Information Systems Security Engineer

About Rune

Rune Technologies builds mission-critical software for military logistics and sustainment. Our flagship product is TyrOS, an AI-enabled logistics command and control platform that gives commanders a single, real-time operating picture of their sustainment fight, from inventory and distribution to medical and operational planning, even in degraded and contested environments.

We're not a traditional defense contractor. We're a small, fast-moving team that combines deep operational experience in and with the DoD with the software discipline of the best product companies, and we apply that combination to a customer set that desperately needs it. We stay close to our users by embedding directly with military units during exercises and rotations, and we ship constantly based on what we learn.

The U.S. military and its allies face a real logistics modernization problem. We're building the software to solve it.

About the Role

We are seeking an Information Systems Security Engineer (ISSE) to own and drive the security posture of Rune’s platforms across classified and unclassified environments.

In this role, you will operate at the intersection of software engineering, cybersecurity, and mission deployment—ensuring our systems meet stringent DoD security requirements while remaining fast, scalable, and usable in real-world operational environments.

You will work closely with engineering, product, and mission teams to embed security directly into our systems—from architecture through deployment—while navigating the realities of classified, air-gapped, and edge environments.

This is a high-ownership role for someone who can balance security rigor with execution speed.

What You’ll Do

• Own the end-to-end security posture of Rune systems across development, deployment, and sustainment

• Automate vulnerability scanning and document generation processes with CI/CD, scripting and/or AI tools

• Lead and execute RMF (Risk Management Framework) processes, including system categorization, control selection, assessment, authorization, and continuous monitoring

• Develop and maintain security artifacts (e.g., SSPs, POA&Ms, control matrices) to support Authority to Operate (ATO)

• Tailor and implement NIST 800-53 controls and ensure compliance across cloud, edge, and air-gapped environments

• Partner with engineering teams to integrate secure design principles and DevSecOps practices into the software development lifecycle

• Conduct vulnerability assessments, security scans, and risk analyses, and drive remediation efforts

• Translate commercial technology standards into classified and operational environments

• Collaborate with Information System Owners, government stakeholders, and accrediting authorities to meet mission and compliance requirements

• Support deployment of secure systems in real-world environments, including field testing and operational validation

• Advise on security architecture, threat modeling, and secure coding practices across the platform

• Continuously improve monitoring, automation, and tooling to reduce accreditation and compliance overhead

Required Qualifications

• Active U.S. Secret clearance

• 3–6+ years of experience in cybersecurity, ISSE, ISSO, ISSM, or related roles supporting DoD or classified systems

• Strong understanding of RMF, NIST SP 800-53, and DoD cybersecurity frameworks

• Experience supporting ATO processes and developing security documentation (SSP, POA&M, etc.)

• Familiarity with security assessment tools (e.g., Nessus, STIGs, vulnerability scanners)

• Working knowledge of software systems and infrastructure (cloud, networking, or embedded systems)

• Experience with at least one programming or scripting language (e.g., Python, Go, C++)

• Ability to operate in fast-paced, ambiguous environments with high ownership and accountability

• Strong communication skills and ability to work directly with technical and non-technical stakeholders

Desired Qualifications

• Active Top Secret clearance

• Experience securing edge systems, distributed platforms, or mission-critical defense software

• Familiarity with DevSecOps pipelines and CI/CD security integration

• Knowledge of JSIG, NISPOM, or additional DoD/IC security frameworks

• Experience with Zero Trust architectures or cross-domain solutions

• Background in defense, aerospace, or operational military environments

• Experience deploying systems into classified or disconnected (air-gapped) environments

Benefits

Rune offers top-tier benefits for full-time employees to include a full suite of insurance options at no cost for employees and low-cost to spouses and dependents. Highly competitive equity grants are also  included in the majority of full time offers and are considered part of Rune's total compensation package. Benefits include:

• Comprehensive medical, dental, and vision plans; premiums 100% covered by Rune for all employees; exceptionally low premiums for spouses and dependents

• Basic life insurance and disability 100% covered for all employees by Rune; option to purchase additional life insurance available

• ‘Take the time off that you need, when you need it’ paid time off, not accrual based

• Generous company holiday calendar including a holiday shutdown in December

• Supportive leave of absence program including time off for military service, medical events, and parental leave

• Full 401(k) retirement plan for all full-time eligible employees

• Company-funded commuter benefits

• Free access to on-site gym at office