Suricata Cybersecurity Engineer Job at Phase2 Technology in Colorado Springs

Suricata Cybersecurity Engineer

The Opportunity:

We are seeking an experienced Suricata Engineer to join our cybersecurity team. You will leverage your deep technical expertise in Suricata, particularly in understanding and managing its YAML configuration files, and how these configurations integrate and influence the Suricata Intrusion Detection Systems or Intrusion Prevention Systems (IDS/IPS).

A key focus of this role will be tuning Suricata to operate optimally with network interface cards (NICs), ensuring high-performance packet capture and processing while minimizing packet loss and system resource overhead.

Work with us as we secure and protect our nation's most sensitive capabilities.

What You'll Work On:

• Design, deploy, and maintain Suricata IDS/IPS systems across enterprise networks.
• Develop, review, and optimize Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positives.
• Understand and manage the interaction between Suricata's YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
• Tune Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.
• Collaborate with security teams to integrate Suricata with SIEM and other security monitoring platforms.
• Troubleshoot installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuning.
• Identify and mitigate common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues.
• Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
• Stay up-to-date with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.

You Have:

• Experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration files.
• Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, kernel module management, SELinux configuration, and system optimization.
• Experience tuning Suricata for high-performance packet capture with advanced NICs such as Napatech NICs, and with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.
• Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment.
• Experience with scripting languages, including Bash or Python, to automate Suricata configuration and deployment tasks.
• Knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modules.
• Active TS/SCI clearance; willingness to take a polygraph exam.
• Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, Master's degree and 1+ years of experience supporting IT projects and activities, or 7+ years of experience supporting IT projects and activities in lieu of a degree.
• DoD 8570 IAT Level II Certification such as Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
• Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification such as CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date.

Nice If You Have:

• Experience integrating Suricata with Splunk, or other SIEM solutions.
• Experience with common Linux operating systems, including Oracle or CentOS.
• Experience with other industry-standard IDS/IPS solutions and related technologies.
• Knowledge of containerized deployments of Suricata such as Docker or Kubernetes, in enterprise environments.
• Knowledge of network protocols, intrusion detection methodologies, and security event correlation.
• Ability to be a self-starter, work without considerable direction, and work with a team.
• Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations.

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Commitment to Non-Discrimination:

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Booz Allen is an equal employment opportunity employer and is committed to diversity, equity, and inclusion.