Information Systems Security Officer, AD&S

About The Position

Requirements

• Design, develop, and implement secure systems and networks per NIST RMF, JSIG, and other industry standards.
• Participate and assist in security risk assessments, vulnerability assessments, and audits to identify and mitigate threats.
• Speak to and recommend security solutions, such as IDS/IPS, encryption protocols, and secure communications technologies.
• Develop and enforce access controls, encryption strategies, and other technical measures to safeguard systems.
• Maintain and update System Security Plans (SSPs), POA&Ms, and other accreditation documentation.
• Manage the organization’s security posture, ensuring compliance with internal policies and external regulatory frameworks.
• Participate in the Authorization and Accreditation (A&A) processes to obtain/maintain system Authority to Operate (ATO).
• Able to assist, even lead, incident response efforts, including investigation, root cause analysis, containment, and reporting.
• Conduct regular audits, continuous monitoring, and risk assessments to ensure ongoing compliance and system resilience.
• Collaborate with government security officials, stakeholders, and teams to address security gaps and improve controls.
• Currently possesses and is able to maintain an active U.S. Top Secret security clearance.

Nice To Haves

• Experience with industry standard tools such as Splunk, DISA STIGs, and SCC.
• The ability to understand programming/scripting languages, i.e. Python, Powershell, Bash
• An understanding of Linux Red Hat operating systems and SELinux policy.

Responsibilities

• Provide expertise in documenting security controls that apply to respective systems to meet cybersecurity framework requirements.
• Perform required security functions on an iterative basis to meet requirements and deliver results.
• Apply technology standards from the commercial space in classified, air-gapped environments.
• Assist the ISSM, fellow ISSOs, and other members of the Classified Infrastructure team to understand key stakeholders’ needs and provide complex technical solutions to meet contractual obligations.
• Tailor NIST 800-53 controls to determine applicability to the network environment and oversee the implementation of Continuous Monitoring for respective programs.
• Define, document, and conduct security scanning on Anduril’s products and accredited information systems.
• Scope, shape, and orchestrate the development of features to ensure products meet compliance goals.

Benefits

• Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package.
• top-tier benefits for full-time employees