ENS Solutions, LLC
IDS / IPS Engineer - Active TS/SCI with CI Poly
ENS Solutions, LLC, Washington, District of Columbia, us, 20022
IDS / IPS Engineer - Active TS/SCI with CI Poly
We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands‑on engineering and O&M experience with Suricata and/or other network‑based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux.
What You’ll Work On
Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks
Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives
Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging
Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC‑specific acceleration features
Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms
Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE‑Linux policies, and performance tuning
Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large‑scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues
Providing detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes
Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement
Requirements
Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands‑on management of its YAML configuration files
Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules
Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE‑Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (puTTY, SSH, etc.)
Hands‑on experience tuning Suricata for high‑performance packet capture with Napatech NICs or similar advanced network interface cards
Familiarity with NIC‑specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment
TS/SCI clearance with the ability to obtain a counter‑intelligence polygraph
Associate’s degree and 5+ years of experience supporting IT projects and activities OR Bachelor’s degree and 3+ years of experience supporting IT projects and activities OR Master’s degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree
DoD 8570 IAT Level II Certification, including Security+ CE, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570 Cyber Security Service Provider – Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date
Additional Qualifications
Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks
Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation
Experience integrating Suricata with Splunk, or other SIEM solutions
Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments
Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc
Ability to be a self‑starter, work without considerable direction, and work with a team
Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts
Benefits Essential Network Security (ENS) Solutions, LLC is a service‑disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results. Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to our clients.
Why ENS?
Free Platinum‑Level Medical/Dental/Vision coverage, 100% paid for by ENS
401k contribution from Day 1
PTO + 11 Paid Federal Holidays
Long & Short Term Disability Insurance
Group Term Life Insurance
Tuition, Certification & Professional Development Assistance
Workers' Compensation
Relocation Assistance
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Other
Industries IT Services and IT Consulting
#J-18808-Ljbffr
What You’ll Work On
Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks
Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives
Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging
Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC‑specific acceleration features
Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms
Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE‑Linux policies, and performance tuning
Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large‑scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues
Providing detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes
Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement
Requirements
Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands‑on management of its YAML configuration files
Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules
Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE‑Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (puTTY, SSH, etc.)
Hands‑on experience tuning Suricata for high‑performance packet capture with Napatech NICs or similar advanced network interface cards
Familiarity with NIC‑specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment
TS/SCI clearance with the ability to obtain a counter‑intelligence polygraph
Associate’s degree and 5+ years of experience supporting IT projects and activities OR Bachelor’s degree and 3+ years of experience supporting IT projects and activities OR Master’s degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree
DoD 8570 IAT Level II Certification, including Security+ CE, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570 Cyber Security Service Provider – Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date
Additional Qualifications
Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks
Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation
Experience integrating Suricata with Splunk, or other SIEM solutions
Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments
Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc
Ability to be a self‑starter, work without considerable direction, and work with a team
Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts
Benefits Essential Network Security (ENS) Solutions, LLC is a service‑disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results. Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to our clients.
Why ENS?
Free Platinum‑Level Medical/Dental/Vision coverage, 100% paid for by ENS
401k contribution from Day 1
PTO + 11 Paid Federal Holidays
Long & Short Term Disability Insurance
Group Term Life Insurance
Tuition, Certification & Professional Development Assistance
Workers' Compensation
Relocation Assistance
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Other
Industries IT Services and IT Consulting
#J-18808-Ljbffr