Daylight is building managed agentic security services for modern security operations teams. Our platform combines AI-native technology with world-class security experts to monitor, detect, and investigate threats at a scale traditional SOCs can’t match.

We’re a 40 person cybersecurity startup that recently emerged from stealth with strong Series A backing. Our R&D and product teams are based in Tel Aviv, and we’re now building our go-to-market presence in the US. Our investors include the founders of Wiz, Cyera, and Eon - people who helped build the cloud security category.

Enterprises today are overwhelmed by alerts, tool sprawl, and a global shortage of security talent. Daylight was built to change that. We combine AI and human expertise to deliver faster, smarter investigations and real 24/7 security coverage for large organizations.

The Role

You’ve worked in a SOC. You’ve triaged alerts, built detections, and investigated incidents. You know what real investigations look like, and you know how much vendor messaging misses the mark.

As Security Operations Advocate, you’ll bring the practitioner voice to Daylight. You’ll create technical content, explain how our technology works, and engage directly with the security community. Your audience is security operations professionals, detection engineers, and security leaders who want substance, not hype.

You’ll work closely with our marketing, product, R&D, and SOC teams to translate real investigations and product capabilities into content that practitioners respect.

What you’ll do:

• Investigation walkthroughs - building deep-dive content that shows how Daylight's AI investigates real incidents, step by step, in a way that practitioners find genuinely impressive
• Product demos and YouTube content - recording product walkthroughs, feature explainers, and commentary on SecOps trends
• Product announcements - translating what product and R&D are building into products announcements focused on our audience
• Speaking and events - representing Daylight at industry conferences, security meetups, and customer events; you'll be one of our faces on stage
• Webinars & round tables - hosting and co-presenting technical webinars with customers and partners
• LinkedIn and Reddit - building a presence where practitioners and detection engineers spend time; participating authentically in conversations.
• Influencer and peer relationships - building relationships with respected voices in the security practitioner community
• Practitioner enablement content - supporting sales with materials that can stand up to scrutiny from technical buyers

What this actually looks like week-to-week:

• Recording an investigation walkthrough video with one of our security analysts and turning it into a YouTube video and a blog post
• Sitting in on a product sprint review to understand what's shipping next and drafting the announcement content
• Posting on LinkedIn not as a brand but as someone with real expertise and a point of view
• Presenting at a regional security meetup or submitting a talk proposal to a conference like SANS, BSides, and more
• Jumping into a Reddit thread where practitioners are discussing MDR and contributing something actually worth reading
• Hopping on a call with a customer who's willing to do a webinar or a case study, and helping turn that into something compelling

You're the right fit if:

1. You have the practitioner's credibility: You've built detection logic, worked with SIEMs, or run triage workflows and you have strong opinions about it all.

2. You want to create, not just do: You've created content before (blog posts, conference talks, videos, threads) because you wanted to share your POV with the community.

3. You're energized by community: You already participate in security practitioner communities or want to do so: LinkedIn, Reddit, Discord, Slack groups, conferences

4. You're comfortable being early: There's no playbook for this role. You'll build it and that’s great for you. You're okay not having every resource you need from day one.

You're NOT the right fit if:

• You've never worked in a SOC or security operations environment.
• You want to be on stage only: you're not interested in working with the product team on announcements or helping the broader marketing team articulate our differentiation.
• You're uncomfortable being on camera or on stage: you want to stay behind the scenes and are not excited about building a public presence.
• You need a large team and established process to be effective.

Requirements

• 3+ years in a hands-on security operations role: SOC analyst, detection engineer, threat hunter, or similar.
• Comfort presenting technical content in front of live or recorded audiences.
• Some evidence of public presence: a conference talk, a blog, a LinkedIn following, community contributions - even early-stage.
• Strong written English; the ability to translate technical depth into content that practitioners actually want to read.
• Startup or fast-moving environment experience is a big plus.
• Prior experience in a security practitioner-to-advocate transition is a plus, but not required - we'll help you make the shift.