Associate General Counsel, Cybersecurity

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI‑powered operating system that turns thousands of data streams into a realtime, 3D command and control center.

As the world enters an era of strategic competition, Anduril is committed to bringing cutting‑edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.

We are looking for an Associate General Counsel - Cybersecurity to join our rapidly growing Legal Team in Washington, DC or Costa Mesa, CA to serve as Anduril's primary legal expert on cybersecurity law and compliance. This role will provide strategic legal counsel on all aspects of cybersecurity affecting Anduril's operations—from advising on government contract cybersecurity requirements (CMMC, NIST 800‑171, DFARS 7012) to managing data breach response, supporting cybersecurity compliance frameworks, and negotiating security terms in commercial and government contracts.

You will partner closely with Anduril's Chief Information Security Officer (CISO), IT Security, Engineering, Compliance, and Business Development teams to translate complex cybersecurity regulations into practical, scalable solutions that enable our mission while protecting our systems, data, and customers. This is not a traditional compliance role—you’ll be building and owning Anduril's cybersecurity legal program from the ground up in a fast‑paced, high‑growth defense technology company.

Anduril is a fast‑growing company at the early stages of growth. Consistent with this fast growth, members of Anduril's Legal Team must be resourceful, creative, and eager to take ownership of complex matters. Our team is passionate about the law and policy of defense technology and you should have an independent interest in cybersecurity issues facing dual‑use technology companies. Anduril fosters a diverse, collaborative culture with tremendous opportunities for ownership and professional growth.

• Serve as Anduril's primary legal expert on cybersecurity law, providing strategic advice to executive leadership, the CISO, and business units on complex cybersecurity legal and regulatory issues
• Advise on cybersecurity requirements in government contracts including FAR/DFARS cybersecurity clauses (DFARS 7012, 7019, 7020), CMMC compliance pathways, NIST 800‑171 obligations, contractor classified infrastructure regulations (NISPOM, DAAG) and agency‑specific security requirements (DoD, DHS, DoE)
• Counsel on cybersecurity aspects of OTAs, prototype agreements, production contracts, and other non‑traditional contract vehicles
• Review, negotiate, and draft cybersecurity terms in government contracts, commercial agreements, teaming arrangements, and vendor/supplier contracts
• Provide thought leadership on emerging cybersecurity regulations affecting defense contractors and autonomous systems operators

• Design, implement, and continuously improve Anduril's cybersecurity compliance program, policies, and internal controls in partnership with the CISO and Security team
• Develop and maintain cybersecurity policies, procedures, playbooks, and templates aligned with contractual obligations and regulatory requirements
• Support CMMC assessments and certifications, working with C3
  
  PAOs and ensuring legal alignment with assessment requirements
• Advise on system security plans (SSPs), plans of action and milestones (POA&Ms), and other security documentation
• Monitor and assess emerging cybersecurity laws, regulations, executive orders, and agency guidance (e.g., CISA directives, OMB memoranda, DoD cybersecurity initiatives) and advise on business impact
• Support internal and external audits, assessments, and regulatory inquiries related to cybersecurity compliance