Classified Systems Specialist

O projekcie: Project description: At Spyrosoft Solutions, we are expanding our activities in the defence & security sectors at Spyrosoft Defence & Aerospace Business Unit. As we launch new projects and engage with prospective customers, we are looking for experienced professionals who can support the design, accreditation, and operation of highly secure and classified systems in compliance with national and international security standards. About Spyrosoft Spyrosoft is an authentic, cutting-edge software engineering company, established in 2016. In 2021 and 2022, we were among the fastest growing technology companies in Europe, according to the Financial Times. We were founded by a group of tech experts with established backgrounds in software engineering, who created an ‘engineer-to-engineer’ workplace, powered by enthusiasm, fairness and authentic relationships. Having a unique offering, which bridge the gap between technology and business, we specialise in technology solutions for industry 4.0, automotive, geospatial, healthcare & life sciences, employee experience & education and financial services industries. Wymagania: Classified Systems Architecture System Architecture - Knowledge and ability to design classified system architectures, including:- Stand-alone systems vs. segregated networks- Air-gapped environments and controlled data transfers- Network segmentation- Defense-in-depth strategies- Threat modeling- Secure by design / secure by default approaches- OS hardening- System integrity control- Minimization of the Trusted Computing Base (TCB) in High Assurance Systems (HAS)- Integration and configuration in closed environments- Selection of system components (e.g., TEMPEST, EMC emissions, data media protection, etc.)- Patch and update management in isolated environments Networking - Design of high-security networks- Network traffic analysis- Network security hardening Cryptography - Knowledge of cryptographic techniques- Key generation and secure storage- Implementation of cryptography in compliance with government requirements- Cryptographic key lifecycle management Physical Security - Basic knowledge of security zones/protected areas- Basic knowledge of physical access control systemsSystem Assessment & Cybersecurity- Evaluation of system components- Knowledge of Secure SDLC- Dependency management (VM/VA, SBOM)- Integration of components in isolated environments- Knowledge of techniques used in cybersecurity testing- Planning and supervision of tests confirming achievement and maintenance of the required security level for classified systems- Verification of cybersecurity test reportsRisk & Incident Management- Knowledge of incident management procedures- Reporting to relevant authorities- Planning and supervision of incident response (IR) procedures- Threat identification- Risk analysis (qualitative and quantitative)- Selection of security controls- Residual risk acceptanceOther Requirements- Strong communication skills within project teams- Communication with clients- Communication with certification and/or accreditation bodies- Preparation of customer proposals/offersSecurity Clearance- Personal security clearance at the level of:- TAJNE- NATO SECRET- SECRET UE / EU SECRET- or willingness to undergo a security clearance procedureStandards & Regulations- Knowledge of:- ISO/IEC 27000 series- ISO/IEC 15408- NATO INFOSEC / cryptographic standards- Security Policy- NIS2- CRA- NIST- NATO/STANAG- Common CriteriaLanguages- Polish - C2- English - C1Additional Advantages- Experience working with public administration, defense, and/or the security sector Codzienne zadania: - Management of classified systems - Knowledge of Polish regulations concerning the protection of classified information - Knowledge of security accreditation procedures for classified systems - Information classification and access management - Cooperation with auditors and government authorities - Documentation of design decisions related to data security - Ability to justify selected technical solutions in classified systems - Ability to manage procedures related to the design, certification, and accreditation of classified systems - Ability to create documentation for secure systems, including security policies and procedures, such as Special Security Requirements (SSR) and Secure Operating Procedures (SOP) - Configuration management for projects and classified systems - Conducting audits and inspections of classified systems - Training integrators and users of classified systems