About this role

Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents — catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare.

We are building towards a modern, AI-augmented CSOC — one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments.

A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track.

Location: Calgary, Winnipeg or Toronto

Reporting to: Technology Manager , CSOC

These are some of the key ingredients to the role: 

- Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform

- Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality

- Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response

- Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale

- Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators

- Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs

- Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them

- Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources

What will you bring to the table? 

For this role we need an independently competent analyst who requires minimal day-to-day direction and demonstrates consistent quality across core responsibilities.

Skills and Experience:

- SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent)

- Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies

- Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise

- Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations

- Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents

- Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them

- Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information

- Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately

- Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively

Desirables/Nice to haves

- Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day

- Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent

- Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations

- Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it

- Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations

- Experience in a food delivery, e-commerce, or high-scale consumer platform environment

- Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar

What We Offer:

Team Vibes: Thrive in a collaborative culture where your ideas matter.

Tasty Perk: Enjoy a monthly Skip spend allowance – treat yourself!

More Time Off: Generous PTO with a buy and sell program with up to 5 extra days!

Family First: Up to 20 weeks top up for parental leave. 

Premium Benefits: Flexible medical & dental insurance for you and your family.

Keep Learning: Access world-class training resources to power your success.

Perks Galore: Exclusive offers from Workperks from hundreds of top brands. 

Future Funded: RRSP contributions with diverse investment portfolios.

We’ve Got You: We’ve got you covered. Access paid sick time to care for yourself or your family when life happens & access to our well-being support programs.

Digital Nomads: Family abroad or just want a change of scenery? Enjoy the freedom to work from almost anywhere in the world for 4 weeks a year.

Career Growth: Fuel your personal and professional evolution through our dedicated mentorship, global mobility pathways, and a wellness-first culture rooted in true diversity and inclusion.

Compensation range: $79,440.00 - $88,800.00

Final compensation may vary based on skills, experience, and internal equity.

#LI-DN1