Senior Compliance Engineer

div class= content-intro p Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years. /p /div h2 strong ABOUT THE TEAM /strong /h2 p The Corporate Assurance Team manages enterprise cybersecurity governance, risk, and compliance (GRC) by implementing and operationalizing global compliance frameworks across Anduril s corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution, ensuring that Anduril s rapidly evolving technology stack meets the highest standards of security and compliance. /p h2 strong ABOUT THE JOB /strong /h2 p The Compliance Engineer is a technically hands-on role responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril s internal systems. This individual will be instrumental in securing Anduril s software development process by translating complex compliance requirements into scalable, automated, and developer-friendly solutions. /p p The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls, and they thrive at the intersection of security policy and engineering execution. /p p This is not a paperwork-driven compliance role. This is a builder s role. You will architect and automate compliance infrastructure that enables Anduril s engineering teams to deploy secure, compliant applications by default — removing bottlenecks rather than creating them. /p p strong WHY THIS ROLE MATTERS /strong /p p At Anduril, compliance is not a checkbox — it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure, you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us. /p p strong KEY RESPONSIBILITIES /strong /p p strong Infrastructure amp; Automation /strong /p ul li Design, develop, and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53, CMMC, and other applicable frameworks, enabling developers to deploy CMMC-certified applications using pre-packaged, compliant infrastructure templates. /li li Architect, build, and deploy robust, scalable security controls across Anduril s corporate, development, and production cloud environments (AWS, Azure, GCP) and on-premise environments. /li li Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently, including automated pipelines for deploying infrastructure, applications, and updates. /li li Build automation for procedural compliance controls, generating compliance and audit artifacts at scale without manual intervention. /li li Develop security models that integrate Continuous Monitoring (ConMon), DISA STIG scanning, and compliance reporting into a unified, automated workflow. /li li Ensure that compliance requirements for rapid, secure deployments translate into robust, repeatable tool chains. /li /ul p strong Compliance Engineering amp; Framework Implementation /strong /p ul li Analyze, interpret, and operationalize federal and industry cybersecurity regulations, including NIST SP 800-171 and 800-53, CMMC, FedRAMP, and SOC 2, translating regulatory language into actionable engineering guidance and enforceable technical controls. /li li Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems. /li li Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks, identifying gaps and driving remediation. /li li Collect, review, and where necessary modify system architecture to meet evolving compliance requirements, ensuring that security is embedded into the design phase rather than bolted on after the fact. /li li Conduct compliance testing, studies, and assessments of Anduril s products and integrated components to uncover potential weaknesses and validate control effectiveness. /li li Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks in coordination with the Information Security Team. /li li Stay current on changes to federal and industry cybersecurity regulations and proactively communicate their impact to engineering and leadership teams. /li /ul p strong Cross-Functional Collaboration amp; Enablement /strong /p ul li Partner with engineers, the DevSecOps Team, and the Automation Team to implement and verify security controls in both corporate and product software environments. /li li Act as a force multiplier by embedding security best practices into the workflows of infrastructure, application, and product teams, particularly for environments holding mission-critical data. /li li Support and expedite the new software onboarding process by evaluating the technical requirements of new software for CMMC compliance and guiding developers through the path to compliant deployment. /li li Coordinate and deliver briefings to ensure Anduril s technical teams understand their compliance obligations, translating complex security concepts for diverse technical and non-technical audiences. /li li Brief security architectures and approaches to program leadership, providing clear recommendations and risk-informed guidance. /li li Work closely with Information Systems leadership, project managers, and stakeholders to integrate compliance requirements into active projects and update or modify compliant systems as organizational needs evolve. /li li Collaborate with other principals and subject matter experts to ensure end-to-end automation across the compliance lifecycle. /li li Act as SME for security and automation topics during internal reviews, audits, and cross-team planning sessions. /li /ul p strong Strategic amp; Advisory /strong /p ul li Develop strategies and implementation plans for compliance-related matters, advising management on risk posture, regulatory changes, and investment priorities. /li li Institute best-practice procedures for compliance and risk mitigation across the organization. /li li Guide technical and operational decision-making towards future product offerings and efficient organizational processes. /li li Ensure the company s ongoing technical compliance with all applicable laws, regulations, and contractual obligations. /li li Produce clear documentation and reporting on compliance testing outcomes, process improvements, and emerging risks. /li /ul h2 strong REQUIRED QUALIFICATIONS /strong /h2 p strong Education amp; Experience /strong /p ul li 3+ years of professional experience in Cloud Security, DevSecOps, Site Reliability Engineering (SRE), or a related security engineering role. /li li Background in one or more of the following disciplines: Systems Security Engineering, Cybersecurity, Systems Engineering, Software Engineering, Computer Engineering, or Computer Science. /li li Proven experience building and securing complex cloud environments at scale. /li li 3+ years of hands-on experience working with compliance frameworks such as CMMC, NIST SP 800-171 and/or 800-53, and FedRAMP. /li li Previous work on security engineering and architecture for defense/national security systems and/or complex embedded commercial systems is strongly preferred. /li li Hands-on experience executing against recurring operational regulatory requirements (e.g., continuous monitoring, periodic assessments, audit cycles). /li /ul p strong Technical Skills /strong /p ul li Deep proficiency in at least one major cloud provider (AWS, Azure, or GCP), with a strong understanding of cloud infrastructure and security concepts. /li li Strong hands-on experience with Infrastructure as Code tools, particularly Terraform; experience with CloudFormation or Bicep is a plus. /li li Demonstrated ability to build, deploy, and manage Terraform modules and infrastructure templates in production environments. /li li Solid programming and scripting ability in one or more languages (e.g., Python, Go, Rust). /li li Firm understanding of public cloud networking principles, including VPCs, subnets, routing, security groups, and network segmentation. /li li Proficiency with core security concepts including encryption, authentication, identity and access management, and Zero-Trust Architecture (ZTA). /li li Experience with continuous monitoring and security tooling such as Tenable, Splunk, Elasticsearch, or equivalent platforms. /li /ul p strong Soft Skills amp; Competencies /strong /p ul li Ability to communicate compliance requirements clearly and effectively to engineering teams, development teams, and non-technical stakeholders. /li li Strong understanding of the why behind product, systems, and security design decisions — not just the what. /li li Comfort working at the interface of compliance and infrastructure engineering, with the ability to context-switch between policy interpretation and hands-on technical work. /li li Self-directed, with the ability to prioritize across multiple concurrent compliance and engineering initiatives. /li /ul p strong Eligibility /strong /p ul li Must be eligible to obtain and maintain a U.S. Secret security clearance. /li /ul h2 strong PREFERRED QUALIFICATIONS /strong /h2 ul li Experience hardening and monitoring Kubernetes clusters (EKS, GKE, AKS). /li li Experience with Cloud Security Posture Management (CSPM) or cloud-native threat detection tooling. /li li Familiarity with CI/CD pipelines and experience securing the software supply chain. /li li Experience with security assessment methodologies and vulnerability management programs. /li li Relevant certifications such as AWS Solutions Architect, Certified Kubernetes Administrator (CKA), CISSP, CISM, or CompTIA Security+. /li li Experience working in fast-paced, high-growth defense technology environments /li /ul div class= content-pay-transparency div class= pay-input div class= title US Salary Range /div div class= pay-range span $146,000 /span span class= divider mdash; /span span $194,000 USD /span /div /div /div div class= content-conclusion p span data-contrast= auto The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril s total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: /span span data-ccp-props= { quot;134233117 quot;:false, quot;134233118 quot;:false, quot;335551550 quot;:0, quot;335551620 quot;:0, quot;335559738 quot;:240, quot;335559739 quot;:240} nbsp; /span /p p nbsp; /p h3 class= detailElios strong Benefits /strong /h3 p span data-contrast= auto At Anduril, we invest in our people. Our comprehensive, competitive benefits package (available at little to no cost to employees) ensures you’re supported in health, recovery, and whatever comes next. nbsp; /span em span data-contrast= auto For more information, a href= https://www.anduril.com/careers Explore Our Benefits /a . /span /em /p p nbsp; /p div class= RichText column1 h3 class= detailElios strong Protecting Yourself from Recruitment Scams /strong /h3 p class= detailElios Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We ve observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information. /p /div div class= RichText column2 p class= detailElios To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind: /p ul li p class= detailElios strong No Financial Requests: nbsp; /strong Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates. /p /li li strong Please always verify communications: /strong ul li Direct from Anduril: If you receive an email from one of our recruiters, it will em only /em come from an code @anduril.com /code address. /li li Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency s authenticity by reaching out to a href= mailto:contact@anduril.com contact@anduril.com /a . nbsp; /li /ul /li li p class= detailElios strong Exercise Caution with Unsolicited Outreach: /strong nbsp;If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not engage. Always confirm the sender s email domain is @anduril.com before providing any personal information or clicking on links. /p /li li p class= detailElios strong What to Do If You Suspect Fraud: /strong nbsp;Should you encounter any questionable or fraudulent outreach claiming to be from Anduril, please report it immediately to nbsp; a href= mailto:contact@anduril.com contact@anduril.com /a . Your proactive caution is invaluable in protecting your personal information and upholding the security and trustworthiness of our recruitment efforts. /p /li /ul /div h3 nbsp; /h3 h3 strong Data Privacy /strong /h3 p span data-contrast= auto To view Anduril s candidate data privacy policy, please visit /span span data-contrast= none span data-ccp-charstyle= Hyperlink a href= https://anduril.com/applicant-privacy-notice/ https://anduril.com/applicant-privacy-notice/ /a /span /span span data-contrast= auto . /span span data-ccp-props= { quot;134233117 quot;:false, quot;134233118 quot;:false, quot;335551550 quot;:0, quot;335551620 quot;:0, quot;335559738 quot;:240, quot;335559739 quot;:240} nbsp; /span /p p nbsp; /p p span data-ccp-props= { quot;134233117 quot;:false, quot;134233118 quot;:false, quot;335551550 quot;:0, quot;335551620 quot;:0, quot;335559738 quot;:240, quot;335559739 quot;:240} By submitting your application, you consent to Anduril Industries using a third-party service provider to conduct pre-employment risk, integrity, and due diligence screening and assessing potential risks as part of your application process. This third-party service provider provides risk-intelligence services that may include analysis of sanctions and watchlists, adverse media, public-record information, and other lawful open-source or commercial data sources. This third-party service provider does not act as a consumer reporting agency. Use of this provider helps to ensure compliance with applicable laws and protect technology, intellectual property, and organizational security. /span /p /div