Aisle is redefining how enterprises secure their software with an AI agent for autonomous vulnerability remediation. Vulnerabilities are the #1 root cause of cyber incidents, yet most organizations take weeks or months to patch what attackers exploit in days. We’re changing that.
Our mission is to protect democratic societies from the most sophisticated cyberattacks. We do that by giving organizations - including those operating critical infrastructure - the power to harden their systems and resolve security issues at superhuman speed and scale. Backed by world-class founders and advisors, we’re creating a new category in cybersecurity at the intersection of AI, automation, and enterprise resilience.
We’re a small, talent-dense team spread across the US, Europe, and Israel. We value high ownership, high velocity, and low-ego collaboration. If you want to work with world-class minds in AI and security, thrive in fast-moving environments, and care about solving one of the toughest challenges in tech, Aisle is the place for you.
About the roleThis is not a traditional SRE role.
Most companies hire SREs to run vulnerability programs, triage alerts, chase incidents, and coordinate remediation across teams — work that keeps production secure and healthy, but also work that scales linearly with headcount and burns out the best engineers.
We don't want you to do that work. We want you to build the system that does it.
You'll design, build, and operate Aisle's SRE Agency — an agentic platform that ingests every operational and security signal we generate (telemetry, alerts, vulnerability scans, audit findings, incident tickets, deploy events), uses LLMs to aggregate context across our entire stack, auto-prioritizes what matters, and either resolves issues end-to-end or hands a human a fully-formed proposal — root cause, blast radius, and a draft PR — instead of a paging alert at 2am.
Every traditional SRE responsibility below still exists at Aisle. Your job is to make sure most of them are handled by agents, and the rest are handled by humans who already have 90% of the context in front of them when they sit down.
What you'll buildThe agency itselfDesign the agentic SRE platform end to end: signal ingestion, cross-system context aggregation (production telemetry, GitHub, Linear, Slack, vulnerability scanners, security audits), LLM-driven triage, auto-prioritization, and human-in-the-loop handoff.
Build the agents that do the work: vulnerability triage, incident response, root-cause analysis, remediation (drafting PRs), post-incident review, follow-through and closure tracking.
Define the trust boundary — which actions agents take autonomously, which require human approval, and how confidence is measured, calibrated, and improved over time.
Treat the agentic system as a production system in its own right: SLOs, evals, regression tests, observability of agent decisions, and a clear feedback loop from "the agent got this wrong" to "the agent no longer gets this wrong."
Build the agentic loop that takes vulnerability findings from identification → prioritization (exploitability, blast radius, business context) → remediation (PR drafted by an agent) → tracking → verified closure. Humans should only be in the loop for novel risk or genuine judgment calls.
Encode the prioritization logic the company already trusts — and the logic it should trust — into agents that can explain their reasoning to a human reviewer.
Build the agent stack that takes an incident from detection → context gathering across logs, traces, recent deploys, and config changes → hypothesis generation → containment recommendation → root cause → durable fix proposal (typically as a PR).
When a human is paged, they should be paged with a one-paragraph summary, the top three hypotheses ranked by evidence, and a draft mitigation — not a wall of dashboards.
Build the agent layer on top of our observability stack that turns raw signal into prioritized, deduplicated, human-readable narratives. Target: zero-noise alerting, full-context handoffs.
Surface recurring operational and security problems through the agency's own data and ship durable engineering fixes — or have the agents ship them.
Identify architectural gaps, reliability bottlenecks, and exposure risks through agent-driven analysis of the system as a whole, rather than humans staring at dashboards.
You still need to know what good looks like. You'll personally drive hardening, patching, segmentation, access control, and exposure reduction work — both because it informs what the agents need to do, and because some judgment calls genuinely belong to a human.
You'll partner with engineering, infrastructure, and security teams to make sure the agency integrates cleanly into how Aisle actually ships software.
You'll run post-incident and post-remediation reviews — but the first draft comes from an agent, and your job is to validate, refine, and feed the lesson back into the system.
8+ years across Site Reliability Engineering, Security Operations, Infrastructure Engineering, Network Operations, or similar. Enough depth to know what an SRE actually does, and why, so you can automate it correctly.
Real, production-grade experience with vulnerability management, incident response, and reliability engineering. You've done the work, and you know which parts are mechanical and which require judgment.
Strong fundamentals across systems, networking, distributed systems, production debugging, and observability platforms (Datadog, Grafana, Prometheus, OpenTelemetry, or equivalents) on modern cloud infrastructure.
Hands-on experience building with LLMs and agentic systems — tool use, context management, evals, retrieval, multi-agent orchestration. Side projects count if they're substantive; production experience is better.
Comfort designing and writing software, with AI Aid. You'll be shipping meaningful amounts of code, it is expected that most of it will be vibe-coded.
A sharp opinion on what should and shouldn't be automated, and the discipline to keep humans in the loop where it matters.
Strong written communication. The agency you build will explain itself to humans constantly — you'll set the bar for how it does that.
Experience with security tooling and standards: SOC 2, ISO 27001, vulnerability scanners, SAST/DAST, SBOMs, supply-chain security.
Experience building developer tooling or platform products that other engineers depend on.
A track record of taking a manual, human-driven process to >90% automation in production — and the war stories from doing it.
High ownership, low ego. You'll often be the only person who can see the agency end to end, and you'll need to make calls without committee.
Bias toward shipping. An agent that resolves 60% of vulnerability tickets in production this quarter beats a perfect design doc that ships next year.
Healthy paranoia about agents acting in production. We're a security company. The agency must be auditable, reversible, and trustworthy by construction — not by hope.
Similar Jobs
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
