Demo

IDS/IPS Cyber Security Engineer, Mid

DAn Solutions
Washington, DC Full Time
POSTED ON 7/6/2026
AVAILABLE BEFORE 1/6/2031

REQUIRES AN EXISTING/ACTIVE TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE

Job Description:

We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands-on engineering and O&M experience with Suricata and/or other network-based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux.

What You'll Work On:

· Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks.

· Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives.

· Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.

· Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.

· Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.

· Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning.

· Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues.

· Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.

· Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.

Basic Qualifications:

· Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files.

· Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules.

· Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (puTTY, SSH, etc.)

· Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards.

· Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.

· Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment.

· TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.

· Associate's degree and 5 years of experience supporting IT projects and activities or Bachelor's degree and 3 years of experience supporting IT projects and activities or Master's degree and 1 years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.

· DoD 8570 IAT Level II Certification, including Security CE, CCNA-Security, GSEC, SSCP, CySA , GICSP, or CND Certification.

· Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA , GICSP, SSCP, CHFI, CFR, Cloud , or CND Certification, within 60 days of start date.


Additional Qualifications:

· Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks.

· Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation.

· Experience integrating Suricata with Splunk, or other SIEM solutions.

· Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments.

· Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc.

· Ability to be a self-starter, work without considerable direction, and work with a team.

· Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Salary.com Estimation for IDS/IPS Cyber Security Engineer, Mid in Washington, DC
$108,148 to $140,762
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a IDS/IPS Cyber Security Engineer, Mid?

Sign up to receive alerts about other jobs on the IDS/IPS Cyber Security Engineer, Mid career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$99,793 - $130,112
Income Estimation: 
$125,027 - $157,872
Income Estimation: 
$94,625 - $127,578
Income Estimation: 
$132,795 - $178,786
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at DAn Solutions

  • DAn Solutions Reston, VA
  • REQUIRES AN EXISTING/ACTIVE TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE Job Description: As a security engineer on our team, you'll evalua... more
  • 6 Days Ago

  • DAn Solutions Reston, VA
  • REQUIRES AN EXISTING/ACTIVE TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE Job Description: As a Linux and Ansible Automation Engineer on our... more
  • 6 Days Ago

  • DAn Solutions Washington, DC
  • This is a placeholder for all internal referral and anyone that has been referred over for clearance. Please do not apply if this is not that case for you ... more
  • 7 Days Ago

  • DAn Solutions Washington, DC
  • MUST HAVE AN ACTIVE TS/SCI CI POLY AND MUST WORK ON SITE / NO REMOTE WORK Position description: The SharePoint Administrator will work as part of a collabo... more
  • 7 Days Ago


Not the job you're looking for? Here are some other IDS/IPS Cyber Security Engineer, Mid jobs in the Washington, DC area that may be a better fit.

  • IDS International Arlington, VA
  • Job Title Cyber Virtualization Engineer Why IDS? IDS believes in resolving conflict, building innovative approaches to do so. Combining operational experti... more
  • 20 Days Ago

  • Chenega MIOS SBU Vienna, VA
  • Summary Mid Cyber Security Engineer Vienna, VA Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you l... more
  • 18 Days Ago

AI Assistant is available now!

Feel free to start your new journey!