Information Systems Security Engineer

About RuneRune Technologies builds mission-critical software for military logistics and sustainment. Our flagship product is TyrOS, an AI-enabled logistics command and control platform that gives commanders a single, real-time operating picture of their sustainment fight, from inventory and distribution to medical and operational planning, even in degraded and contested environments.We're not a traditional defense contractor. We're a small, fast-moving team that combines deep operational experience in and with the DoD with the software discipline of the best product companies, and we apply that combination to a customer set that desperately needs it. We stay close to our users by embedding directly with military units during exercises and rotations, and we ship constantly based on what we learn.The U.S. military and its allies face a real logistics modernization problem. We're building the software to solve it.About The RoleWe are seeking an Information Systems Security Engineer (ISSE) to own and drive the security posture of Rune’s platforms across classified and unclassified environments.In this role, you will operate at the intersection of software engineering, cybersecurity, and mission deployment—ensuring our systems meet stringent DoD security requirements while remaining fast, scalable, and usable in real-world operational environments.You will work closely with engineering, product, and mission teams to embed security directly into our systems—from architecture through deployment—while navigating the realities of classified, air-gapped, and edge environments.This is a high-ownership role for someone who can balance security rigor with execution speed.What You’ll DoOwn the end-to-end security posture of Rune systems across development, deployment, and sustainmentAutomate vulnerability scanning and document generation processes with CI/CD, scripting and/or AI toolsLead and execute RMF (Risk Management Framework) processes, including system categorization, control selection, assessment, authorization, and continuous monitoringDevelop and maintain security artifacts (e.g., SSPs, POA&Ms, control matrices) to support Authority to Operate (ATO)Tailor and implement NIST 800-53 controls and ensure compliance across cloud, edge, and air-gapped environmentsPartner with engineering teams to integrate secure design principles and DevSecOps practices into the software development lifecycleConduct vulnerability assessments, security scans, and risk analyses, and drive remediation effortsTranslate commercial technology standards into classified and operational environmentsCollaborate with Information System Owners, government stakeholders, and accrediting authorities to meet mission and compliance requirementsSupport deployment of secure systems in real-world environments, including field testing and operational validationAdvise on security architecture, threat modeling, and secure coding practices across the platformContinuously improve monitoring, automation, and tooling to reduce accreditation and compliance overheadRequired QualificationsActive U.S. Secret clearance3–6+ years of experience in cybersecurity, ISSE, ISSO, ISSM, or related roles supporting DoD or classified systemsStrong understanding of RMF, NIST SP 800-53, and DoD cybersecurity frameworksExperience supporting ATO processes and developing security documentation (SSP, POA&M, etc.)Familiarity with security assessment tools (e.g., Nessus, STIGs, vulnerability scanners)Working knowledge of software systems and infrastructure (cloud, networking, or embedded systems)Experience with at least one programming or scripting language (e.g., Python, Go, C++)Ability to operate in fast-paced, ambiguous environments with high ownership and accountabilityStrong communication skills and ability to work directly with technical and non-technical stakeholdersDesired QualificationsActive Top Secret clearanceExperience securing edge systems, distributed platforms, or mission-critical defense softwareFamiliarity with DevSecOps pipelines and CI/CD security integrationKnowledge of JSIG, NISPOM, or additional DoD/IC security frameworksExperience with Zero Trust architectures or cross-domain solutionsBackground in defense, aerospace, or operational military environmentsExperience deploying systems into classified or disconnected (air-gapped) environmentsBenefitsRune offers top-tier benefits for full-time employees to include a full suite of insurance options at no cost for employees and low-cost to spouses and dependents. Highly competitive equity grants are also included in the majority of full time offers and are considered part of Rune's total compensation package. Benefits include:Comprehensive medical, dental, and vision plans; premiums 100% covered by Rune for all employees; exceptionally low premiums for spouses and dependentsBasic life insurance and disability 100% covered for all employees by Rune; option to purchase additional life insurance available‘Take the time off that you need, when you need it’ paid time off, not accrual basedGenerous company holiday calendar including a holiday shutdown in DecemberSupportive leave of absence program including time off for military service, medical events, and parental leaveFull 401(k) retirement plan for all full-time eligible employeesCompany-funded commuter benefitsFree access to on-site gym at office