Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.
ABOUT THE JOB
We are looking for an Associate General Counsel - Cybersecurity to join our rapidly growing Legal Team in Washington, DC or Costa Mesa, CA to serve as Anduril's primary legal expert on cybersecurity law and compliance.
This role will provide strategic legal counsel on all aspects of cybersecurity affecting Anduril's operations—from advising on government contract cybersecurity requirements (CMMC, NIST 800-171, DFARS 7012) to managing data breach response, supporting cybersecurity compliance frameworks, and negotiating security terms in commercial and government contracts.
You will partner closely with Anduril's Chief Information Security Officer (CISO), IT Security, Engineering, Compliance, and Business Development teams to translate complex cybersecurity regulations into practical, scalable solutions that enable our mission while protecting our systems, data, and customers. This is not a traditional compliance role—you'll be building and owning Anduril's cybersecurity legal program from the ground up in a fast-paced, high-growth defense technology company.
Anduril is a fast-growing company at the early stages of growth. Consistent with this fast growth, members of Anduril's Legal Team must be resourceful, creative, and eager to take ownership of complex matters. Our team is passionate about the law and policy of defense technology and you should have an independent interest in cybersecurity issues facing dual-use technology companies. Anduril fosters a diverse, collaborative culture with tremendous opportunities for ownership and professional growth.
WHAT YOU'LL DO
Strategic Cybersecurity Counseling
- Serve as Anduril's primary legal expert on cybersecurity law, providing strategic advice to executive leadership, the CISO, and business units on complex cybersecurity legal and regulatory issues
- Advise on cybersecurity requirements in government contracts including FAR/DFARS cybersecurity clauses (DFARS 7012, 7019, 7020), CMMC compliance pathways, NIST 800-171 obligations, contractor classified infrastructure regulations (NISPOM, DAAG) and agency-specific security requirements (DoD, DHS, DoE)
- Counsel on cybersecurity aspects of OTAs, prototype agreements, production contracts, and other non-traditional contract vehicles
- Review, negotiate, and draft cybersecurity terms in government contracts, commercial agreements, teaming arrangements, and vendor/supplier contracts
- Provide thought leadership on emerging cybersecurity regulations affecting defense contractors and autonomous systems operators
Compliance Program Development & Management
- Design, implement, and continuously improve Anduril's cybersecurity compliance program, policies, and internal controls in partnership with the CISO and Security team
- Develop and maintain cybersecurity policies, procedures, playbooks, and templates aligned with contractual obligations and regulatory requirements
- Support CMMC assessments and certifications, working with C3PAOs and ensuring legal alignment with assessment requirements
- Advise on system security plans (SSPs), plans of action and milestones (POA&Ms), and other security documentation
- Monitor and assess emerging cybersecurity laws, regulations, executive orders, and agency guidance (e.g., CISA directives, OMB memoranda, DoD cybersecurity initiatives) and advise on business impact
- Support internal and external audits, assessments, and regulatory inquiries related to cybersecurity compliance
Incident Response & Crisis Management
- Lead legal aspects of cybersecurity incident response, including assessment of notification and reporting obligations under federal regulations (e.g., DFARS 252.204-7012, Cyber Incident Reporting for Critical Infrastructure Act) and state breach notification laws
- Advise on incident containment strategies, forensic investigations, and post-incident remediation from a legal perspective
- Coordinate with outside counsel, forensic vendors, and cyber insurance carriers during security incidents
- Manage privilege considerations during investigations and ensure appropriate documentation and communications
- Prepare executives and board members for incident-related communications and disclosures
Cross-Functional Collaboration
- Partner with IT Security, Engineering, and Product teams on cybersecurity requirements for product development, cloud architecture, data handling, and system access controls
- Work with Contracts team to ensure cybersecurity terms flow down appropriately to subcontractors and suppliers
- Collaborate with Compliance team on cybersecurity training programs for employees, contractors, and third parties
- Support Business Development in addressing customer cybersecurity requirements during capture and proposal phases
- Advise on cybersecurity due diligence for mergers, acquisitions, partnerships, and other strategic transactions
- Engage with industry coalitions, government agencies, and standards bodies on cybersecurity policy and best practices
Cybersecurity Risk Management
- Assess and advise on cybersecurity risks in business operations, third-party relationships, and new initiatives
- Review and negotiate cybersecurity insurance policies and advise on coverage issues
- Develop risk-based approaches to cybersecurity compliance that balance regulatory requirements with business objectives
- Support executive decision-making on cybersecurity investments and risk acceptance
REQUIRED QUALIFICATIONS
- J.D. from an accredited law school and admission to practice in at least one U.S. jurisdiction (DC or CA Bar strongly preferred)
- 8-12 years of legal experience with substantial focus on cybersecurity law, either at a law firm, government agency, or in-house at a technology or defense company
- Deep knowledge of cybersecurity laws and regulations applicable to government contractors, including FAR/DFARS cybersecurity requirements, CMMC framework, NIST standards (particularly NIST 800-171), and federal breach notification/reporting obligations
- Proven experience advising clients on cybersecurity compliance programs, incident response, and security-related investigations
- Experience negotiating cybersecurity terms in government contracts and commercial agreements, including security controls, audit rights, liability allocation, and indemnification provisions
- Strong understanding of information security concepts, including network security, encryption, access controls, threat intelligence, and security frameworks (NIST CSF, ISO 27001)
- Excellent analytical, problem-solving, and risk assessment skills with ability to translate technical security concepts into clear legal advice
- Exceptional written and verbal communication skills with ability to explain complex cybersecurity legal issues to technical and non-technical audiences, including executives
- Demonstrated ability to work independently and manage multiple complex matters simultaneously in a fast-paced environment
- Strong judgment and business acumen with track record of providing practical, solution-oriented advice
- Must be a U.S. Person due to required access to U.S. export controlled information or facilities
- This position requires occasional travel to Anduril facilities (Costa Mesa, Washington DC, Atlanta, and emerging manufacturing sites), customer locations, and industry conferences. Employee should expect up to** **20% travel.
PREFERRED QUALIFICATIONS
- Combination of law firm and in-house experience, particularly in-house experience as primary cybersecurity legal owner at a defense contractor, technology company, or critical infrastructure operator
- Experience with government cybersecurity audits, assessments, and investigations (e.g., DCMA DIBCAC reviews, CMMC assessments, agency inspector general investigations)
- Deep familiarity with DoD cybersecurity ecosystem including Defense Industrial Base (DIB) programs, Defense Counterintelligence and Security Agency (DCSA) requirements, and DoD Chief Information Officer (CIO) guidance
- Experience with cybersecurity aspects of cloud computing, software-as-a-service, and AI/ML systems
- Background in incident response including experience managing data breaches, ransomware events, or supply chain compromises
- Understanding of threat intelligence, vulnerability management, and security operations center (SOC) functions
- Cybersecurity or information security certifications (e.g., CISSP, CIPP, CISM) or willingness to obtain
- Experience engaging with regulators, including CISA, FBI, DoD Cyber Crime Center, or state attorneys general on cybersecurity matters
- Experience with cybersecurity aspects of international operations and data transfers
- Pre-law school technical background or experience working with engineers and security practitioners
- Strong interest in defense technology and autonomous systems security
- Currently possesses and is able to maintain an active U.S. Secret security clearance
- Bilingual candidates would be a benefit
US Salary Range
$220,000—$292,000 USD
The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including:
Benefits
At Anduril, we invest in our people. Our comprehensive, competitive benefits package (available at little to no cost to employees) ensures you’re supported in health, recovery, and whatever comes next. For more information, Explore Our Benefits.
Protecting Yourself from Recruitment Scams
Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.
To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:
**No Financial Requests: **Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.
Please always verify communications:
- Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an
@anduril.comaddress. - Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency's authenticity by reaching out to contact@anduril.com.
- Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an
Exercise Caution with Unsolicited Outreach: If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not engage. Always confirm the sender's email domain is @anduril.com before providing any personal information or clicking on links.
What to Do If You Suspect Fraud: Should you encounter any questionable or fraudulent outreach claiming to be from Anduril, please report it immediately to contact@anduril.com. Your proactive caution is invaluable in protecting your personal information and upholding the security and trustworthiness of our recruitment efforts.
Data Privacy
To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/.
By submitting your application, you consent to Anduril Industries using a third-party service provider to conduct pre-employment risk, integrity, and due diligence screening and assessing potential risks as part of your application process. This third-party service provider provides risk-intelligence services that may include analysis of sanctions and watchlists, adverse media, public-record information, and other lawful open-source or commercial data sources. This third-party service provider does not act as a consumer reporting agency. Use of this provider helps to ensure compliance with applicable laws and protect technology, intellectual property, and organizational security.