New The Skills of Tomorrow: how AI-exposed is every skill in 2026? See the data →
Anduril Industries

Associate General Counsel, Cybersecurity

Anduril Industries
Apply →
onsite senior full-time Washington, District of Columbia, United States

First indexed 5 Jun 2026

Description

We are looking for an Associate General Counsel - Cybersecurity to join our rapidly growing Legal Team in Washington, DC or Costa Mesa, CA to serve as Anduril's primary legal expert on cybersecurity law and compliance.

This role will provide strategic legal counsel on all aspects of cybersecurity affecting Anduril's operations,from advising on government contract cybersecurity requirements (CMMC, NIST 800-171, DFARS 7012) to managing data breach response, supporting cybersecurity compliance frameworks, and negotiating security terms in commercial and government contracts.

You will partner closely with Anduril's Chief Information Security Officer (CISO), IT Security, Engineering, Compliance, and Business Development teams to translate complex cybersecurity regulations into practical, scalable solutions that enable our mission while protecting our systems, data, and customers.

This is not a traditional compliance role,you'll be building and owning Anduril's cybersecurity legal program from the ground up in a fast-paced, high-growth defense technology company.

Anduril is a fast-growing company at the early stages of growth. Consistent with this fast growth, members of Anduril's Legal Team must be resourceful, creative, and eager to take ownership of complex matters.

Our team is passionate about the law and policy of defense technology and you should have an independent interest in cybersecurity issues facing dual-use technology companies.

Anduril fosters a diverse, collaborative culture with tremendous opportunities for ownership and professional growth.

Strategic Cybersecurity Counseling

Serve as Anduril's primary legal expert on cybersecurity law, providing strategic advice to executive leadership, the CISO, and business units on complex cybersecurity legal and regulatory issues.

Advise on cybersecurity requirements in government contracts including FAR/DFARS cybersecurity clauses (DFARS 7012, 7019, 7020), CMMC compliance pathways, NIST 800-171 obligations, contractor classified infrastructure regulations (NISPOM, DAAG) and agency-specific security requirements (DoD, DHS, DoE).

Counsel on cybersecurity aspects of OTAs, prototype agreements, production contracts, and other non-traditional contract vehicles.

Review, negotiate, and draft cybersecurity terms in government contracts, commercial agreements, teaming arrangements, and vendor/supplier contracts.

Provide thought leadership on emerging cybersecurity regulations affecting defense contractors and autonomous systems operators.

Compliance Program Development & Management

Design, implement, and continuously improve Anduril's cybersecurity compliance program, policies, and internal controls in partnership with the CISO and Security team.

Develop and maintain cybersecurity policies, procedures, playbooks, and templates aligned with contractual obligations and regulatory requirements.

Support CMMC assessments and certifications, working with C3PAOs and ensuring legal alignment with assessment requirements.

Advise on system security plans (SSPs), plans of action and milestones (POA&Ms), and other security documentation.

Monitor and assess emerging cybersecurity laws, regulations, executive orders, and agency guidance (e.g., CISA directives, OMB memoranda, DoD cybersecurity initiatives) and advise on business impact.

Support internal and external audits, assessments, and regulatory inquiries related to cybersecurity compliance.

Incident Response & Crisis Management

Lead legal aspects of cybersecurity incident response, including assessment of notification and reporting obligations under federal regulations (e.g., DFARS 252.204-7012, Cyber Incident Reporting for Critical Infrastructure Act) and state breach notification laws.

Advise on incident containment strategies, forensic investigations, and post-incident remediation from a legal perspective.

Coordinate with outside counsel, forensic vendors, and cyber insurance carriers during security incidents.

Manage privilege considerations during investigations and ensure appropriate documentation and communications.

Prepare executives and board members for incident-related communications and disclosures.

Cross-Functional Collaboration

Partner with IT Security, Engineering, and Product teams on cybersecurity requirements for product development, cloud architecture, data handling, and system access controls.

Work with Contracts team to ensure cybersecurity terms flow down appropriately to subcontractors and suppliers.

Collaborate with Compliance team on cybersecurity training programs for employees, contractors, and third parties.

Support Business Development in addressing customer cybersecurity requirements during capture and proposal phases.

Advise on cybersecurity due diligence for mergers, acquisitions, partnerships, and other strategic transactions.

Engage with industry coalitions, government agencies, and standards bodies on cybersecurity policy and best practices.

Cybersecurity Risk Management

Assess and advise on cybersecurity risks in business operations, third-party relationships, and new initiatives.

Review and negotiate cybersecurity insurance policies and advise on coverage issues.

Develop risk-based approaches to cybersecurity compliance that balance regulatory requirements with business objectives.

Support executive decision-making on cybersecurity investments and risk acceptance.

This listing is enriched and indexed by YubHub. To apply, use the employer's original posting: https://job-boards.greenhouse.io/andurilindustries/jobs/5155571007