As a Security Operations & Automation, you'll be the hands-on architect of how Port detects, investigates, and responds to threats - built around AI agents and deep tooling integrations, not manual triage. You'll own incident response across corporate systems, workstations, and identity, unify alerts from every source - including cloud-originated signals that need a response - into a single SOAR/XDR fabric, and deploy AI agents to handle first-line investigation and response.
You'll work closely with IT and the Cloud Security team - taking the lead on investigation, triage, and response while they own the underlying cloud and SDLC architecture - and turn complex security signals into structured, AI-assisted, largely autonomous outcomes - fighting fire with fire.
Responsibilities
Architect and own Port's AI-driven detection and response stack, integrating SIEM, XDR, SOAR, EDR, and IAM into a single automated fabric rather than siloed tools.
Deploy and tune AI agents to handle first-line alert triage, enrichment, and investigation, with humans engaged only for true edge cases - manual L1 triage is the exception, not the default.
Build SOAR playbooks and integrations across the security and IT toolchain (endpoint, identity, ticketing, chat) so detection, enrichment, and remediation run automatically end to end - regardless of which system or platform an alert originates from.
Own the alert pipeline as a whole: unify signals from EDR, IAM, and other sources - including cloud and SaaS alerts surfaced by the Cloud Security team - into one triage and response workflow, so nothing falls through the cracks between tools.
Evaluate and integrate best-of-breed, AI-native security tools - SIEM, XDR, SOAR, EDR, email security, AI guardrails, ZTNA, and others - wiring each into the unified detection and response fabric rather than running them as siloed point solutions. Hands-on tool integration (APIs, connectors, log and telemetry ingestion) is a core skill for this role, not an occasional task.
Drive vulnerability and patch management across corporate systems and endpoints, automating prioritization and remediation workflows and coordinating with IT against strict SLAs.
Build and tune detection rules specific to Port's environment, treating detection as code and feeding AI-driven correlation across the XDR layer.
Maintain security dashboards (MTTD/MTTR, automation rate, % of alerts resolved without human touch) and report on how automation is cutting noise and response time.
Requirements: 3+ years of experience in security operations, SecOps, or security engineering roles.
Hands-on experience operating EDR/XDR. SOAR/XSOAR, SIEM platforms and cloud security services (IAM, CSPM, SSPM).
Experience building automations and playbooks using SOAR platforms or scripting (Python, Bash).
Strong incident response skills, including triaging alerts and conducting root cause analysis.
Hybrid position based in our Tel Aviv office.
Excellent written and verbal English skills
This position is open to all candidates.