Booz Allen Hamilton
Suricata Cyber Security Engineer, Senior
Booz Allen Hamilton, Washington, District of Columbia, us, 20022
Suricata Cyber Security Engineer, Senior
Join to apply for the
Suricata Cyber Security Engineer, Senior
role at
Booz Allen Hamilton .
Job Number: R0225365
The Opportunity We are seeking an experienced Suricata Engineer to join our cybersecurity team. You will leverage your deep technical expertise in Suricata, particularly in understanding and managing its YAML configuration files, and how these configurations integrate and influence the Suricata Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). You will play a critical role in deploying, tuning, and maintaining Suricata within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. A key focus of this role will be tuning Suricata to operate optimally with network interface cards (NICs), ensuring high-performance packet capture and processing while minimizing packet loss and system resource overhead. Work with us as we secure and protect our nation’s most sensitive capabilities.
What You’ll Work On
Designing, deploying, and maintaining Suricata IDS/IPS systems across enterprise networks.
Developing, reviewing, and optimizing Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positives.
Understanding and managing the interaction between Suricata’s YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
Tuning Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging NIC-specific acceleration features.
Collaborating with security teams to integrate Suricata with SIEM and other security monitoring platforms.
Troubleshooting installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuning.
Identifying and mitigating common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues.
Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
Staying current with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.
You Have
Experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration files
Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, kernel module management, SELinux configuration, and system optimization
Experience tuning Suricata for high-performance packet capture with advanced network interface cards, such as Napatech NICs, and with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment
Experience with scripting languages, including Bash or Python, to automate Suricata configuration and deployment tasks
Knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modules
Active TS/SCI clearance; willingness to take a polygraph exam
Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor’s degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ years of experience supporting IT projects, or 7+ years of experience supporting IT projects and activities in lieu of a degree
DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date
Nice If You Have
Experience integrating Suricata with Splunk, or other SIEM solutions
Knowledge of containerized deployments of Suricata, such as Docker or Kubernetes, in enterprise environments
Experience with common Linux operating systems, including Oracle or CentOS
Experience with other industry-standard IDS/IPS solutions and related technologies
Knowledge of network protocols, intrusion detection methodologies, and security event correlation
Ability to be a self-starter, work without considerable direction, and work with a team
Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations
Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
Employment details
Seniority level: Not Applicable
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
Referrals increase your chances of interviewing at Booz Allen Hamilton by 2x
Get notified about new Cyber Security Engineer jobs in
Washington, DC .
#J-18808-Ljbffr
Suricata Cyber Security Engineer, Senior
role at
Booz Allen Hamilton .
Job Number: R0225365
The Opportunity We are seeking an experienced Suricata Engineer to join our cybersecurity team. You will leverage your deep technical expertise in Suricata, particularly in understanding and managing its YAML configuration files, and how these configurations integrate and influence the Suricata Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). You will play a critical role in deploying, tuning, and maintaining Suricata within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. A key focus of this role will be tuning Suricata to operate optimally with network interface cards (NICs), ensuring high-performance packet capture and processing while minimizing packet loss and system resource overhead. Work with us as we secure and protect our nation’s most sensitive capabilities.
What You’ll Work On
Designing, deploying, and maintaining Suricata IDS/IPS systems across enterprise networks.
Developing, reviewing, and optimizing Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positives.
Understanding and managing the interaction between Suricata’s YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
Tuning Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging NIC-specific acceleration features.
Collaborating with security teams to integrate Suricata with SIEM and other security monitoring platforms.
Troubleshooting installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuning.
Identifying and mitigating common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues.
Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
Staying current with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.
You Have
Experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration files
Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, kernel module management, SELinux configuration, and system optimization
Experience tuning Suricata for high-performance packet capture with advanced network interface cards, such as Napatech NICs, and with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment
Experience with scripting languages, including Bash or Python, to automate Suricata configuration and deployment tasks
Knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modules
Active TS/SCI clearance; willingness to take a polygraph exam
Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor’s degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ years of experience supporting IT projects, or 7+ years of experience supporting IT projects and activities in lieu of a degree
DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date
Nice If You Have
Experience integrating Suricata with Splunk, or other SIEM solutions
Knowledge of containerized deployments of Suricata, such as Docker or Kubernetes, in enterprise environments
Experience with common Linux operating systems, including Oracle or CentOS
Experience with other industry-standard IDS/IPS solutions and related technologies
Knowledge of network protocols, intrusion detection methodologies, and security event correlation
Ability to be a self-starter, work without considerable direction, and work with a team
Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations
Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
Employment details
Seniority level: Not Applicable
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
Referrals increase your chances of interviewing at Booz Allen Hamilton by 2x
Get notified about new Cyber Security Engineer jobs in
Washington, DC .
#J-18808-Ljbffr