Network intrusion detection engineer

Requirements Must have:

• Proven experience with Snort, Suricata, Corelight, or other network-based IDS/IPS systems, with hands-on management of YAML configuration files.
• Strong understanding of configuration structure, syntax, and its impact on detection rules, logging, and output modules.
• Extensive administration experience with Red Hat Enterprise Linux (RHEL), including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization utilizing Unix CLI and other remote shell access methods.
• Hands-on tuning experience with Suricata for high-performance packet capture using advanced network interface cards like Napatech NICs.
• Familiarity with NIC-specific features such as DMA, Receive Side Scaling, interrupt moderation, and offload capabilities, and their configurations for Suricata.
• Experience troubleshooting Suricatas interaction with NIC drivers and kernel modules in an enterprise context.
• TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.
• Bachelors degree with 5+ years of relevant IT project experience or a Masters degree with 1+ year, with potential experience in lieu of degree.
• DoD 8570 IAT Level II Certification, such as Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
• Ability to obtain a DoD 8570 Cyber Security Service Provider – Infrastructure Support Certification within 60 days of hire.
• Proficiency in scripting languages (Bash, Python, YAML/Ansible) for automating Suricata configuration and deployment.
• Comprehensive understanding of network protocols, intrusion detection techniques, and security event correlation.
• Experience linking Suricata with Splunk or other SIEM platforms.
• Knowledge regarding containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments.
• Familiarity with Detection and Response solutions, including Trellix/Fire Eye, Corelight, and Cisco Security Network Analytics.
• Strong ability to work independently, with a proactive attitude, as well as collaboratively in a team setting.
• Excellent verbal and written communication skills, relevant for client interactions and teamwork coordination.

• Design, deploy, and maintain IDS/IPS systems across a vast enterprise comprising multiple networks.
• Develop, analyze, and enhance YAML configuration files for maximal detection efficacy and reduction of false positives.
• Manage the relationship between YAML configurations and the runtime engine, focusing on rule loading, protocol decoding, and logging.
• Optimize IDS/IPS performance on NICs, configuring Direct Memory Access, RSS queues, interrupt coalescing, and specialized NIC features.
• Collaborate with security teams to integrate IDS/IPS with SIEM and other security monitoring systems.
• Troubleshoot installation and operational challenges related to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance fine-tuning.
• Identify and resolve common issues when deploying IDS/IPS in extensive enterprise environments, including package dependencies and NIC configuration problems.
• Provide thorough documentation and runbooks for Suricata configurations, NIC tuning, and deployment protocols.
• Keep updated with the latest Platform IDS/IPS Software releases, NIC driver updates, and network interface tuning best practices.

Telos Corporation, Reston, VA — we safeguard critical IT assets for security-conscious organizations. We offer a competitive compensation package including generous paid time off, medical/dental/vision coverage, tuition reimbursement, and a robust 401k plan.