Founding Head of Engineering - AI, Agents & Infrastructure

Founding Head of Engineering — AI, Agents & Infrastructure (Nivalto • Stealth)

Location: Remote First (San Francisco Bay Area candidates only)

Compensation: Equity-first (Pre-Seed) → Post-Seed Salary $250K–$300K + 20–25% Performance Bonus

Equity Range: 1.0%–2.0% (pre-seed fractional) → 3.0%–3.5% total at full-time conversion (4-year vest, 1-year cliff; milestone top-ups)

Reports To: CEO / Founder

Stage: Pre-Seed → Seed *Seed Fundraising Q1 2026*

Seniority: Founding

Time Commitment: Fractional (10–12 hrs/week, pre-seed) → Post-Seed full-time

About Nivalto

Nivalto is developing the critical infrastructure (payment, securities trading, and other domain agent workflows) powering the emerging AI agent economy—a $400B+ market opportunity by 2030. We're solving the hardest challenges enterprises face when deploying AI agents at scale in regulated environments, including how those agents are allowed to move money.

Our platform unifies security, governance, compliance, and enterprise AI payments through architecture:

Open Protocol: Industry-standard protocols for AI agent infrastructure (positioned for standardization)

Cloud Platform: SaaS control plane for enterprise deployment and management

Trusted Runtime & Edge Architecture: Secure, high-performance execution environments for governed agent workflows

AI Payments Fabric: Policy-aware, programmable transaction layer that governs how AI-driven workflows initiate, route, and reconcile payments across existing rails and providers

Legacy Core (AURA Fabric): Enterprise integration layer for mission-critical systems

Why this role is unique

Category-defining engineering

You’re not optimizing an existing app—you’re engineering the foundation for governed, cross-organization agent workflows and policy-aware payments in regulated environments.

You will be the 0→1 technical owner for Agent ROA Protocol—our open, standards-bound protocol for governed AI agent workflows—and Nivalto’s first engineering leader.

You’ll lead the architecture and specification, drive IETF Internet-Draft development, own reference implementations (validator + lightweight SDKs), define the conformance + interoperability program, and partner with early customers and vendors to prove real-world interoperability—all without disclosing unpublished IP.

In parallel, you’ll establish Nivalto’s engineering discipline (CI/CD, security baseline, release process) and deliver the Payment Fabric stack, including cross-organization collaboration capabilities.

Role overview

You are the founding 0→1 engineering leader responsible for turning Nivalto’s protocol-first vision into an implementation-ready, enterprise-deployable governance and transaction control platform for regulated environments. This is not a demo-building role—you will build the hardened technical core that stands up to audits, breaches, vendor changes, legal discovery, and regulatory scrutiny. You’ll own architecture, security posture, engineering execution, and early team formation, partnering closely with the CEO & VP of Product on sequencing, scope control, and buyer readiness.

What you’ll build (core systems)

Governed execution + evidence layer: fail-closed edge/border enforcement patterns; validator services; canonicalization; signing/verification; receipt generation and pipelines; constrained delegation and capability-scoped authorization; evidence formats, test vectors, verifier utilities, and packaging.

Governed money movement layer: policy-checked orchestration across payment rails/providers; spend authorization; step-up approvals; hard stops; audit trails; integrations for treasury/AP/AR and agent-initiated transactions.

Policy control plane: policy authoring, versioning, approvals, rollout controls; policy evaluation integration enforcing; control mappings appropriate for regulated buyers.

Platform foundations: key management (HSM/KMS), key rotation, incident response; immutable retention and storage tiering; observability and audit exports; multi-tenant vs single-tenant deployment strategy.

Builder/SDK layer: safe integration points, developer-friendly SDKs/templates/adapters, policy-driven routing across multiple model providers, cost controls, and secure-by-default scaffolding.

Responsibilities

Architecture & execution: translate specs into real services/APIs; make ruthless scope tradeoffs while preserving core guarantees.

Security, evidence, audit posture: threat model, key strategy, verifier approach, incident playbooks; ensure outputs are tamper-evident, exportable, and independently verifiable.

Engineering leadership: establish high-standard engineering culture; own vendor/tool choices; build the early team and hiring pipeline.

Customer/partner readiness: support technical diligence, publish realistic integration guidance, and align roadmap to buyer pain—not novelty.

Required qualifications

Engineering leadership + 0→1 execution

10+ years building and leading software systems; prior early-stage / founding engineering leadership.

Proven ability to impose engineering discipline on fast-moving builds (especially with vendors).

Educational Background

MS or PhD in Computer Science, Electrical Engineering, or related field (preferred)

BS in relevant engineering discipline (minimum)

Technical depth (must-have)

Strong backend/platform skills (APIs, distributed systems basics, reliability patterns).

Security-minded implementation skills: signing/verifying, key management concepts, audit trails, tamper-evident logging.

Proven 0→1 to 1→N product leadership: from whiteboard → PRD → shipped platform used by enterprises.

Depth in governance, identity/authorization, or policy systems (e.g., PKI/mTLS, OAuth2/OIDC, Zero Trust; policy-as-code such as OPA/Rego or equivalent).

Fluency with cloud & distributed systems (multi-tenant control planes, Kubernetes-era delivery, observability, SLOs).

Strong standards or ecosystem chops (writing specs, running interop, aligning vendors/customers).

Exceptional writing & communication—clear specifications, design docs, and external-facing briefs.

Operator empathy

Ability to design systems that auditors, admins, and compliance teams can actually use (not just “logs in JSON”).

Highly valued experience

Gateways/proxies, policy engines, authorization systems, compliance logging, evidence pipelines.

Payments orchestration or high-integrity transaction systems (state machines, idempotency, reconciliation).

Regulated domains (banking, healthcare, insurance, trading, supply chain).

Experience building admin tooling and operational consoles.

MLOps experience for edge deployments (model rollout, monitoring, governance, rollback).

Products touching routing, service mesh, SDN, or network security, or AI orchestration in regulated settings.

Participation in IETF/CNCF/W3C/OpenTelemetry/SPIFFE/SPIRE or similar bodies.

Built conformance programs, certification/badging, or marketplace-style verification.

Preferred backgrounds

Security + platform engineering leader (identity, authZ, gateways)

Payments infrastructure engineering leader (orchestration, treasury, risk controls)

“Fixer” engineering leader who stabilized vendor-built systems and scaled them

Potential prior employers (not required): Stripe, Adyen, Modern Treasury, Cloudflare, Okta, AWS, GCP, Microsoft, Plaid, Rippling, Snowflake, Palantir, Databricks (or similar “systems + compliance + scale” environments)

Engagement model and conversion

Pre-seed: Fractional (10–12 hrs/week), equity-first; acts as technical owner with decision authority. Seed capital expected in Q1 2026.

Post-seed: Converts to full-time with salary/bonus and title adjustment to CTO or VP Engineering based on scope and execution.

Apply

Send your LinkedIn/CV and a cover letter addressing the following to careers@nivalto.com with subject: "Founding Head of Engineering "

Work authorization: Open to US and international; relocation/visa considered for exceptional candidates.

EEO & Confidentiality: We’re an equal opportunity employer. Some technical details are shared only post-NDA due to stealth.