Senior Compliance Engineer

ABOUT THE TEAM

The Corporate Assurance Team manages enterprise cybersecurity governance risk and compliance (GRC) by implementing and operationalizing global compliance frameworks across Andurils corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution ensuring that Andurils rapidly evolving technology stack meets the highest standards of security and compliance.

ABOUT THE JOB

The Compliance Engineer is a technically hands-on role responsible for driving automation compliance and security engineering principles into the design integration and operation of Andurils internal systems. This individual will be instrumental in securing Andurils software development process by translating complex compliance requirements into scalable automated and developer-friendly solutions.

The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security embedded systems security and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls and they thrive at the intersection of security policy and engineering execution.

This is not a paperwork-driven compliance role. This is a builders role. You will architect and automate compliance infrastructure that enables Andurils engineering teams to deploy secure compliant applications by default removing bottlenecks rather than creating them.

WHY THIS ROLE MATTERS

At Anduril compliance is not a checkbox it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us.

KEY RESPONSIBILITIES

Infrastructure & Automation

• Design develop and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53 CMMC and other applicable frameworks enabling developers to deploy CMMC-certified applications using pre-packaged compliant infrastructure templates.
• Architect build and deploy robust scalable security controls across Andurils corporate development and production cloud environments (AWS Azure GCP) and on-premise environments.
• Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently including automated pipelines for deploying infrastructure applications and updates.
• Build automation for procedural compliance controls generating compliance and audit artifacts at scale without manual intervention.
• Develop security models that integrate Continuous Monitoring (ConMon) DISA STIG scanning and compliance reporting into a unified automated workflow.
• Ensure that compliance requirements for rapid secure deployments translate into robust repeatable tool chains.

Compliance Engineering & Framework Implementation

• Analyze interpret and operationalize federal and industry cybersecurity regulations including NIST SP 800-171 and 800-53 CMMC FedRAMP and SOC 2 translating regulatory language into actionable engineering guidance and enforceable technical controls.
• Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems.
• Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks identifying gaps and driving remediation.
• Collect review and where necessary modify system architecture to meet evolving compliance requirements ensuring that security is embedded into the design phase rather than bolted on after the fact.
• Conduct compliance testing studies and assessments of Andurils products and integrated components to uncover potential weaknesses and validate control effectiveness.
• Develop update and maintain cybersecurity policies standards procedures and playbooks in coordination with the Information Security Team.
• Stay current on changes to federal and industry cybersecurity regulations and proactively communicate their impact to engineering and leadership teams.

Cross-Functional Collaboration & Enablement

• Partner with engineers the DevSecOps Team and the Automation Team to implement and verify security controls in both corporate and product software environments.
• Act as a force multiplier by embedding security best practices into the workflows of infrastructure application and product teams particularly for environments holding mission-critical data.
• Support and expedite the new software onboarding process by evaluating the technical requirements of new software for CMMC compliance and guiding developers through the path to compliant deployment.
• Coordinate and deliver briefings to ensure Andurils technical teams understand their compliance obligations translating complex security concepts for diverse technical and non-technical audiences.
• Brief security architectures and approaches to program leadership providing clear recommendations and risk-informed guidance.
• Work closely with Information Systems leadership project managers and stakeholders to integrate compliance requirements into active projects and update or modify compliant systems as organizational needs evolve.
• Collaborate with other principals and subject matter experts to ensure end-to-end automation across the compliance lifecycle.
• Act as SME for security and automation topics during internal reviews audits and cross-team planning sessions.

Strategic & Advisory

• Develop strategies and implementation plans for compliance-related matters advising management on risk posture regulatory changes and investment priorities.
• Institute best-practice procedures for compliance and risk mitigation across the organization.
• Guide technical and operational decision-making towards future product offerings and efficient organizational processes.
• Ensure the companys ongoing technical compliance with all applicable laws regulations and contractual obligations.
• Produce clear documentation and reporting on compliance testing outcomes process improvements and emerging risks.

REQUIRED QUALIFICATIONS

Education & Experience

• 3 years of professional experience in Cloud Security DevSecOps Site Reliability Engineering (SRE) or a related security engineering role.
• Background in one or more of the following disciplines: Systems Security Engineering Cybersecurity Systems Engineering Software Engineering Computer Engineering or Computer Science.
• Proven experience building and securing complex cloud environments at scale.
• 3 years of hands-on experience working with compliance frameworks such as CMMC NIST SP 800-171 and/or 800-53 and FedRAMP.
• Previous work on security engineering and architecture for defense/national security systems and/or complex embedded commercial systems is strongly preferred.
• Hands-on experience executing against recurring operational regulatory requirements (e.g. continuous monitoring periodic assessments audit cycles).

Technical Skills

• Deep proficiency in at least one major cloud provider (AWS Azure or GCP) with a strong understanding of cloud infrastructure and security concepts.
• Strong hands-on experience with Infrastructure as Code tools particularly Terraform; experience with CloudFormation or Bicep is a plus.
• Demonstrated ability to build deploy and manage Terraform modules and infrastructure templates in production environments.
• Solid programming and scripting ability in one or more languages (e.g. Python Go Rust).
• Firm understanding of public cloud networking principles including VPCs subnets routing security groups and network segmentation.
• Proficiency with core security concepts including encryption authentication identity and access management and Zero-Trust Architecture (ZTA).
• Experience with continuous monitoring and security tooling such as Tenable Splunk Elasticsearch or equivalent platforms.

Soft Skills & Competencies

• Ability to communicate compliance requirements clearly and effectively to engineering teams development teams and non-technical stakeholders.
• Strong understanding of the why behind product systems and security design decisions not just the what.
• Comfort working at the interface of compliance and infrastructure engineering with the ability to context-switch between policy interpretation and hands-on technical work.
• Self-directed with the ability to prioritize across multiple concurrent compliance and engineering initiatives.

Eligibility

• Must be eligible to obtain and maintain a U.S. Secret security clearance.

PREFERRED QUALIFICATIONS

• Experience hardening and monitoring Kubernetes clusters (EKS GKE AKS).
• Experience with Cloud Security Posture Management (CSPM) or cloud-native threat detection tooling.
• Familiarity with CI/CD pipelines and experience securing the software supply chain.
• Experience with security assessment methodologies and vulnerability management programs.
• Relevant certifications such as AWS Solutions Architect Certified Kubernetes Administrator (CKA) CISSP CISM or CompTIA Security.
• Experience working in fast-paced high-growth defense technology environments

The salary range for this role is an estimate based on a wide range of compensation factors inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience education and/or training critical skills and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Andurils total compensation package. Additionally Anduril offers top-tier benefits for full-time employees including:

Healthcare Benefits

• US Roles:Comprehensive medical dental and vision plans at little to no cost to you.
• UK & AUS Roles:We cover full cost of medical insurance premiums for you and your dependents.
• IE Roles: We offer an annual contribution toward your private health insurance for you and your dependents.

Additional Benefits

• Income Protection: Anduril covers life and disability insurance for all employees.
• Generous time off: Highly competitive PTO plans with a holiday hiatus in December. Caregiver & Wellness Leave is available to care for family members bond with a new baby or address your own medical needs.
• Family Planning & Parenting Support: Coverage for fertility treatments (e.g. IVF preservation) adoption and gestational carriers along with resources to support you and your partner from planning to parenting.
• Mental Health Resources:Access free mental health resources 24/7 including therapy and life coaching. Additional work-life services such as legal and financial support are also available.
• Professional Development:Annual reimbursement for professional development
• Commuter Benefits:Company-funded commuter benefits based on your region.
• Relocation Assistance:Available depending on role eligibility.

Retirement Savings Plan

• US Roles:Traditional 401(k) Roth and after-tax (mega backdoor Roth) options.
• UK & IE Roles:Pension plan with employer match.
• AUS Roles:Superannuation plan.

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.

Data Privacy

To view Andurils candidate data privacy policy please visit Experience:

Senior IC