards a modern, AI-augmented CSOC — one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments. A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track. Location: Calgary, Winnipeg or Toronto Reporting to: Technology Manager , CSOC These are some of the key ingredients to the role: - Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform - Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality - Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response - Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale - Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators - Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs - Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them - Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources What will you bring to the table? For this role we need an independently competent analyst who requires minimal day-to-day direction and demonstrates consistent quality across core responsibilities. Skills and Experience: - SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent) - Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies - Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise - Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations - Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents - Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them - Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information - Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately - Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively Desirables/Nice to haves - Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day - Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent - Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations - Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it - Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations - Experience in a food delivery, e-commerce, or high-scale consumer platform environment - Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar What We Offer: Team Vibes: Thrive in a collaborative culture where your ideas matter. Tasty Perk: Enjoy a monthly Skip spend allowance – treat yourself! More Time Off: Generous PTO with a buy and sell program with up to 5 extra days! Family First: Up to 20 weeks top up for parental leave. Premium Benefits: Flexible medical & dental insurance for you and your family. Keep Learning: Access world-class training resources to power your success. Perks Galore: Exclusive offers from Workperks from hundreds of top brands. Future Funded: RRSP contributions with diverse investment portfolios. We’ve Got You: We’ve got you covered. Access paid sick time to care for yourself or your family when life happens & access to our well-being support programs. Digital Nomads: Family abroad or just want a change of scenery? Enjoy the freedom to work from almost anywhere in the world for 4 weeks a year. Career Growth: Fuel your personal and professional evolution through our dedicated mentorship, global mobility pathways, and a wellness-first culture rooted in true diversity and inclusion. Compensation range: $79,440.00 - $88,800.00 Final compensation may vary based on skills, experience, and internal equity. #LI-DN1 With over 60 million active users across 24 countries, here at Just Eat Takeaway.com we’re a global food tech company, connecting our customers from Amsterdam to Auckland with the food they love.