Senior Security Engineer

Hiive is redefining how private companies and their shareholders access liquidity. Through its institutional-grade platform, Hiive brings together buyers, sellers, and issuers to facilitate secondary transactions in venture-backed, pre-IPO companies, introducing efficiency, transparency, and standardization to an otherwise opaque asset class.

Recognized as one of Canada’s fastest-growing companies and backed by leading U.S. investors, Hiive is profitable, well-capitalized, and building a high-performance team to meet growing demand and pursue new market opportunities.

Interested in learning more about life at Hiive? Check out our careers page to see how you can grow with us!

As a Senior Information Security Engineer at Hiive, you'll own vulnerability management end-to-end on a three-person security team and be the security partner for every department adopting AI. Teams across the company — engineering, product, operations, finance — are rolling out AI tools and agents at an accelerating pace, and you'll make sure that happens without opening new attack surface or leaking sensitive data. You'll also keep our patching, scanning, and remediation cycles ahead of an industry curve where time-to-exploitation has collapsed from months to hours.

• →

  Triaging and coordinating remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, security advisories, and external bug reports on a defined SLA.

• →

  Tuning the existing security stack, reducing noise, and prioritizing exploitable vulnerabilities over raw severity — validating real-world exposure before remediation effort is spent.

• →

  Integrating LLM-based code review into the CI/CD pipeline so every change — human-written or AI-generated — gets a security review before merge.

• →

  Acting as the security point of contact for any department adopting AI tools, agents, MCP integrations, or custom AI/ML pipelines: reviewing proposals, flagging risks, and helping teams move forward safely.

• →

  Defining and maintaining practical guardrails for enterprise AI use — approved tool lists, data classification rules for AI inputs, access controls, and acceptable use policies.

• →

  Owning the vendor security review process end-to-end, including AI-specific assessments (data retention, model training on customer data, MCP servers, agentic tooling) and maintaining a vendor risk register.

• →

  Running internal penetration testing, red team exercises, and threat hunting across AWS, Kubernetes, and Docker.

• →

  Supporting incident response — investigation, containment, post-incident review — and deploying lightweight deception (canary tokens, honey credentials) on critical systems.

• →

  Maintaining asset inventory and SBOMs so we can respond quickly when new CVEs drop or coordinated disclosure waves hit.

• →

  Reporting vulnerability posture metrics to the CISO in business terms suitable for leadership communication.

• 3+ years of hands-on security experience spanning vulnerability management, application security, or penetration testing.

• Operating proficiency with SAST, SCA, DAST, and external reconnaissance tooling.

• Hands-on cloud security in AWS, with working knowledge of Kubernetes and container security.

• Working knowledge of CI/CD pipelines and where security gates fit in the development workflow.

• Familiarity with dependency management, SBOM generation, and software supply chain risks.

• Willingness to use AI tools daily — coding agents, LLM-based scanners — and learn fast as the tooling evolves.

• Clear communication: you can translate vulnerability data and AI risk into language non-technical stakeholders can act on.

• Experience evaluating or securing AI/ML tools in an enterprise setting, including vendor assessments, data classification for AI inputs, or writing AI acceptable use policies.

• CISSP or OSCP certification

• CEH certification

• Familiarity with AI-specific risks: prompt injection, excessive agency, agentic supply chain threats (OWASP LLM Top 10, OWASP Agentic Top 10).

• Experience with LLM-based security tools or autonomous vulnerability discovery.

• Background in cloud security posture management or infrastructure-as-code security.

• Familiarity with NIST CSF, MITRE ATT&CK/ATLAS, or SOC 2 compliance.

• Prior work on a small, high-autonomy security team where you wore multiple hats.

As part of our recruitment and hiring process, Hiive may use automated tools, including artificial intelligence (AI), to assist in screening applications, evaluating candidate qualifications, and supporting interview processes. These tools are designed to support and inform human decision-making and are not used as the sole basis for any employment decision.

We may collect, use, and analyze personal information you provide in connection with your application, including generating insights or inferences to assess job-related qualifications. This information is used for recruitment, evaluation, and compliance purposes in accordance with applicable law.

We take reasonable steps to evaluate and monitor our hiring tools and practices to promote fairness, consistency, and non-discrimination. Where required by applicable law - including in Ontario, Quebec, New York City, Illinois, and California - we conduct or rely on assessments such as bias audits, honor rights related to automated decision-making, and provide additional disclosures on request.

Depending on your location, you may have certain rights with respect to your personal information and the use of automated processing, including the right to request access to, correction of, or deletion of your information, or to receive additional information about our data practices. We honor such rights where required by applicable law.

For accommodation requests or questions about this notice, contact careers@hiive.com.