Associate General Counsel, Cybersecurity

ABOUT THE JOB

We are looking for an Associate General Counsel - Cybersecurity to join our rapidly growing Legal Team in Washington, DC or Costa Mesa, CA to serve as Anduril's primary legal expert on cybersecurity law and compliance.

This role will provide strategic legal counsel on all aspects of cybersecurity affecting Anduril's operations—from advising on government contract cybersecurity requirements (CMMC, NIST 800-171, DFARS 7012) to managing data breach response, supporting cybersecurity compliance frameworks, and negotiating security terms in commercial and government contracts.

You will partner closely with Anduril's Chief Information Security Officer (CISO), IT Security, Engineering, Compliance, and Business Development teams to translate complex cybersecurity regulations into practical, scalable solutions that enable our mission while protecting our systems, data, and customers. This is not a traditional compliance role—you'll be building and owning Anduril's cybersecurity legal program from the ground up in a fast-paced, high-growth defense technology company.

Anduril is a fast-growing company at the early stages of growth. Consistent with this fast growth, members of Anduril's Legal Team must be resourceful, creative, and eager to take ownership of complex matters. Our team is passionate about the law and policy of defense technology and you should have an independent interest in cybersecurity issues facing dual-use technology companies. Anduril fosters a diverse, collaborative culture with tremendous opportunities for ownership and professional growth.

WHAT YOU'LL DO

Strategic Cybersecurity Counseling

• Serve as Anduril's primary legal expert on cybersecurity law, providing strategic advice to executive leadership, the CISO, and business units on complex cybersecurity legal and regulatory issues
• Advise on cybersecurity requirements in government contracts including FAR/DFARS cybersecurity clauses (DFARS 7012, 7019, 7020), CMMC compliance pathways, NIST 800-171 obligations, contractor classified infrastructure regulations (NISPOM, DAAG) and agency-specific security requirements (DoD, DHS, DoE)
• Counsel on cybersecurity aspects of OTAs, prototype agreements, production contracts, and other non-traditional contract vehicles
• Review, negotiate, and draft cybersecurity terms in government contracts, commercial agreements, teaming arrangements, and vendor/supplier contracts
• Provide thought leadership on emerging cybersecurity regulations affecting defense contractors and autonomous systems operators

Compliance Program Development & Management

• Design, implement, and continuously improve Anduril's cybersecurity compliance program, policies, and internal controls in partnership with the CISO and Security team
• Develop and maintain cybersecurity policies, procedures, playbooks, and templates aligned with contractual obligations and regulatory requirements
• Support CMMC assessments and certifications, working with C3PAOs and ensuring legal alignment with assessment requirements
• Advise on system security plans (SSPs), plans of action and milestones (POA&Ms), and other security documentation
• Monitor and assess emerging cybersecurity laws, regulations, executive orders, and agency guidance (e.g., CISA directives, OMB memoranda, DoD cybersecurity initiatives) and advise on business impact
• Support internal and external audits, assessments, and regulatory inquiries related to cybersecurity compliance

Incident Response & Crisis Management

• Lead legal aspects of cybersecurity incident response, including assessment of notification and reporting obligations under federal regulations (e.g., DFARS 252.204-7012, Cyber Incident Reporting for Critical Infrastructure Act) and state breach notification laws
• Advise on incident containment strategies, forensic investigations, and post-incident remediation from a legal perspective
• Coordinate with outside counsel, forensic vendors, and cyber insurance carriers during security incidents
• Manage privilege considerations during investigations and ensure appropriate documentation and communications
• Prepare executives and board members for incident-related communications and disclosures

Cross-Functional Collaboration

• Partner with IT Security, Engineering, and Product teams on cybersecurity requirements for product development, cloud architecture, data handling, and system access controls
• Work with Contracts team to ensure cybersecurity terms flow down appropriately to subcontractors and suppliers
• Collaborate with Compliance team on cybersecurity training programs for employees, contractors, and third parties
• Support Business Development in addressing customer cybersecurity requirements during capture and proposal phases
• Advise on cybersecurity due diligence for mergers, acquisitions, partnerships, and other strategic transactions
• Engage with industry coalitions, government agencies, and standards bodies on cybersecurity policy and best practices

Cybersecurity Risk Management

• Assess and advise on cybersecurity risks in business operations, third-party relationships, and new initiatives
• Review and negotiate cybersecurity insurance policies and advise on coverage issues
• Develop risk-based approaches to cybersecurity compliance that balance regulatory requirements with business objectives
• Support executive decision-making on cybersecurity investments and risk acceptance

REQUIRED QUALIFICATIONS

• J.D. from an accredited law school and admission to practice in at least one U.S. jurisdiction (DC or CA Bar strongly preferred)
• 8-12 years of legal experience with substantial focus on cybersecurity law, either at a law firm, government agency, or in-house at a technology or defense company
• Deep knowledge of cybersecurity laws and regulations applicable to government contractors, including FAR/DFARS cybersecurity requirements, CMMC framework, NIST standards (particularly NIST 800-171), and federal breach notification/reporting obligations
• Proven experience advising clients on cybersecurity compliance programs, incident response, and security-related investigations
• Experience negotiating cybersecurity terms in government contracts and commercial agreements, including security controls, audit rights, liability allocation, and indemnification provisions
• Strong understanding of information security concepts, including network security, encryption, access controls, threat intelligence, and security frameworks (NIST CSF, ISO 27001)
• Excellent analytical, problem-solving, and risk assessment skills with ability to translate technical security concepts into clear legal advice
• Exceptional written and verbal communication skills with ability to explain complex cybersecurity legal issues to technical and non-technical audiences, including executives
• Demonstrated ability to work independently and manage multiple complex matters simultaneously in a fast-paced environment
• Strong judgment and business acumen with track record of providing practical, solution-oriented advice
• Must be a U.S. Person due to required access to U.S. export controlled information or facilities
• This position requires occasional travel to Anduril facilities (Costa Mesa, Washington DC, Atlanta, and emerging manufacturing sites), customer locations, and industry conferences. Employee should expect up to 20% travel.

PREFERRED QUALIFICATIONS

• Combination of law firm and in-house experience, particularly in-house experience as primary cybersecurity legal owner at a defense contractor, technology company, or critical infrastructure operator
• Experience with government cybersecurity audits, assessments, and investigations (e.g., DCMA DIBCAC reviews, CMMC assessments, agency inspector general investigations)
• Deep familiarity with DoD cybersecurity ecosystem including Defense Industrial Base (DIB) programs, Defense Counterintelligence and Security Agency (DCSA) requirements, and DoD Chief Information Officer (CIO) guidance
• Experience with cybersecurity aspects of cloud computing, software-as-a-service, and AI/ML systems
• Background in incident response including experience managing data breaches, ransomware events, or supply chain compromises
• Understanding of threat intelligence, vulnerability management, and security operations center (SOC) functions
• Cybersecurity or information security certifications (e.g., CISSP, CIPP, CISM) or willingness to obtain
• Experience engaging with regulators, including CISA, FBI, DoD Cyber Crime Center, or state attorneys general on cybersecurity matters
• Experience with cybersecurity aspects of international operations and data transfers
• Pre-law school technical background or experience working with engineers and security practitioners
• Strong interest in defense technology and autonomous systems security
• Currently possesses and is able to maintain an active U.S. Secret security clearance
• Bilingual candidates would be a benefit