As a
Senior Information Security Engineer at Hiive, you'll own vulnerability management end-to-end on a three-person security team and be the security partner for every department adopting AI. Teams across the company - engineering, product, operations, finance - are rolling out AI tools and agents at an accelerating pace, and you'll make sure that happens without opening new attack surface or leaking sensitive data. You'll also keep our patching, scanning, and remediation cycles ahead of an industry curve where time-to-exploitation has collapsed from months to hours.
In this role, your responsibilities would include:- Triaging and coordinating remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, security advisories, and external bug reports on a defined SLA.
- Tuning the existing security stack, reducing noise, and prioritizing exploitable vulnerabilities over raw severity - validating real-world exposure before remediation effort is spent.
- Integrating LLM-based code review into the CI/CD pipeline so every change - human-written or AI-generated - gets a security review before merge.
- Acting as the security point of contact for any department adopting AI tools, agents, MCP integrations, or custom AI/ML pipelines: reviewing proposals, flagging risks, and helping teams move forward safely.
- Defining and maintaining practical guardrails for enterprise AI use - approved tool lists, data classification rules for AI inputs, access controls, and acceptable use policies.
- Owning the vendor security review process end-to-end, including AI-specific assessments (data retention, model training on customer data, MCP servers, agentic tooling) and maintaining a vendor risk register.
- Running internal penetration testing, red team exercises, and threat hunting across AWS, Kubernetes, and Docker.
- Supporting incident response - investigation, containment, post-incident review - and deploying lightweight deception (canary tokens, honey credentials) on critical systems.
- Maintaining asset inventory and SBOMs so we can respond quickly when new CVEs drop or coordinated disclosure waves hit.
- Reporting vulnerability posture metrics to the CISO in business terms suitable for leadership communication.
Required Skills:- 3+ years of hands-on security experience spanning vulnerability management, application security, or penetration testing.
- Operating proficiency with SAST, SCA, DAST, and external reconnaissance tooling.
- Hands-on cloud security in AWS, with working knowledge of Kubernetes and container security.
- Working knowledge of CI/CD pipelines and where security gates fit in the development workflow.
- Familiarity with dependency management, SBOM generation, and software supply chain risks.
- Willingness to use AI tools daily - coding agents, LLM-based scanners - and learn fast as the tooling evolves.
- Clear communication: you can translate vulnerability data and AI risk into language non-technical stakeholders can act on.
Preferred Skills:- Experience evaluating or securing AI/ML tools in an enterprise setting, including vendor assessments, data classification for AI inputs, or writing AI acceptable use policies.
- CISSP or OSCP certification
- CEH certification
- Familiarity with AI-specific risks: prompt injection, excessive agency, agentic supply chain threats (OWASP LLM Top 10, OWASP Agentic Top 10).
- Experience with LLM-based security tools or autonomous vulnerability discovery.
- Background in cloud security posture management or infrastructure-as-code security.
- Familiarity with NIST CSF, MITRE ATT&CK/ATLAS, or SOC 2 compliance.
- Prior work on a small, high-autonomy security team where you wore multiple hats.
Compensation, Benefits & Perks:- Highly competitive salary commensurate with experience and contribution.
- Opportunity to participate in ownership of a rapidly growing company through our employee stock option plan.
- Comprehensive 100% employer-paid health and dental premiums, a health and personal spending account.
- If you are based in Vancouver, enjoy a dedicated desk in our Vancouver, BC HQ, in the heart of downtown, with a fridge stocked with healthy snacks and drinks, an onsite gym, and a gorgeous rooftop amenity.
- Enjoy a $20-per-day commuter benefit for every day you work in our Vancouver HQ.
- An engaging social calendar, including bi-weekly catered lunches, bi-weekly "Friday bar," team workouts, annual summer party, and holiday party, two "onsite" all-team retreats each year, semi-annual team-building events, and Hiive Women's Network events.
- Significant opportunities for growth into team leadership and management roles.
- Entrepreneurial culture and a small and dynamic team.
- Sponsorship, immigration, and relocation for exceptional candidates.
