Senior Security Engineer

Hiive is redefining how private companies and their shareholders access liquidity. Through its institutional-grade platform Hiive brings together buyers sellers and issuers to facilitate secondary transactions in venture-backed pre-IPO companies introducing efficiency transparency and standardization to an otherwise opaque asset class.

Recognized as one of Canadas fastest-growing companies and backed by leading U.S. investors Hiive is profitable well-capitalized and building a high-performance team to meet growing demand and pursue new market opportunities.

Interested in learning more about life at Hiive Check out our careers page to see how you can grow with us!

As a Senior Information Security Engineer at Hiive youll own vulnerability management end-to-end on a three-person security team and be the security partner for every department adopting AI. Teams across the company engineering product operations finance are rolling out AI tools and agents at an accelerating pace and youll make sure that happens without opening new attack surface or leaking sensitive data. Youll also keep our patching scanning and remediation cycles ahead of an industry curve where time-to-exploitation has collapsed from months to hours.

In this role your responsibilities would include:

• Triaging and coordinating remediation of vulnerabilities across SAST SCA DAST CSPM external reconnaissance security advisories and external bug reports on a defined SLA.

• Tuning the existing security stack reducing noise and prioritizing exploitable vulnerabilities over raw severity validating real-world exposure before remediation effort is spent.

• Integrating LLM-based code review into the CI/CD pipeline so every change human-written or AI-generated gets a security review before merge.

• Acting as the security point of contact for any department adopting AI tools agents MCP integrations or custom AI/ML pipelines: reviewing proposals flagging risks and helping teams move forward safely.

• Defining and maintaining practical guardrails for enterprise AI use approved tool lists data classification rules for AI inputs access controls and acceptable use policies.

• Owning the vendor security review process end-to-end including AI-specific assessments (data retention model training on customer data MCP servers agentic tooling) and maintaining a vendor risk register.

• Running internal penetration testing red team exercises and threat hunting across AWS Kubernetes and Docker.

• Supporting incident response investigation containment post-incident review and deploying lightweight deception (canary tokens honey credentials) on critical systems.

• Maintaining asset inventory and SBOMs so we can respond quickly when new CVEs drop or coordinated disclosure waves hit.

• Reporting vulnerability posture metrics to the CISO in business terms suitable for leadership communication.

Required Skills:

• 3 years of hands-on security experience spanning vulnerability management application security or penetration testing.

• Operating proficiency with SAST SCA DAST and external reconnaissance tooling.

• Hands-on cloud security in AWS with working knowledge of Kubernetes and container security.

• Working knowledge of CI/CD pipelines and where security gates fit in the development workflow.

• Familiarity with dependency management SBOM generation and software supply chain risks.

• Willingness to use AI tools daily coding agents LLM-based scanners and learn fast as the tooling evolves.

• Clear communication: you can translate vulnerability data and AI risk into language non-technical stakeholders can act on.

Preferred Skills:

• Experience evaluating or securing AI/ML tools in an enterprise setting including vendor assessments data classification for AI inputs or writing AI acceptable use policies.

• CISSP or OSCP certification

• CEH certification

• Familiarity with AI-specific risks: prompt injection excessive agency agentic supply chain threats (OWASP LLM Top 10 OWASP Agentic Top 10).

• Experience with LLM-based security tools or autonomous vulnerability discovery.

• Background in cloud security posture management or infrastructure-as-code security.

• Familiarity with NIST CSF MITRE ATT&CK/ATLAS or SOC 2 compliance.

• Prior work on a small high-autonomy security team where you wore multiple hats.

Compensation Benefits & Perks:

• Highly competitive salary commensurate with experience and contribution.

• Opportunity to participate in ownership of a rapidly growing company through our employee stock option plan.

• Comprehensive 100% employer-paid health & dental premiums and a Health/Personal Spending Account for Canadian employees. (An employer-subsidized benefits program is available for US-based team members).

• If you are based in Vancouver enjoy a dedicated desk in our Vancouver BC HQ in the heart of downtown with a fridge stocked with healthy snacks and drinks an onsite gym and a gorgeous rooftop amenity.

• Enjoy a $20-per-day commuter benefit for every day you work in our Vancouver HQ.

• An engaging social calendar including bi-weekly catered lunches bi-weekly Friday bar team workouts annual summer party and holiday party two onsite all-team retreats each year semi-annual team-building events and Hiive Womens Network events.

• Significant opportunities for growth into team leadership and management roles.

• Entrepreneurial culture and a small and dynamic team.

• Sponsorship immigration and relocation for exceptional candidates.

Hiive is committed to fostering an inclusive workplace where all individuals have an opportunity to succeed.

AI automated tools and applicant privacy notice:

As part of our recruitment and hiring process Hiive may use automated tools including artificial intelligence (AI) to assist in screening applications evaluating candidate qualifications and supporting interview processes. These tools are designed to support and inform human decision-making and are not used as the sole basis for any employment decision.

We may collect use and analyze personal information you provide in connection with your application including generating insights or inferences to assess job-related qualifications. This information is used for recruitment evaluation and compliance purposes in accordance with applicable law.

We take reasonable steps to evaluate and monitor our hiring tools and practices to promote fairness consistency and non-discrimination. Where required by applicable law - including in Ontario Quebec New York City Illinois and California - we conduct or rely on assessments such as bias audits honor rights related to automated decision-making and provide additional disclosures on request.

Depending on your location you may have certain rights with respect to your personal information and the use of automated processing including the right to request access to correction of or deletion of your information or to receive additional information about our data practices. We honor such rights where required by applicable law.

For accommodation requests or questions about this notice contact

Required Experience:

Senior IC