Security Engineer, Trust

We're hiring a Trust & Assurance Engineer to build and run the systems that keep Harmonic's security and compliance programs accurate, automated, and useful. This is a hands‑on, engineering‑focused role – not a checkbox ticker. You'll design and implement the tooling, workflows, and automation that ensure our controls, evidence, and risks are continuously measured and easy to manage. You'll lead the external view of Harmonic's trust posture. This means keeping our security documentation and whitepapers current, and working with Sales, Legal, and GTM teams when customers need clarity on how we operate. Internally, you'll drive how we meet and maintain standards like SOC 2, ISO 27001, HIPAA, and GDPR – while preparing us for upcoming frameworks including ISO 42001, NIST AI RMF, and FedRAMP. This role suits someone who enjoys solving open‑ended problems, works comfortably across engineering and non‑technical teams, and can turn compliance requirements into well‑engineered or automated systems. You'll partner closely with Product Security, Security Engineering, TechOps, and the wider business to build a trust program that scales with the company. What You'll Do Lead and operate Harmonic's Trust & Assurance programme – covering controls, evidence, reporting, and ongoing compliance activities across SOC 2, ISO 27001, HIPAA, GDPR, and future frameworks. Design and implement automation for compliance monitoring, evidence collection, and control validation using platforms like Tines and API‑based workflows. Lead the technical implementation work required to prepare for ISO 42001, including mapping requirements, reviewing controls, and building supporting workflows to gather evidence. Maintain Harmonic's external trust assets, including our security whitepaper and customer‑facing documentation related to security, trust and privacy. Partner with GTM, Customer Success, and Legal during security reviews, contract discussions, and support solutions architects on customer questionnaires to provide accurate and consistent information. Run and improve our internal ISMS processes, including risk assessments, control reviews, remediation tracking, and management reviews. Build an engineered approach to risk management by designing a system that captures risks, assesses them using measurable signals, and reports them with useful metrics. Work with Product Security to ensure our trust posture aligns with how our products are built and shipped. Support security awareness initiatives, helping teams understand how trust and compliance fit into day‑to‑day operations and drive revenue. Continuously research frameworks and standards, translating requirements into practical and scalable implementations without relying on rote knowledge. What Success Looks Like (6–12 months) Redesign our evidence and control workflow by reviewing our current compliance platform and implementing an improved, automated evidence collection and renewal process that reduces manual work and improves accuracy. Establish clear ownership for controls and evidence by working with functional teams to define owners, responsibilities, and lightweight processes that integrate into existing workflows (e.g., Slack, tickets, dashboards). Progress ISO 42001 and NIST AI RMF readiness, including completing our initial gap assessment, defining required controls, and delivering the first phase of implementation work that puts us on track for ISO 42001 certification by 2027. Maintain an accurate and up‑to‑date external Trust Center, ensuring documentation, diagrams, and security whitepapers are refreshed, on‑brand, and aligned with our current posture. Automate recurring trust tasks that support Sales and GTM, building workflows and resources that help Solutions Architects complete security questionnaires efficiently, and providing clarification or technical input when they need support – reducing overall turnaround time for customer evaluations. Create and maintain an internal security knowledge base, giving all employees a single, reliable place to find answers about our security posture, compliance frameworks, and common customer questions. Support upcoming renewal audits for SOC 2, ISO 27001, and HIPAA by ensuring evidence, controls, and documentation are complete, accurate, and audit‑ready. Develop a practical and engaging internal security awareness programme, with a specific focus on responsible use of AI, and deliver it in a way that fits naturally into the company's existing culture and workflows. Flourish in the Unknown: We relish being thrown into new, unfamiliar situations that require initiative and rapid decision‑making. We orient ourselves quickly and deliver results with minimal guidance. Never Full: We never hesitate to raise our hands and take on challenges to assist those in need. We hunger for opportunities to learn and do more. Perfect Harmony: We have a genuine willingness to assist and support one another to create cohesion and unity. We foster success through collaboration and honest sharing of feedback and ideas, enabling everyone to grow and produce their best work. Qualifications Hands‑on engineering experience, comfortable building automations, integrating APIs, and using platforms like Tines to replace repetitive compliance tasks. A practical understanding of security and compliance, with experience working with frameworks such as SOC 2, ISO 27001, HIPAA, or GDPR – without expecting a checklist mentality. Ability to design systems for evidence, controls, risk, and monitoring, not just execute one‑off audits. Strong analytical and problem‑solving skills, able to break down ambiguous requirements and turn them into clear, maintainable processes. Experience working closely with cross‑functional partners, including Engineering, Product and GTM. Clear communication skills, able to explain technical topics to non‑technical stakeholders and represent Harmonic confidently in customer conversations. Comfort working in a high‑velocity environment, switching between implementation work, cross‑functional support, and research. A self‑starter approach, able to lead complex work independently and take ownership of outcomes. Curiosity and adaptability, especially around emerging frameworks such as ISO 42001, the NIST AI RMF, or new trust expectations in AI‑driven environments. You Might Be a Fit If You… Prefer building automated systems over running manual checklists, and see compliance as an engineering problem, not paperwork. Enjoy digging into how teams work, understanding their processes, and designing controls or automations that make compliance seamless. Are comfortable learning new frameworks quickly and translating them into practical, lightweight, and measurable controls. Communicate clearly with both engineers and customer‑facing teams, especially during audits or security reviews. Thrive in fast‑moving environments where you have ownership, context switching, and the need to solve open‑ended problems. About the Team Our goal is simple: enable engineering teams to move fast and ship securely. We do this by creating the tools, standards, and systems that make secure development seamless – from code to cloud. Whether it's hardening pipelines, tuning detection tooling, or staying ahead of emerging AI risks, we build the connective tissue that keeps Harmonic's products secure and trusted. This team operates at the heart of our engineering culture – hands‑on, collaborative, and pragmatic. We bridge the gap between security and development, helping both move faster and with more confidence. Harmonic Security lets teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. It gives enterprises full control and stops leaks so that their teams can innovate confidently. We are led by cybersecurity experts and backed by top investors including N47, Ten Eleven Ventures, and In‑Q‑Tel. We've gained early traction and product‑market fit with a world‑class team, and we're now focused on laying the foundation for a truly iconic global brand. This is your opportunity to join us early and shape not just a brand, but a category. Why Join Us Competitive pay and meaningful equity with a direct stake in Harmonic's success. Comprehensive benefits, pension plan, generous PTO, and flexible hybrid work. A small, passionate team that values transparency, creativity, and learning. Thoughtful leadership that cares deeply about growth, impact, and people. Annual global offsites (past trips include Lisbon and Nashville). The chance to directly shape both our product and our culture as we build a category‑defining company. #J-18808-Ljbffr