Network Intrusion Detection Engineer

We are seeking a highly skilled Network Intrusion Detection Engineer to join our cybersecurity operations team. In this role, you will design, deploy, and optimize advanced IDS/IPS solutions across a multi-network enterprise, ensuring proactive network defense and seamless integration with security infrastructure.

This is a long-term contract with benefits and requires a TS/SCI (Poly preferred) clearance.

Key Responsibilities

• Architect, deploy, and maintain IDS/IPS environments using Suricata, Snort, and Corelight.
• Develop and fine-tune YAML configuration files to enhance detection accuracy and minimize false positives.
• Troubleshoot performance issues involving NIC hardware (DMA, RSS, interrupt coalescing) and tune Suricata accordingly.
• Collaborate with threat detection and SOC teams to integrate IDS/IPS with SIEM platforms and other analytic tools.
• Author detailed documentation on system configuration, tuning, and deployment processes.

Required Qualifications

• Hands-on experience with network IDS/IPS technologies (Suricata, Snort, Corelight).
• Demonstrated proficiency managing and optimizing YAML-based configurations.
• Active TS/SCI clearance with CI Poly preferred.

Preferred Qualifications

• Strong scripting skills with Python, Bash, or Ansible/YAML for automation.
• Deep understanding of network protocols, intrusion detection methodologies, and event correlation.
• Experience integrating Suricata with Splunk or similar SIEM platforms.
• Familiarity with containerized deployments (Docker/Kubernetes).
• Exposure to NDR/XDR technologies (Trellix/FireEye, Corelight, Vectra AI, Darktrace, Cisco Analytics, Fortinet, Trend Vision).
• Excellent communication and documentation abilities.
• Self-starter capable of working independently and collaboratively.