Senior Cybersecurity Engineer (Defence)

Project description:

We're looking for a Senior Cybersecurity Engineer with a strong background in designing, implementing, and validating security mechanisms across diverse systems and environments. The ideal candidate will have deep expertise in cybersecurity engineering principles, secure architecture, risk assessment, and vulnerability management, supported by strong analytical and problem‑solving skills. Experience with embedded systems security is highly desirable and considered a significant advantage. This role requires excellent communication skills to translate complex technical risks into clear, actionable recommendations for engineering teams and stakeholders.

Tech stack:

• Secure boot, firmware security, OTA

• Cryptography (AES, RSA, ECC) & hardware security (TPM, HSM, TrustZone)

• Embedded interfaces & protocols: CAN, LIN, Modbus, BLE, Wi-Fi, TCP/IP, NFC

• Hardware interfaces: JTAG, UART, SPI, I²C

• Cloud IoT platforms & secure communication: AWS/Azure/GCP IoT, TLS/DTLS, MQTT(S), SSH, TLS, IPSEC

• Secure code review (C/C++, Rust, Python) & DevSecOps / CI/CD security

Requirements:

• Proven experience in designing security solutions for embedded systems, IoT devices, and cloud-connected architectures

• Strong background in identifying, exploiting, and documenting security weaknesses across a broad range of environments

• Deep understanding of embedded security attack vectors: side-channel attacks, fault injection, firmware tampering, replay attacks, MITM Experience with vulnerability scanning, fuzzing, exploit development, and hardware-level security assessment

• Solid knowledge of secure communication protocols, cryptography, secure mechanisms used in embedded, secure firmware design, cybersecurity testing

• Ability to translate complex technical findings into clear, actionable recommendations for both technical and non-technical stakeholders

• Familiarity with risk assessment frameworks such as ISO 21434, IEC 62443, ISO 27005, IEC 81001-5-1, UL 2900, DO‑326A

• Understanding of data protection requirements (GDPR / HIPAA) in cloud-integrated IoT ecosystems

• Experience with secure SDLC, DevSecOps, and CI/CD security practices

• Strong analytical, problem-solving, and communication skills

• Relevant certifications is must, such as OSCE, OSCP, GPEN, CompTIA PenTest+

• Polish - Fluent/Native

• Willingness to go through the mandatory personal security clearance verification procedure or having personal security clearance up to level NATO Secret/Tajne

• Willingness to go through mandatory checks required to be admitted to work with defense-related technologies.

• Willingness to work predominantly from Spyrosoft's Wrocław office.

The candidate will be required to undergo personal security clearance and procedures for admission to work with defence-related technologies (Koncesja MSWiA).

Additional Advantages

· Experience in working with public administration, defence, and/or security industry

· Knowledge of NATO/STANAG standards