Information Systems Security Engineer

About The Position

Requirements

• Active U.S. Secret clearance (Top Secret preferred)
• 3–6+ years of experience in cybersecurity, ISSE, ISSO, or related roles supporting DoD or classified systems
• Strong understanding of RMF, NIST SP 800-53, and DoD cybersecurity frameworks
• Experience supporting ATO processes and developing security documentation (SSP, POA&M, etc.)
• Familiarity with security assessment tools (e.g., Nessus, STIGs, vulnerability scanners)
• Working knowledge of software systems and infrastructure (cloud, networking, or embedded systems)
• Experience with at least one programming or scripting language (e.g., Python, Go, C++)
• Ability to operate in fast-paced, ambiguous environments with high ownership and accountability
• Strong communication skills and ability to work directly with technical and non-technical stakeholders

Nice To Haves

• Active Top Secret clearance
• Experience securing edge systems, distributed platforms, or mission-critical defense software
• Familiarity with DevSecOps pipelines and CI/CD security integration
• Knowledge of JSIG, NISPOM, or additional DoD/IC security frameworks
• Experience with Zero Trust architectures or cross-domain solutions
• Background in defense, aerospace, or operational military environments
• Experience deploying systems into classified or disconnected (air-gapped) environments

Responsibilities

• Own the end-to-end security posture of Rune systems across development, deployment, and sustainment
• Automate vulnerability scanning and document generation processes with CI/CD, scripting and/or AI tools
• Lead and execute RMF (Risk Management Framework) processes, including system categorization, control selection, assessment, authorization, and continuous monitoring
• Develop and maintain security artifacts (e.g., SSPs, POA&Ms, control matrices) to support Authority to Operate (ATO)
• Tailor and implement NIST 800-53 controls and ensure compliance across cloud, edge, and air-gapped environments
• Partner with engineering teams to integrate secure design principles and DevSecOps practices into the software development lifecycle
• Conduct vulnerability assessments, security scans, and risk analyses, and drive remediation efforts
• Translate commercial technology standards into classified and operational environments
• Collaborate with Information System Owners, government stakeholders, and accrediting authorities to meet mission and compliance requirements
• Support deployment of secure systems in real-world environments, including field testing and operational validation
• Advise on security architecture, threat modeling, and secure coding practices across the platform
• Continuously improve monitoring, automation, and tooling to reduce accreditation and compliance overhead

Benefits

• Rune offers top-tier benefits for full-time employees to include a full suite of insurance options at no cost for employees and low-cost to spouses and dependents.
• Highly competitive equity grants are also included in the majority of full time offers and are considered part of Rune's total compensation package.
• Benefits include: Comprehensive medical, dental, and vision plans; premiums 100% covered by Rune for all employees; exceptionally low premiums for spouses and dependents
• Basic life insurance and disability 100% covered for all employees by Rune; option to purchase additional life insurance available
• ‘Take the time off that you need, when you need it’ paid time off, not accrual based
• Generous company holiday calendar including a holiday shutdown in December
• Supportive leave of absence program including time off for military service, medical events, and parental leave
• Full 401(k) retirement plan for all full-time eligible employees
• Company-funded commuter benefits
• Free access to on-site gym at office