About the role

Senior Information Security Engineer managing vulnerability management for Hiive’s AI implementation, ensuring security in a growing tech environment. Involves collaboration across departments and hands-on threat management.

Responsibilities

Own vulnerability management end-to-end on a three-person security team.
Be the security partner for every department adopting AI.
Triaging and coordinating remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, security advisories, and external bug reports on a defined SLA.
Tuning the existing security stack, reducing noise, and prioritizing exploitable vulnerabilities over raw severity — validating real-world exposure before remediation effort is spent.
Integrating LLM-based code review into the CI/CD pipeline.
Acting as the security point of contact for any department adopting AI tools, agents, MCP integrations, or custom AI/ML pipelines.
Owning the vendor security review process end-to-end.
Running internal penetration testing, red team exercises, and threat hunting across AWS, Kubernetes, and Docker.
Supporting incident response — investigation, containment, post-incident review.
Maintaining asset inventory and SBOMs.

3+ years of hands-on security experience spanning vulnerability management, application security, or penetration testing.
Operating proficiency with SAST, SCA, DAST, and external reconnaissance tooling.
Hands-on cloud security in AWS, with working knowledge of Kubernetes and container security.
Working knowledge of CI/CD pipelines and where security gates fit in the development workflow.
Familiarity with dependency management, SBOM generation, and software supply chain risks.
Willingness to use AI tools daily — coding agents, LLM-based scanners — and learn fast as the tooling evolves.
Clear communication: you can translate vulnerability data and AI risk into language non-technical stakeholders can act on.
Experience evaluating or securing AI/ML tools in an enterprise setting, including vendor assessments, data classification for AI inputs, or writing AI acceptable use policies is preferred.
CISSP or OSCP certification is preferred.
CEH certification is preferred.
Familiarity with AI-specific risks: prompt injection, excessive agency, agentic supply chain threats (OWASP LLM Top 10, OWASP Agentic Top 10) is preferred.
Experience with LLM-based security tools or autonomous vulnerability discovery is preferred.
Background in cloud security posture management or infrastructure-as-code security is preferred.
Familiarity with NIST CSF, MITRE ATT&CK/ATLAS, or SOC 2 compliance is preferred.
Prior work on a small, high-autonomy security team where you wore multiple hats is preferred.

Highly competitive salary commensurate with experience and contribution.
Opportunity to participate in ownership of a rapidly growing company through our employee stock option plan.
Comprehensive 100% employer-paid health and dental premiums, a health and personal spending account.
Dedicated desk in Vancouver, BC HQ, in the heart of downtown, with healthy snacks and drinks, onsite gym, and rooftop amenity.
$20-per-day commuter benefit for every day you work in Vancouver HQ.
Engaging social calendar including bi-weekly catered lunches, team workouts, annual party events, semi-annual team-building events.
Significant opportunities for growth into team leadership and management roles.
Entrepreneurial culture and a small and dynamic team.
Sponsorship, immigration, and relocation for exceptional candidates.