Information Systems Security Manager

ABOUT THE TEAM

Anduril employs a variety of networks and networking infrastructures to support global operations. Information Systems Security Managers are in charge of directly supporting business lines that wish to deploy Anduril products in classified environments. Information Systems Security Managers lead lean teams of Information Systems Security Officers to enable the program personnel to create contract deliverables. Well versed in Information Technology and the Risk Management Framework, Information Systems Security Managers are the driving force of Anduril's classified deployments. Forward thinkers capable of managing Business Line needs as well as critical thinking skills in order to drive customer requirements are the best candidates for a Information Systems Security Manager.

ABOUT THE JOB 

WHAT YOU’LL DO 

• Provide expertise in documenting security controls to reduce the administrative cost of deploying Anduril’s products into operational environments.


• Partner with program and security teams to coordinate security artifacts in support of classified deployments.


• Apply technology standards from the commercial space in classified, air-gapped environments.


• Collaborate with Information System Owners to understand key stakeholders’ needs and provide complex technical solutions to meet contractual obligations.


• Tailor NIST 800-53 controls to determine applicability to the network environment and oversee the implementation of Continuous Monitoring for respective programs.


• Define, document, and conduct security scanning on Anduril’s products and accredited information systems.


• Scope, shape, and orchestrate the development of features to ensure products meet compliance goals.

REQUIRED QUALIFICATIONS 

• Design, develop, and implement secure systems and networks per NIST RMF, JSIG, and other industry standards.


• Integrate security best practices into Anduril’s Software Development Lifecycle (SDLC) and infrastructure design, collaborating with internal IT and engineering teams.


• Conduct security risk assessments, vulnerability assessments, and audits to identify and mitigate threats.


• Recommend and implement security solutions, such as IDS/IPS, encryption protocols, and secure communications technologies.


• Develop and enforce access controls, encryption strategies, and other technical measures to safeguard systems.


• Maintain and update System Security Plans (SSPs), POA&Ms, and other accreditation documentation.


• Security Management (ISSM):


• Manage the organization’s security posture, ensuring compliance with internal policies and external regulatory frameworks.


• Oversee Authorization and Accreditation (A&A) processes to obtain/maintain system Authority to Operate (ATO).


• Lead incident response efforts, including investigation, root cause analysis, containment, and reporting.


• Conduct regular audits, continuous monitoring, and risk assessments to ensure ongoing compliance and system resilience.


• Collaborate with government security officials, stakeholders, and teams to address security gaps and improve controls.


• Develop and deliver security awareness training and ensure adherence to security best practices.


• Provide leadership and mentorship to security team members, fostering a culture of cybersecurity excellence.


• Currently possesses and is able to maintain an active U.S. Top Secret security clearance.

PREFERRED QUALIFICATIONS 

• Experience with application security paradigms such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). As well as the tools needed to perform these actions.


• Proven experience in securing micro-services architecture, including implementing best practices and compliance with DoD cybersecurity standards.


• Experience with cybersecurity in unmanned and ground control system within DoD environments.


• Experience with containerization and kubernetes along with the best practices for securing them.


• Experience with Cloud Service Providers (CSPs) and the various tools they offer for implementing security and compliance best practices.

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: 

Benefits

At Anduril, we invest in our people. Our comprehensive, competitive benefits package (available at little to no cost to employees) ensures you’re supported in health, recovery, and whatever comes next. For more information, Explore Our Benefits.

Data Privacy

To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/. 

By submitting your application, you consent to Anduril Industries using a third-party service provider to conduct pre-employment risk, integrity, and due diligence screening and assessing potential risks as part of your application process. This third-party service provider provides risk-intelligence services that may include analysis of sanctions and watchlists, adverse media, public-record information, and other lawful open-source or commercial data sources. This third-party service provider does not act as a consumer reporting agency. Use of this provider helps to ensure compliance with applicable laws and protect technology, intellectual property, and organizational security.