IDS and IPS Cyber Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Booz Allen Hamilton · 1 week ago

IDS and IPS Cyber Security Engineer

positionColorado Springs, CO
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$99K/yr - $225K/yr
date3+ years exp

Booz Allen Hamilton is seeking an experienced IDS and IPS Cyber Security Engineer to join their cybersecurity team. The ideal candidate will be responsible for designing, deploying, and maintaining Intrusion Detection and Prevention Systems (IDS/IPS) across a large enterprise, ensuring optimal performance and integration with security monitoring platforms.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks
Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives
Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging
Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features
Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms
Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning
Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues
Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes
Stay current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement

Qualification

Linux engineeringYAML configuration managementSuricataRed Hat Enterprise LinuxNetwork IDS/IPS systemsNIC performance tuningDoD 8570 IAT Level II CertificationScripting languagesCommunication skills

Required

Experience working with network IDS/IPS systems such as Snort, Suricata, or Corelight, including hands-on management of YAML configuration files
Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, such as yumor or dnf, kernel module management, SE-Linux configuration, and system optimization via Unix CLI and remote shell access vectors, such as puTTY or SSH
Experience tuning Suricata for high-performance packet capture with Napatech NICs or advanced network interface cards
Experience with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment
Knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules
Active TS/SCI clearance; willingness to take a polygraph exam
Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities
DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date

Preferred

Experience with scripting languages, such as Bash, Python, YAML, or Ansible to automate Suricata configuration and deployment tasks
Experience integrating Suricata with Splunk or other SIEM solutions
Experience with Detection and Response (NDR) solutions, including with Trellix or FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, or Trend Vision
Knowledge of network protocols, intrusion detection methodologies, and security event correlation
Knowledge of containerized deployments of Suricata, such as Docker or Kubernetes, in enterprise environments
Ability to be a self-starter, work without considerable direction, and work with a team
Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Benefits

Health
Life
Disability
Financial
Retirement benefits
Paid leave
Professional development
Tuition assistance
Work-life programs
Dependent care

Company

Booz Allen Hamilton

twittertwittertwitter
Glassdoor4.2
company-logo
Booz Allen Hamilton is a consulting firm that specializes in analytics, technology, and engineering.
dateFounded in 1914
location
Mclean, Virginia, USA
people-size10001+ employees
web-link
http://www.boozallen.com

Funding

Current Stage
Public Company
Total Funding
$3.03B
2025-03-11Post Ipo Debt· $650M
2023-08-01Post Ipo Debt· $650M
2020-08-13Post Ipo Debt· $700M

Leadership Team

leader-logo
Matthew Calderone
Chief Financial Officer and Executive Vice President
linkedin
leader-logo
Kristine Anderson
Chief Operating Officer
linkedin

Recent News

Fortune
BP’s C-suite milestone: Women in both the CEO and CFO seats
2025-12-19
The Motley Fool
Why Booz Allen Hamilton Fell Today
2025-12-17
Washington Technology
A trio of C-level moves to note at Booz Allen, Leidos and SAIC
2025-12-17
Company data provided by crunchbase