Cyber Security Engineer

About Us:

RunBuggy is the most technically advanced automotive logistics platform on the market. Period.

Backed by Porsche Ventures and Hearst Ventures, RunBuggy is transforming the way cars move. Our cutting-edge technology is trusted by some of the largest OEMs, captive finance companies, and automotive lenders in the world to streamline vehicle transportation at scale.

RunBuggy’s end-to-end platform connects car shippers and haulers in real time - eliminating the friction of traditional load boards and costly custom software. For shippers, RunBuggy integrates directly into existing management systems, reducing transportation costs and accelerating delivery timelines. For transporters, we offer a smarter, more profitable way to find, accept, and manage loads - all from a single app.

Since launching in 2019, RunBuggy has grown to over 150 team members, facilitated the movement of hundreds of thousands of vehicles, and attracted tens of thousands of transporters across the U.S.

We’re not just building a better logistics platform - we’re redefining the future of automotive transportation.

About the Role:

Are you passionate about defending digital frontiers and tackling the latest cyber threats? At RunBuggy, we’re searching for a Cyber Security Engineer who thrives on challenge and innovation. In this pivotal role, you’ll be part of our Engineering team, safeguarding both our products and infrastructure. You’ll lead the charge in identifying and neutralizing emerging threats, investigating incidents, and driving rapid resolutions that keep our business secure and resilient.

Bring your hands-on expertise in cloud and on-premises security automation, infrastructure-as-code, and DevSecOps practices to a team that values proactive problem-solving and continuous improvement. If you’re ready to make a real impact and grow your career in a fast-paced, collaborative environment, we want to hear from you!

What You Will Be Doing:

Kubernetes & Microservices Security

• Architect and enforce security policies for Kubernetes clusters and containerized applications, including Azure Kubernetes Service (AKS) and integration with service meshes (e.g., Istio).
• Integrate security checks into CI/CD pipelines (e.g., GitHub Actions, Azure DevOps), automate vulnerability scanning (e.g., SonarQube, Coverity, Kube-Bench, Kube-Hunter, Falco), and manage secure base container images.
• Apply security hardening using distroless images and CIS benchmarks for Kubernetes.
• Automate infrastructure provisioning and security controls using tools like Terraform and Ansible.

Network & Web Security

• Configure and maintain network and web firewalls, ACLs, secure routing, and SSL/TLS termination at ingress points.
• Implement encryption, MFA, and secure access controls across services, including integration with CDNs (e.g., Akamai) and OAuth providers (e.g., Apigee).
• Model after AWS and Azure security best practices, staying current on the latest trends and features.

Threat Detection & Incident Response

• Deploy and manage tools such as Falco, GuardDuty, IDS/IPS, and X-ray for container image scanning.
• Monitor logs and metrics using platforms such as Grafana, Prometheus, and the Elastic Stack (Kibana, Fluentd).
• Lead incident response efforts, including investigation, documentation, and remediation of security events.
• Develop and automate expiration reporting for secrets, keys, and certificates, and implement proactive alerting for expiring credentials.

Compliance & Documentation

• Ensure adherence to frameworks such as NIST CSF and ISO 27001.
• Maintain and update security documentation, playbooks, and standard operating procedures.
• Assist with maintaining and updating the incident response policy, plan, and playbooks.

Automation & DevSecOps

• Drive automation of security and infrastructure tasks using Infrastructure-as-Code (Terraform, Azure Bicep), configuration management (Ansible, Ansible Tower), and GitOps tools (ArgoCD, Flux).
• Lead migration initiatives from on-premises to cloud and from licensed to open-source tools, optimizing for cost and security.
• Mentor and train team members on security automation and best practices.

What You Bring to the Team by Way of Skills and Experience

• 5+ years of experience as a security engineer or DevSecOps engineer supporting development, infrastructure, and incident response teams in cloud environments (Azure, AWS).
• Bachelor’s or Master’s degree in Computer Science, IT, Cyber Security, or related field.
• Demonstrated understanding of Cyber Security Engineer principles, secure SDLC, and incident detection and response.
• Deep knowledge of secure coding practices, security gateways, and threat modeling as part of the secure software development lifecycle.
• Hands-on experience with CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins), container security, and automation scripting (Shell, Python, Perl).
• Proficiency with infrastructure automation (Terraform, Ansible), service mesh (Istio), and monitoring/logging tools (Grafana, Prometheus, Elastic Stack).
• Experience with advanced persistent threats, phishing, social engineering, and enhanced authentication methods.
• Familiarity with cyber security frameworks (NIST CSF, ISO 27001) and compliance requirements.
• Strong attention to detail, QA skills, and a proactive approach to problem-solving.

Certificates, Licenses, and/or Registrations:

• Professional certifications such as Certified Ethical Hacker (CEH), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Cloud Security Professional (CCSP) are preferred.

What is in it for You and Why you Should Apply:

• Market competitive pay based on education, experience, and location.
• Highly competitive medical, dental, vision, Life w/ AD&D, Short-Term Disability insurance, Long-Term Disability insurance, pet insurance, identity theft protection, and a 401(k) retirement savings plan.
• Employee wellness program.
• Employee rewards, discounts, and recognition programs.
• Generous company-paid holidays (12 per year), vacation, and sick time.
• Paid paternity/maternity leave.
• Monthly connectivity/home office stipend if working from home 5 days a week.
• A supportive and positive space for you to grow and expand your career.

Pay Range Disclosure:

The advertised range represents the expected pay range for this position at the time of posting based on education, experience, skills, location, and other factors.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

RunBuggy is an equal-opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination, harassment, and retaliation on the basis of race, color, religion, sex (including gender identity and sexual orientation), pregnancy, parental status, national origin, age, disability, genetic information, or any other status protected under federal, state, or local law.

Applicants must be currently authorized to work in the United States.

Please, no agencies.