IDS/IPS Cyber Security Engineer (Forescout) - TS/SCI CI Poly

About The Position

Requirements

• Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files.
• Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules.
• Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (puTTY, SSH, etc.)
• Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards.
• Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.
• Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment.
• TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.
• Associate’s degree and 5+ years of experience supporting IT projects and activities or Bachelor’s degree and 3+ years of experience supporting IT projects and activities or Master’s degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
• DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
• Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date.

Nice To Haves

• Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks.
• Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation.
• Experience integrating Suricata with Splunk, or other SIEM solutions.
• Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments.
• Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc.
• Ability to be a self-starter, work without considerable direction, and work with a team.
• Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Responsibilities

• Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks.
• Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives.
• Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
• Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.
• Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.
• Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning.
• Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues.
• Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
• Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option