Senior Legal Counsel, Cybersecurity

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years. ABOUT THE JOB We are looking for an Associate General Counsel - Cybersecurity to join our rapidly growing Legal Team in Washington, DC or Costa Mesa, CA to serve as Anduril's primary legal expert on cybersecurity law and compliance. This role will provide strategic legal counsel on all aspects of cybersecurity affecting Anduril's operations—from advising on government contract cybersecurity requirements (CMMC, NIST 800-171, DFARS 7012) to managing data breach response, supporting cybersecurity compliance frameworks, and negotiating security terms in commercial and government contracts. You will partner closely with Anduril's Chief Information Security Officer (CISO), IT Security, Engineering, Compliance, and Business Development teams to translate complex cybersecurity regulations into practical, scalable solutions that enable our mission while protecting our systems, data, and customers. This is not a traditional compliance role—you'll be building and owning Anduril's cybersecurity legal program from the ground up in a fast-paced, high-growth defense technology company. Anduril is a fast-growing company at the early stages of growth. Consistent with this fast growth, members of Anduril's Legal Team must be resourceful, creative, and eager to take ownership of complex matters. Our team is passionate about the law and policy of defense technology and you should have an independent interest in cybersecurity issues facing dual-use technology companies. Anduril fosters a diverse, collaborative culture with tremendous opportunities for ownership and professional growth. WHAT YOU'LL DO Strategic Cybersecurity Counseling Serve as Anduril's primary legal expert on cybersecurity law, providing strategic advice to executive leadership, the CISO, and business units on complex cybersecurity legal and regulatory issues Advise on cybersecurity requirements in government contracts including FAR/DFARS cybersecurity clauses (DFARS 7012, 7019, 7020), CMMC compliance pathways, NIST 800-171 obligations, contractor classified infrastructure regulations (NISPOM, DAAG) and agency-specific security requirements (DoD, DHS, DoE) Counsel on cybersecurity aspects of OTAs, prototype agreements, production contracts, and other non-traditional contract vehicles Review, negotiate, and draft cybersecurity terms in government contracts, commercial agreements, teaming arrangements, and vendor/supplier contracts Provide thought leadership on emerging cybersecurity regulations affecting defense contractors and autonomous systems operators Compliance Program Development & Management Design, implement, and continuously improve Anduril's cybersecurity compliance program, policies, and internal controls in partnership with the CISO and Security team Develop and maintain cybersecurity policies, procedures, playbooks, and templates aligned with contractual obligations and regulatory requirements Support CMMC assessments and certifications, working with C3PAOs and ensuring legal alignment with assessment requirements Advise on system security plans (SSPs), plans of action and milestones (POA&Ms), and other security documentation Monitor and assess emerging cybersecurity laws, regulations, executive orders, and agency guidance (e.g., CISA directives, OMB memoranda, DoD cybersecurity initiatives) and advise on business impact Support internal and external audits, assessments, and regulatory inquiries related to cybersecurity compliance Incident Response & Crisis Management Lead legal aspects of cybersecurity incident response, including assessment of notification and reporting obligations under federal regulations (e.g., DFARS 252.204-7012 , Cyber Incident Reporting for Critical Infrastructure Act) and state breach notification laws Advise on incident containment strategies, forensic investigations, and post-incident remediation from a legal perspective Coordinate with outside counsel, forensic vendors, and cyber insurance carriers during security incidents Manage privilege considerations during investigations and ensure appropriate documentation and communications Prepare executives and board members for incident-related communications and disclosures Cross-Functional Collaboration Partner with IT Security, Engineering, and Product teams on cybersecurity requirements for product development, cloud architecture, data handling, and system access controls Work with Contracts team to ensure cybersecurity terms flow down appropriately to subcontractors and suppliers Collaborate with Compliance team on cybersecurity training programs for employees, contractors, and third parties Support Business Development in addressing customer cybersecurity requirements during capture and proposal phases Advise on cybersecurity due diligence for mergers, acquisitions, partnerships, and other strategic transactions Engage with industry coalitions, government agencies, and standards bodies on cybersecurity policy and best practices Cybersecurity Risk Management Assess and advise on cybersecurity risks in business operations, third-party relationships, and new initiatives Review and negotiate cybersecurity insurance policies and advise on coverage issues Develop risk-base