Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.
Team Overview
The Security Applications & Tools (SAT) team within Lattice Platform Security builds custom software systems that detect, manage, and remediate vulnerabilities across Anduril's product ecosystem at scale. We don't just deploy scanners — we design and build distributed scanning infrastructure, policy enforcement engines, and vulnerability management platforms from the ground up. Our stack includes event-driven architectures on AWS, custom Go services, policy-as-code systems, and integrations that span CI pipelines to production environments.
Job Description
We're looking for a senior software engineer to design and build the systems that keep Anduril's software secure. This is a software engineering role first — you'll architect distributed systems, write production Go and Python, build APIs, and operate services at scale. The domain is security, but the work is building real software: custom scanning orchestration pipelines, policy engines that evaluate thousands of configurations against security rules, and data systems that track vulnerabilities across an entire product ecosystem. If you want to write code that solves hard engineering problems in the security space rather than configure off-the-shelf tools, this is the role.
Key Responsibilities
- Design and build distributed services for vulnerability scanning, policy enforcement, and remediation workflows
- Develop and extend the team's scanning orchestration platform — an event-driven architecture built on AWS (SQS, Lambda, S3, ECR) that processes scan events at org-wide scale
- Build and maintain policy-as-code systems that programmatically enforce security policy in CI/CD pipelines and deployment configurations
- Design APIs and CLIs that integrate security tooling into developer workflows without creating friction
- Develop data pipelines that aggregate, normalize, and route findings from multiple scanning engines into vulnerability management systems
- Collaborate with engineering teams across Anduril to understand their security needs and build tooling that addresses them
- Evaluate third-party security tools and build custom integrations or replacements where needed
- Participate in on-call rotation for security tooling infrastructure
Required Qualifications
- 5+ years of experience designing and developing production software systems
- Strong proficiency in Go — this is the team's primary language for backend services
- Experience building distributed systems or data pipelines (event-driven architectures, message queues, APIs, worker systems)
- Proficiency with Python for scripting, automation, and tooling
- Experience with cloud infrastructure (AWS preferred: Lambda, SQS, S3, ECR, or equivalent)
- Ability to read and understand security tool output (vulnerability reports, SBOMs, static analysis results) and build systems around it
- Strong communication skills with the ability to work across teams
- Eligible to obtain and maintain active U.S. Secret security clearance
Preferred Qualifications
- Experience with CI/CD systems (CircleCI, GitHub Actions) and building integrations for developer workflows
- Familiarity with container security concepts, SBOM generation tools (Syft), and vulnerability scanners (Trivy, Grype, Semgrep)
- Experience with Terraform and infrastructure-as-code
- Experience with policy-as-code frameworks (OPA/Rego, Conftest)
- Background in application security or product security engineering
- Experience with Kubernetes and container orchestration
- Familiarity with Nix build systems
US Salary Range
$191,000—$253,000 USD
The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including:
Benefits
At Anduril, we invest in our people. Our comprehensive, competitive benefits package (available at little to no cost to employees) ensures you’re supported in health, recovery, and whatever comes next. For more information, Explore Our Benefits.
Protecting Yourself from Recruitment Scams
Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.
To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:
**No Financial Requests: **Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.
Please always verify communications:
- Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an
@anduril.comaddress. - Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency's authenticity by reaching out to contact@anduril.com.
- Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an
Exercise Caution with Unsolicited Outreach: If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not engage. Always confirm the sender's email domain is @anduril.com before providing any personal information or clicking on links.
What to Do If You Suspect Fraud: Should you encounter any questionable or fraudulent outreach claiming to be from Anduril, please report it immediately to contact@anduril.com. Your proactive caution is invaluable in protecting your personal information and upholding the security and trustworthiness of our recruitment efforts.
Data Privacy
To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/.
By submitting your application, you consent to Anduril Industries using a third-party service provider to conduct pre-employment risk, integrity, and due diligence screening and assessing potential risks as part of your application process. This third-party service provider provides risk-intelligence services that may include analysis of sanctions and watchlists, adverse media, public-record information, and other lawful open-source or commercial data sources. This third-party service provider does not act as a consumer reporting agency. Use of this provider helps to ensure compliance with applicable laws and protect technology, intellectual property, and organizational security.