Classified Systems Specialist

At Spyrosoft Solutions, the Defence & Aerospace Business Unit is expanding activities in the defence and security sectors, launching new projects and engaging with prospective customers.

• Knowledge and ability to design classified system architectures including stand-alone systems vs. segregated networks, air-gapped environments and controlled data transfers, network segmentation, defense-in-depth strategies, threat modeling, secure by design / secure by default approaches, OS hardening, system integrity control, minimization of the Trusted Computing Base (TCB) in High Assurance Systems (HAS), integration and configuration in closed environments, selection of system components (e.g., TEMPEST, EMC emissions, data media protection), patch and update management in isolated environments
• Design of high-security networks, network traffic analysis, network security hardening
• Knowledge of cryptographic techniques, key generation and secure storage, implementation of cryptography in compliance with government requirements, cryptographic key lifecycle management
• Basic knowledge of security zones/protected areas and physical access control systems
• Evaluation of system components, knowledge of Secure SDLC, dependency management (VM/VA, SBOM), integration of components in isolated environments, knowledge of techniques used in cybersecurity testing
• Planning and supervision of tests confirming achievement and maintenance of the required security level for classified systems, verification of cybersecurity test reports
• Knowledge of incident management procedures, reporting to relevant authorities, planning and supervision of incident response (IR) procedures, threat identification, risk analysis (qualitative and quantitative), selection of security controls, residual risk acceptance
• Strong communication skills within project teams, communication with clients, communication with certification and/or accreditation bodies, preparation of customer proposals/offers
• Personal security clearance at the level of TAJNENATO SECRET or SECRET UE / EU SECRET or willingness to undergo a security clearance procedure
• Knowledge of standards and regulations including ISO/IEC 27000 series, ISO/IEC 15408, NATO INFOSEC / cryptographic standards, Security Policy, NIS2, CRANIST, NATO/STANAG, Common Criteria
• Languages: Polish (C2), English (C1)

• Management of classified systems
• Knowledge of Polish regulations concerning the protection of classified information
• Knowledge of security accreditation procedures for classified systems
• Information classification and access management
• Cooperation with auditors and government authorities
• Documentation of design decisions related to data security
• Ability to justify selected technical solutions in classified systems
• Ability to manage procedures related to the design, certification, and accreditation of classified systems
• Ability to create documentation for secure systems, including security policies and procedures such as Special Security Requirements (SSR) and Secure Operating Procedures (SOP)
• Configuration management for projects and classified systems
• Conducting audits and inspections of classified systems
• Training integrators and users of classified systems

Personal security clearance at the level of TAJNENATO SECRET or SECRET UE / EU SECRET or willingness to undergo a security clearance procedure is required.