Apply on Employer Site

GuidePoint Security · 4 weeks ago

IDS/IPS Cyber Security Engineer (Forescout) - TS/SCI CI Poly

Reston, VA

Full-time

Onsite

Mid, Senior Level

3+ years exp

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team, responsible for deploying, tuning, and maintaining IDS/IPS systems within a complex enterprise IT environment.

Cyber SecurityInformation TechnologySecurity

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks

Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives

Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging

Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features

Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms

Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning

Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues

Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes

Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement

Qualification

SuricataRed Hat Enterprise LinuxYAML configurationNetwork Intrusion DetectionDoD 8570 IAT Level II CertificationScripting languagesNetwork protocolsSIEM integrationCommunication skillsTeam collaboration

Required

A TS/SCI CI Poly is required

Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files

Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules

Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (puTTY, SSH, etc.)

Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards

Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata

Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment

TS/SCI clearance with the ability to obtain a counter-intelligence polygraph

Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree

DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification

Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date

Preferred

Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks

Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation

Experience integrating Suricata with Splunk, or other SIEM solutions

Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments

Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc

Ability to be a self-starter, work without considerable direction, and work with a team

Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Benefits

Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)

Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)

Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans

12 corporate holidays and a Flexible Time Off (FTO) program

Healthy mobile phone and home internet allowance

Eligibility for retirement plan after 2 months at open enrollment

Pet Benefit Option