[Hiring] Head of AI @VSI Technologies

Role Description

You build AI systems that enterprise clients and government agencies stake real operations on. Not demos. Not pilots. Production systems that cannot fail. A bug in a consumer app costs a bad review. A bug in a government AI system costs a contract, a clearance, or worse. You write the code, you deploy the infrastructure, you own the security posture, and you hold your team to the same standard — personally, in writing, before any code is committed.

This team builds across three deployment contexts simultaneously:

• Commercial Enterprise: Scalable APIs, SLA-backed uptime, SSO integration, role-based access, audit logging, SOC 2-aligned data handling. You deploy to production and you own what happens after deployment.
• Government Contracts: FedRAMP-aware infrastructure, NIST 800-53 control families, FISMA alignment, Authority to Operate (ATO) documentation support, and CUI data handling protocols. You know what makes an AI app disqualified from a federal contract and you build to prevent it from Day 1.
• Sensitive and Secure Environments: Zero-trust architecture, end-to-end encryption, air-gap compatible design where required, multi-factor access controls, immutable audit trails, and data residency compliance. Security is not a layer you add at the end. It is built into the first commit.

Qualifications

• You have deployed AI applications to production that enterprise clients or government agencies actively use.
• You understand FedRAMP, NIST 800-53, FISMA, and CUI handling well enough to make architecture decisions that support an ATO process.
• You have personally implemented zero-trust architecture, multi-factor access controls, immutable audit logging, and end-to-end encryption in a real application.
• You write Python fluently. Node.js and React at a professional working level.
• You have used LangChain, AutoGen, CrewAI, or built your own agentic framework.
• You have managed developers before and documented and addressed an underperforming hire.
• PST morning overlap is non-negotiable — Belgrade 1pm to 5pm every working day.
• Your written English is precise, technical, and unambiguous.

Requirements

• Write production-grade code in Python, Node.js, and React — minimum 4 hours of actual engineering daily.
• Write the technical specification for every task before any developer begins.
• Design all deployment infrastructure with the target environment's security requirements in mind from the first commit.
• Personally implement and review all authentication, authorization, audit logging, and data encryption layers.
• Architect and build all agentic systems with explicit data handling controls for each environment type.
• Build and own all RAG pipelines with data residency controls.
• Review every pull request from every team member with a security-first lens.
• Own all deployment pipelines — CI/CD configuration, environment promotion controls, rollback procedures, and incident response protocols.
• Conduct 30-day and 60-day precision reviews for every developer.
• Submit a written Friday report to the CEO every single week.

Benefits

• AI-powered applications deployed to commercial enterprise clients with full SLA and uptime accountability.
• Government-facing AI tools built to FedRAMP-aware standards with ATO documentation support.
• Agentic workflow systems that automate complex multi-step processes for enterprise and government clients.
• RAG pipelines that allow clients to query their own classified or sensitive document repositories securely.
• Automation engines that replace manual government contracting workflows.
• Secure API layers that connect AI capabilities to existing enterprise and government systems.
• AI marketing and revenue analytics tools for commercial clients.

Security Standards

• Authentication and Access: OAuth 2.0 / OIDC with MFA enforcement. No shared credentials. Role-based access with least-privilege principle.
• Data Protection: Encryption at rest (AES-256 minimum) and in transit (TLS 1.2+).
• Audit and Logging: Immutable audit logs for every user action, every data access, and every model inference.
• Network and Infrastructure: Zero-trust network design. No implicit trust between services.
• Deployment and CI/CD: Container-based deployment with image signing.
• Government Compliance: FedRAMP-aware infrastructure choices documented in architecture decision records.

Zero Tolerance

• A security vulnerability introduced by this team that reaches a government or enterprise client environment is an immediate performance event.
• Every deliverable is reviewed against a written specification before it ships.
• A hardcoded credential, a plaintext secret, or an unencrypted data store committed to any repository is an immediate code review and mandatory documentation event.
• First-submission quality target is 90% or above on everything you build and everything your team submits under your review.
• The Friday written report to the CEO is not optional.

How to Apply

Submit your CV, a link to your GitHub, and a written technical summary describing one AI application you deployed to a government or enterprise environment. Include the architecture, the specific security controls you implemented, and one thing that failed during development and exactly how you resolved it.

Applications without this written technical summary will not be reviewed.

Shortlisted candidates complete a 72-hour technical build challenge that includes a mandatory security requirements component.

We are an equal opportunity employer. We hire for precision, technical depth, and character — regardless of nationality, background, or location.