Classified Systems Specialist

Spyrosoft is a software engineering company established in 2016, specializing in technology solutions for industry 4.0, automotive, geospatial, healthcare & life sciences, employee experience & education, and financial services industries. The role is within the Spyrosoft Defence & Aerospace Business Unit, focusing on design, accreditation, and operation of highly secure and classified systems compliant with national and international security standards.

• Knowledge and ability to design classified system architectures
• Knowledge of cryptographic techniques and key lifecycle management
• Knowledge of physical security zones and access control systems
• Knowledge of Secure SDLC and cybersecurity testing techniques
• Knowledge of incident management and risk analysis
• Strong communication skills
• Personal security clearance or willingness to obtain it
• Knowledge of relevant standards and regulations (ISO/IEC, NATO, NIST, etc.)

Nice to have:

• Experience working with public administration, defense, and/or security sector
• Knowledge of Polish regulations concerning protection of classified information
• Knowledge of security accreditation procedures for classified systems
• Information classification and access management
• Cooperation with auditors and government authorities
• Documentation of design decisions related to data security
• Ability to justify selected technical solutions in classified systems
• Ability to manage procedures related to design, certification, and accreditation of classified systems
• Ability to create documentation for secure systems including security policies and procedures (SSR, SOP)
• Configuration management for projects and classified systems
• Conducting audits and inspections of classified systems
• Training integrators and users of classified systems

Classified Systems Architecture:

• Design classified system architectures including stand-alone systems vs. segregated networks, air-gapped environments, network segmentation, defense-in-depth strategies, threat modeling, secure by design/default approaches, OS hardening, system integrity control, minimization of Trusted Computing Base in High Assurance Systems, integration and configuration in closed environments, selection of system components (e.g., TEMPEST, EMC emissions, data media protection), patch and update management in isolated environments

Networking:

• Design high-security networks
• Network traffic analysis
• Network security hardening

Cryptography:

• Knowledge of cryptographic techniques
• Key generation and secure storage
• Implementation of cryptography in compliance with government requirements
• Cryptographic key lifecycle management

Physical Security:

• Basic knowledge of security zones/protected areas
• Basic knowledge of physical access control systems

System Assessment & Cybersecurity:

• Evaluation of system components
• Knowledge of Secure SDLC
• Dependency management (VM/VA, SBOM)
• Integration of components in isolated environments
• Knowledge of cybersecurity testing techniques
• Planning and supervision of tests confirming security levels for classified systems
• Verification of cybersecurity test reports

Risk & Incident Management:

• Knowledge of incident management procedures
• Reporting to relevant authorities
• Planning and supervision of incident response procedures
• Threat identification
• Risk analysis (qualitative and quantitative)
• Selection of security controls
• Residual risk acceptance

Other Requirements:

• Strong communication skills within project teams, with clients, and with certification/accreditation bodies
• Preparation of customer proposals/offers

Security Clearance:

• Personal security clearance at TAJNE, NATO SECRET, or SECRET UE / EU SECRET level or willingness to undergo clearance procedure

Standards & Regulations:

• Knowledge of ISO/IEC 27000 series, ISO/IEC 15408, NATO INFOSEC/cryptographic standards, Security Policy, NIS2, CRA, NIST, NATO/STANAG, Common Criteria

Additional Advantages:

• Experience working with public administration, defense, and/or security sector

Personal security clearance at the level of TAJNE, NATO SECRET, or SECRET UE / EU SECRET is required or willingness to undergo a security clearance procedure.