GuidePoint Security is hiring an IDS/IPS Cyber Security Engineer (Forescout) - TS/SCI CI Poly

GuidePoint Security is looking for an IDS/IPS Cyber Security Engineer to join our cybersecurity team. In this role, you will be essential in deploying, tuning, and maintaining network intrusion detection systems within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. We value collaboration and mentorship, and you will work with knowledgeable colleagues who are dedicated to securing our clients' networks.

What You'll Do

• Design, deploy, and maintain IDS/IPS systems across a large enterprise with multiple networks.
• Develop, review, and optimize YAML configuration files to ensure optimal detection capabilities and minimal false positives.
• Manage the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
• Tune IDS/IPS for optimal performance with NICs, configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging NIC-specific acceleration features.
• Collaborate with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.
• Troubleshoot installation and operational issues specific to IDS/IPS on RHEL, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning.
• Identify and mitigate common pitfalls in large-scale enterprise IDS/IPS deployments, including package dependencies, system resource constraints, and NIC driver issues.
• Provide detailed documentation and runbooks for Suricata configuration, NIC tuning, and deployment processes.
• Stay current with Platform IDS/IPS software releases, NIC driver updates, and community best practices for performance enhancement.

What We're Looking For

• Proven experience with Snort, Suricata, Corelight or similar network IDS/IPS systems, including hands-on management of their YAML configuration files.
• Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules.
• Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via CLI.
• Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards.
• Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.
• Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment.
• TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.
• Associate’s degree and 5+ years, Bachelor’s degree and 3+ years, or Master’s degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
• DoD 8570 IAT Level II Certification (Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND).
• Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification (CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND) within 60 days of start date.

Nice to Have

• Experience with scripting languages (Bash, Python, YAML/Ansible) to automate Suricata configuration and deployment tasks.
• Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation.
• Experience integrating Suricata with Splunk or other SIEM solutions.
• Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments.
• Experience with Network Detection and Response (NDR) solutions such as Trellix/FireEye, Corelight, Endace, Vectra AI, Darktrace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, or Trend Vision.
• Ability to be a self-starter, work without considerable direction, and collaborate effectively with a team.
• Excellent verbal and written communication skills, including experience with client briefings and coordinating efforts.

Technical Stack

• YAML, Suricata, Snort, VectraAI, Corelight
• Red Hat Enterprise Linux, Bash, Python, Ansible
• Splunk, Docker, Kubernetes

Benefits & Compensation

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employee premiums and 75% for family plans). GPS contributes $500 per employee annually / $1000 per family annually to HSAs.
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% for family plans.
• 12 corporate holidays and a Flexible Time Off (FTO) program.
• Healthy mobile phone and home internet allowance.
• Eligibility for retirement plan after 2 months at open enrollment.
• Pet Benefit Option.

Work Mode

This is an onsite position located in DC, Reston, Quantic, or College Park.

GuidePoint Security is an equal opportunity employer.