Senior Compliance Engineer

ABOUT THE TEAM

The Corporate Assurance Team manages enterprise cybersecurity governance, risk, and compliance (GRC) by implementing and operationalizing global compliance frameworks across Anduril's corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution, ensuring that Anduril's rapidly evolving technology stack meets the highest standards of security and compliance.

ABOUT THE JOB

The Compliance Engineer is a technically hands-on role responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril's internal systems. This individual will be instrumental in securing Anduril's software development process by translating complex compliance requirements into scalable, automated, and developer-friendly solutions.

The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls, and they thrive at the intersection of security policy and engineering execution.

This is not a paperwork-driven compliance role. This is a builder's role. You will architect and automate compliance infrastructure that enables Anduril's engineering teams to deploy secure, compliant applications by default — removing bottlenecks rather than creating them.

WHY THIS ROLE MATTERS

At Anduril, compliance is not a checkbox — it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure, you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us.

KEY RESPONSIBILITIES

Infrastructure & Automation

• Design, develop, and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53, CMMC, and other applicable frameworks, enabling developers to deploy CMMC-certified applications using pre-packaged, compliant infrastructure templates.
• Architect, build, and deploy robust, scalable security controls across Anduril's corporate, development, and production cloud environments (AWS, Azure, GCP) and on-premise environments.
• Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently, including automated pipelines for deploying infrastructure, applications, and updates.
• Build automation for procedural compliance controls, generating compliance and audit artifacts at scale without manual intervention.
• Develop security models that integrate Continuous Monitoring (ConMon), DISA STIG scanning, and compliance reporting into a unified, automated workflow.
• Ensure that compliance requirements for rapid, secure deployments translate into robust, repeatable tool chains.

Compliance Engineering & Framework Implementation

• Analyze, interpret, and operationalize federal and industry cybersecurity regulations, including NIST SP 800-171 and 800-53, CMMC, FedRAMP, and SOC 2, translating regulatory language into actionable engineering guidance and enforceable technical controls.
• Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems.
• Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks, identifying gaps and driving remediation.
• Collect, review, and where necessary modify system architecture to meet evolving compliance requirements, ensuring that security is embedded into the design phase rather than bolted on after the fact.
• Conduct compliance testing, studies,...