Senior Compliance Automation Engineer

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.

ABOUT THE ROLE

We are seeking a Cybersecurity Compliance Engineer to serve as a technical leader and strategic driver within our Cyber Risk and Compliance Team. This is a high-impact, highly autonomous role designed for a professional who bridges the gap between hands-on systems operations and enterprise-level governance. The ideal candidate has strong technical roots—such as a background in senior help desk or systems administration—combined with proven Governance, Risk, and Compliance (GRC) expertise and the leadership capability to own initiatives from concept to execution.
In this role, you will not just run compliance checklists; you will identify systemic organizational problems, design technical and process-driven solutions, and lead cross-functional modernization projects with minimal supervision. You will champion the transition from manual, point-in-time compliance to automated, continuous compliance monitoring across the enterprise.

WHAT YOU’LL DO

1. Strategic Initiative Ownership & Project Management

• Drive End-to-End Projects: Lead complex, multi-department modernization initiatives from initial strategy through architectural design and execution. Own project schedules, resource planning, and milestone tracking.
• Autonomous Execution: Proactively identify gaps in our current compliance, security posture, and automation capabilities. Formulate and roll out strategic remediation plans with minimal oversight.
• Change Management: Lead enterprise-wide rollouts of new security policies, tooling, and baseline configurations, ensuring smooth adoption across technical and non-technical business units.

2. Compliance Automation & Technical GRC Engineering

• Build Continuous Monitoring Pipelines: Architect and implement automated control evidence ingestion pipelines, integrating data from AWS/Azure, identity platforms, and endpoint management tools into our GRC platform. Operationalize AI models trained for compliance.
• Policy-as-Code & Engineering Standards: Translate regulatory, policy, and control requirements into technical designs. Collaborate with engineering and DevOps to operationalize policy-as-code and automated guardrails.
• Control Mapping & Framework Management: Direct the operational mapping of security controls across NIST SP 800-171, CMMC (Levels 2 & 3), ISO 27001, Sarbanes-Oxley, Cyber Essentials, et al.

3. Leadership & Cross-Functional Influence

• Technical Mentorship: Act as a subject matter expert and mentor to team members, setting technical and operational excellence standards for the Cyber Risk and Compliance Team.
• Cross-Functional Collaboration: Partner with Cybersecurity Engineering, IT Operations, and Cloud Infrastructure teams to resolve complex security challenges and ensure cohesive implementation of compliance standards.
• Risk Reporting: Translate complex, technical risk data into executive-ready reports, ensuring leadership has clear visibility into cumulative risk, trends, and mitigation priorities.

REQUIRED QUALIFICATIONS

• Systems & Infrastructure Foundation: 5+ years of experience in enterprise IT operations (e.g., Senior Help Desk, Systems Administration, or Security Operations). Deep understanding of IAM, Active Directory, cloud environments, and endpoint security.
• GRC Experience: 3+ years of technical GRC experience mapping and operationalizing controls under frameworks like NIST SP 800-171, CMMC, or ISO 27001.
• Project Management & Autonomy: Proven track record of independently managing and executing technical projects. Ability to navigate ambiguity, define project scope, and lead cross-functional stakeholders without direct authority.
• Problem-Solving & Strategic Impact: Demonstrated ability to analyze systemic business and technical challenges, formulate long-term strategic solutions, and execute rollouts that improve enterprise-wide security posture.
• Automation Familiarity: Experience using and integrating GRC platforms, combined with basic scripting knowledge to support automation efforts.
• Ability to obtain and maintain a US Secret security clearance

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: 

Benefits

At Anduril, we invest in our people. Our comprehensive, competitive benefits package (available at little to no cost to employees) ensures you’re supported in health, recovery, and whatever comes next. For more information, Explore Our Benefits.

Protecting Yourself from Recruitment Scams

Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.

To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:

• No Financial Requests: Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.

• Please always verify communications:
  • Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an @anduril.com address.
  • Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency's authenticity by reaching out to contact@anduril.com. 

• Exercise Caution with Unsolicited Outreach: If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not engage. Always confirm the sender's email domain is @anduril.com before providing any personal information or clicking on links.

• What to Do If You Suspect Fraud: Should you encounter any questionable or fraudulent outreach claiming to be from Anduril, please report it immediately to contact@anduril.com. Your proactive caution is invaluable in protecting your personal information and upholding the security and trustworthiness of our recruitment efforts.

Data Privacy

To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/. 

By submitting your application, you consent to Anduril Industries using a third-party service provider to conduct pre-employment risk, integrity, and due diligence screening and assessing potential risks as part of your application process. This third-party service provider provides risk-intelligence services that may include analysis of sanctions and watchlists, adverse media, public-record information, and other lawful open-source or commercial data sources. This third-party service provider does not act as a consumer reporting agency. Use of this provider helps to ensure compliance with applicable laws and protect technology, intellectual property, and organizational security.