Job Description

About Port

At Port.io, we are building an open and flexible Agentic Engineering Platform for modern engineering organizations. Following our recent $100M Series C funding round, we are in a phase of rapid hypergrowth with strong enterprise momentum.

We act as the central nervous system for engineering, enabling platform teams to unify their stack and expose it as a governed layer through golden paths for developers and AI agents. By combining rich engineering context, workflows, and actions, we help organizations transition from manual processes to autonomous, AI-assisted engineering workflows while maintaining control and accountability.

As a product-led company, we believe in building world-class platforms that fundamentally shape how modern engineering organizations operate.

About Your Day-to-Day

As a Security Operations & Automation, you'll be the hands-on architect of how Port detects, investigates, and responds to threats - built around AI agents and deep tooling integrations, not manual triage. You'll own incident response across corporate systems, workstations, and identity, unify alerts from every source - including cloud-originated signals that need a response — into a single SOAR/XDR fabric, and deploy AI agents to handle first-line investigation and response.

You'll work closely with IT and the Cloud Security team — taking the lead on investigation, triage, and response while they own the underlying cloud and SDLC architecture - and turn complex security signals into structured, AI-assisted, largely autonomous outcomes - fighting fire with fire.

Responsibilities

• Architect and own Port's AI-driven detection and response stack, integrating SIEM, XDR, SOAR, EDR, and IAM into a single automated fabric rather than siloed tools.
• Deploy and tune AI agents to handle first-line alert triage, enrichment, and investigation, with humans engaged only for true edge cases — manual L1 triage is the exception, not the default.
• Build SOAR playbooks and integrations across the security and IT toolchain (endpoint, identity, ticketing, chat) so detection, enrichment, and remediation run automatically end to end — regardless of which system or platform an alert originates from.
• Own the alert pipeline as a whole: unify signals from EDR, IAM, and other sources — including cloud and SaaS alerts surfaced by the Cloud Security team — into one triage and response workflow, so nothing falls through the cracks between tools.
• Evaluate and integrate best-of-breed, AI-native security tools — SIEM, XDR, SOAR, EDR, email security, AI guardrails, ZTNA, and others — wiring each into the unified detection and response fabric rather than running them as siloed point solutions. Hands-on tool integration (APIs, connectors, log and telemetry ingestion) is a core skill for this role, not an occasional task.
• Drive vulnerability and patch management across corporate systems and endpoints, automating prioritization and remediation workflows and coordinating with IT against strict SLAs.
• Build and tune detection rules specific to Port's environment, treating detection as code and feeding AI-driven correlation across the XDR layer.
• Maintain security dashboards (MTTD/MTTR, automation rate, % of alerts resolved without human touch) and report on how automation is cutting noise and response time.

What Success Will Look Like

Success means building an autonomous, AI-driven security operation - automation and AI agents as the default, manual work as the exception.

Within the first months, you're expected to:

• Take ownership of the security alert workflow and migrate it toward AI-agent-driven triage, reserving manual investigation for genuine exceptions.
• Stand up integrations connecting Port's security tooling stack (EDR, IAM, secrets management, XDR/SOAR) into one automated response layer.
• Identify and eliminate manual, legacy triage processes across corporate systems and workstations, replacing them with automation and AI-assisted workflows.
• Build strong working relationships with IT and the Cloud Security team based on trust and shared ownership of automated outcomes.
• Demonstrably reduce MTTD/MTTR and noise, proving out the AI-vs-AI approach — defense at the speed and scale of AI-driven attacks.

Requirements

• 3+ years of experience in security operations, SecOps, or security engineering roles.
• Hands-on experience operating EDR/XDR. SOAR/XSOAR, SIEM platforms and cloud security services (IAM, CSPM, SSPM).
• Experience building automations and playbooks using SOAR platforms or scripting (Python, Bash).
• Strong incident response skills, including triaging alerts and conducting root cause analysis.
• Hybrid position based in our Tel Aviv office.
• Excellent written and verbal English skills

Personal Attributes & Mindset

• High ownership mentality: You take responsibility for the security stack and follow through on every alert.
• Strong sense of structure: You can manage vulnerability SLAs and maintain precise security policies.
• Comfortable with ambiguity: You can take a vague threat and turn it into a clear detection rule or automated playbook.
• Collaborative by nature: You enjoy working as a partner to R&D to solve security challenges without slowing down development.
• Curious and self-driven: You are motivated to stay ahead of emerging threats and continuously improve Port's defenses.

Nice to Have

• Relevant certifications: CompTIA Security+, GSEC, CySA+, or AWS Security Specialty.
• Deep understanding of the SDLC and experience embedding security tools (SAST, SCA) into CI/CD pipelines.
• Experience with CNAPP/CSPM or code security platforms.
• Familiarity with compliance frameworks (SOC 2, ISO 27001) from an operational perspective.