Responsibilities
- Designing, deploying, and maintaining Suricata IDS/IPS systems across enterprise networks.
- Developing, reviewing, and optimizing Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positives.
- Understanding and managing the interaction between Suricata’s YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
- Tuning Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.
- Collaborating with security teams to integrate Suricata with SIEM and other security monitoring platforms.
- Troubleshooting installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuning.
- Identifying and mitigating common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues.
- Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
- Staying current with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.
Requirements
- Proven experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration files.
- Strong knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modules.
- Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SELinux configuration, and system optimization.
- Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards.
- Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.
- Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment.
- Experience with scripting languages (Bash, Python) to automate Suricata configuration and deployment tasks.
- TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.
- Associate’s degree and 5+ years of experience supporting IT projects and activities or Bachelor’s degree and 3+ years of experience supporting IT projects and activities or Master’s degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
- DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
- Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date.
Nice to Have
- Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation.
- Experience integrating Suricata with Splunk, or other SIEM solutions.
- Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments.
- Familiarity with common Linux operating systems, including RHEL, Oracle, CentOS.
- Familiarity with other industry-standard IDS/IPS solutions and related technologies.
- Ability to be a self-starter, work without considerable direction, and work with a team.
- Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations.
