IDS and IPS Cyber Security Engineer

IDS and IPS Cyber Security Engineer

The Opportunity:

We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and as well as knowledge of how these configurations integrate and influence the Intrusion Detection Systems or Intrusion Prevention Systems (IDS/IPS).

You will leverage hands‑on engineering and O&M experience with Suricata or other network‑based IDS capabilities such as Snort, Vectra

AI, or Corelight. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux.

Work with us as we secure and protect our nation's most sensitive capabilities.

• Design, deploy, and maintain IDS/IPS systems across a large enterprise with multiple networks.
• Develop, review, and optimize YAML configuration files to ensure optimal detection capabilities and minimal false positives.
• Understand and manage the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
• Tune IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC‑specific acceleration features.
• Collaborate with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.
• Troubleshoot installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE‑Linux policies, and performance tuning.
• Identify and mitigate common pitfalls encountered when deploying IDS/IPS in large‑scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues.
• Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
• Stay current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.

• Experience working with network IDS/IPS systems such as Snort, Suricata, or Corelight, including hands‑on management of its YAML configuration files.
• Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management such as yum or dnf, kernel module management, SE‑Linux configuration, and system optimization via Unix CL and remote shell access vectors such as PuTTY or SSH.
• Experience tuning Suricata for high‑performance packet capture with advanced network interface cards such as Napatech NICs.
• Experience with NIC‑specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities and how to configure them for Suricata.
• Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment.
• Knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules.
• Active TS/SCI clearance; willingness to take a polygraph exam.
• Associate’s degree and 5+ years of experience supporting IT projects and activities, OR Bachelor’s degree and 3+ years of experience supporting IT projects and activities, OR Master’s degree and 1+ years of experience supporting IT projects and activities, OR 10+ years of experience supporting IT projects and activities in lieu of a degree.
• DoD 8570 IAT Level II Certification, including Security+ CE, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
• Ability to obtain a DoD 8570 Cyber Security Service Provider – Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date.

• Experience with scripting languages such as Bash, Python, YAML, or Ansible to automate Suricata configuration and deployment tasks.
• Experience integrating Suricata with Splunk or other SIEM solutions.
• Experience with Detection and Response (NDR) solutions, including Trellix or Fire Eye, Corelight, Endace, Vectra AI,…