Information Systems Security Engineer

About Rune

Rune Technologies is here to revolutionize the status quo of military logistics and sustainment through the deployment of AI-enabled solutions. Combining elite Silicon Valley software expertise with deep operational experience working in and with the Department of Defense, Rune builds cutting-edge software to solve the most critical logistics challenges faced by the U.S. military and its allies. Rune’s flagship product is TyrOS, an advanced software platform to enhance logistics at tactical and operational echelons, providing unified, comprehensive management of inventory, personnel, equipment and distribution. TyrOS integrates critical information for holistic, data-driven logistics decisions, leveraging AI for decision support, predictive analytics and optimization at machine speed. Rune’s mission is to support and enable the military logistics and sustainment communities with software to meet needs for the next fight.

About the Role

We are seeking an Information Systems Security Engineer (ISSE) to own and drive the security posture of Rune’s platforms across classified and unclassified environments.

In this role, you will operate at the intersection of software engineering, cybersecurity, and mission deployment—ensuring our systems meet stringent DoD security requirements while remaining fast, scalable, and usable in real-world operational environments.

You will work closely with engineering, product, and mission teams to embed security directly into our systems—from architecture through deployment—while navigating the realities of classified, air-gapped, and edge environments.

This is a high-ownership role for someone who can balance security rigor with execution speed.

What You’ll Do

• Own the end-to-end security posture of Rune systems across development, deployment, and sustainment

• Automate vulnerability scanning and document generation processes with CI/CD, scripting and/or AI tools

• Lead and execute RMF (Risk Management Framework) processes, including system categorization, control selection, assessment, authorization, and continuous monitoring

• Develop and maintain security artifacts (e.g., SSPs, POA&Ms, control matrices) to support Authority to Operate (ATO)

• Tailor and implement NIST 800-53 controls and ensure compliance across cloud, edge, and air-gapped environments

• Partner with engineering teams to integrate secure design principles and DevSecOps practices into the software development lifecycle

• Conduct vulnerability assessments, security scans, and risk analyses, and drive remediation efforts

• Translate commercial technology standards into classified and operational environments

• Collaborate with Information System Owners, government stakeholders, and accrediting authorities to meet mission and compliance requirements

• Support deployment of secure systems in real-world environments, including field testing and operational validation

• Advise on security architecture, threat modeling, and secure coding practices across the platform

• Continuously improve monitoring, automation, and tooling to reduce accreditation and compliance overhead

Required Qualifications

• Active U.S. Secret clearance (Top Secret preferred)

• 3–6+ years of experience in cybersecurity, ISSE, ISSO, or related roles supporting DoD or classified systems

• Strong understanding of RMF, NIST SP 800-53, and DoD cybersecurity frameworks

• Experience supporting ATO processes and developing security documentation (SSP, POA&M, etc.)

• Familiarity with security assessment tools (e.g., Nessus, STIGs, vulnerability scanners)

• Working knowledge of software systems and infrastructure (cloud, networking, or embedded systems)

• Experience with at least one programming or scripting language (e.g., Python, Go, C++)

• Ability to operate in fast-paced, ambiguous environments with high ownership and accountability

• Strong communication skills and ability to work directly with technical and non-technical stakeholders

Desired Qualifications

• Active Top Secret clearance

• Experience securing edge systems, distributed platforms, or mission-critical defense software

• Familiarity with DevSecOps pipelines and CI/CD security integration

• Knowledge of JSIG, NISPOM, or additional DoD/IC security frameworks

• Experience with Zero Trust architectures or cross-domain solutions

• Background in defense, aerospace, or operational military environments

• Experience deploying systems into classified or disconnected (air-gapped) environments

Benefits

Rune offers top-tier benefits for full-time employees to include a full suite of insurance options at no cost for employees and low-cost to spouses and dependents. Highly competitive equity grants are also  included in the majority of full time offers and are considered part of Rune's total compensation package. Benefits include:

• Comprehensive medical, dental, and vision plans; premiums 100% covered by Rune for all employees; exceptionally low premiums for spouses and dependents

• Basic life insurance and disability 100% covered for all employees by Rune; option to purchase additional life insurance available

• ‘Take the time off that you need, when you need it’ paid time off, not accrual based

• Generous company holiday calendar including a holiday shutdown in December

• Supportive leave of absence program including time off for military service, medical events, and parental leave

• Full 401(k) retirement plan for all full-time eligible employees

• Company-funded commuter benefits

• Free access to on-site gym at office