Head of AI

HEAD OF AI Belgrade · Serbia (Remote) · Full-Time · PST Required

Department: AI Team Reports To: CEO / Executive  Employment Type: Full-Time Remote Location: Belgrade, Serbia — PST 

WHAT THIS ROLE ACTUALLY IS

You build AI systems that enterprise clients and government agencies stake real operations on. Not demos. Not pilots. Production systems that cannot fail. A bug in a consumer app costs a bad review. A bug in a government AI system costs a contract, a clearance, or worse. You write the code, you deploy the infrastructure, you own the security posture, and you hold your team to the same standard — personally, in writing, before any code is committed.

This team builds across three deployment contexts simultaneously: commercial enterprise clients who need reliable, scalable AI applications; federal government agencies who require FedRAMP-aware architecture, NIST 800-53 controls, and zero-trust network design; and classified or sensitive environments where data handling, audit logging, and access control are not optional features — they are the product. You have built in at least two of these three environments. You understand why they are different. You never mix their standards downward.

THREE DEPLOYMENT CONTEXTS YOU OWN

Commercial Enterprise Scalable APIs, SLA-backed uptime, SSO integration, role-based access, audit logging, SOC 2-aligned data handling. You deploy to production and you own what happens after deployment.

Government Contracts FedRAMP-aware infrastructure, NIST 800-53 control families, FISMA alignment, Authority to Operate (ATO) documentation support, and CUI data handling protocols. You know what makes an AI app disqualified from a federal contract and you build to prevent it from Day 1.

Sensitive and Secure Environments Zero-trust architecture, end-to-end encryption, air-gap compatible design where required, multi-factor access controls, immutable audit trails, and data residency compliance. Security is not a layer you add at the end. It is built into the first commit.

WHAT YOU DO EVERY SINGLE DAY

• Write production-grade code in Python, Node.js, and React — minimum 4 hours of actual engineering daily. You are not a meeting-room architect who delegates the build
• Write the technical specification for every task before any developer begins — deployment environment, security controls required, acceptance criteria, and performance benchmarks. No spec means no start. This is not negotiable
• Design all deployment infrastructure with the target environment's security requirements in mind from the first commit — security is never retrofitted before launch
• Personally implement and review all authentication, authorization, audit logging, and data encryption layers — these are never delegated to a junior developer on this team under any circumstances
• Architect and build all agentic systems — LangChain, AutoGen, or CrewAI — with explicit data handling controls for each environment type. An agent that works in a commercial environment does not automatically comply in a government environment. You know the difference and you build accordingly
• Build and own all RAG pipelines with data residency controls — where the data lives, who can access it, how it is logged, and how it is deleted must be documented and approved before the pipeline runs in any production environment
• Review every pull request from every team member with a security-first lens, not just a functionality lens. If a commit introduces a data exposure risk or a hardcoded credential, it does not merge. Ever. No exceptions
• Own all deployment pipelines — CI/CD configuration, environment promotion controls, rollback procedures, and incident response protocols. When something breaks in production, you are the first call and you already know what to do
• Conduct 30-day and 60-day precision reviews for every developer — scored against a written standard, documented, and shared with the CEO. Drift from standard is addressed in writing within 48 hours of identification
• Submit a written Friday report to the CEO every single week — what shipped, what the security status of each active project is, what is blocked, and what is being built next week. This is a written document. It is not a Slack message. It is not moved to Monday

WHAT YOU BUILD — DELIVERABLES THIS TEAM SHIPS

• AI-powered applications deployed to commercial enterprise clients with full SLA and uptime accountability
• Government-facing AI tools built to FedRAMP-aware standards with ATO documentation support
• Agentic workflow systems that automate complex multi-step processes for enterprise and government clients
• RAG pipelines that allow clients to query their own classified or sensitive document repositories securely
• Automation engines that replace manual government contracting workflows — proposal analysis, compliance checking, pricing data extraction
• Secure API layers that connect AI capabilities to existing enterprise and government systems without creating data residency violations
• AI marketing and revenue analytics tools for commercial clients with SOC 2-aligned data handling

SECURITY STANDARDS — EVERY APP MUST MEET THESE BEFORE IT TOUCHES A CLIENT

Authentication and Access OAuth 2.0 / OIDC with MFA enforcement. No shared credentials. Role-based access with least-privilege principle. Session management with configurable timeout and forced re-authentication for sensitive operations.

Data Protection Encryption at rest (AES-256 minimum) and in transit (TLS 1.2+). PII and CUI identified, tagged, and handled per data classification policy before any pipeline runs. No sensitive data in logs. No sensitive data in error messages.

Audit and Logging Immutable audit logs for every user action, every data access, and every model inference in government or sensitive deployments. Logs are tamper-evident, timestamped, and retained per contract requirement. You can produce an audit report within 24 hours of a client request.

Network and Infrastructure Zero-trust network design. No implicit trust between services. API gateway with rate limiting and input validation on every endpoint. No hardcoded secrets anywhere in any codebase — secrets management via vault or equivalent is mandatory.

Deployment and CI/CD Container-based deployment with image signing. SAST and dependency vulnerability scanning in CI/CD pipeline before any build reaches staging. Rollback procedure documented, tested, and executable in under 15 minutes before any production launch.

Government Compliance FedRAMP-aware infrastructure choices documented in architecture decision records. NIST 800-53 control families addressed before deployment to any government environment. ATO support documentation producible on request. CUI data never processed in a non-compliant environment under any circumstances.

WHAT WE REQUIRE — NO EXCEPTIONS

• You have deployed AI applications to production that enterprise clients or government agencies actively use. Not demos. Not internal tools. Production. You can describe the architecture, the security controls you implemented, and what broke during development
• You understand FedRAMP, NIST 800-53, FISMA, and CUI handling well enough to make architecture decisions that support an ATO process. You do not need to be a compliance officer — you need to build systems a compliance officer can certify
• You have personally implemented zero-trust architecture, multi-factor access controls, immutable audit logging, and end-to-end encryption in a real application. You can describe the specific technical implementation, not just the concept
• You write Python fluently. Node.js and React at a professional working level. You can debug a broken pipeline, a failed deployment, or a security misconfiguration at any hour without asking anyone for help
• You have used LangChain, AutoGen, CrewAI, or built your own agentic framework. You have implemented RAG pipelines with real production data — not toy datasets
• You have managed developers before and you have documented and addressed an underperforming hire. You know what a real performance standard looks like and you enforce it in writing
• PST morning overlap is non-negotiable — Belgrade 1pm to 5pm every working day. Government and enterprise client calls happen in US business hours and your team's day must align to it
• Your written English is precise, technical, and unambiguous. Specifications, security documentation, and client-facing architecture summaries all pass through you. Vague writing produces broken and insecure software

ZERO TOLERANCE — READ THIS BEFORE YOU APPLY

1. A security vulnerability introduced by this team that reaches a government or enterprise client environment is an immediate performance event. There is no grace period for security failures in this context. None.
2. Every deliverable is reviewed against a written specification before it ships. If you did not write the spec, the work does not start. If the work does not meet the spec, it does not ship. There is no "we will fix it in the next sprint" on this team.
3. A hardcoded credential, a plaintext secret, or an unencrypted data store committed to any repository — regardless of branch — is an immediate code review and mandatory documentation event. Two occurrences from the same developer is a termination event.
4. First-submission quality target is 90% or above on everything you build and everything your team submits under your review. If your team consistently ships below 85%, that is your failure to specify, train, and review — not their failure to deliver. You own the number.
5. The Friday written report to the CEO is not optional. It is not moved to Monday. It does not become a verbal update. It is a written document, submitted by end of business Friday, every single week without exception.

HOW TO APPLY

Submit your CV, a link to your GitHub, and a written technical summary — not a bullet list, a paragraph — describing one AI application you deployed to a government or enterprise environment. Include the architecture, the specific security controls you implemented, and one thing that failed during development and exactly how you resolved it.

Applications without this written technical summary will not be reviewed.

Shortlisted candidates complete a 72-hour technical build challenge that includes a mandatory security requirements component. There are no exceptions to this process.

We are an equal opportunity employer. We hire for precision, technical depth, and character — regardless of nationality, background, or location. If the standards in this description match how you already work, we want to hear from you.