Suricata Engineer - Active TS/SCI with CI Poly

We are seeking an experienced Suricata Engineer to join our cybersecurity team. The ideal candidate will possess deep technical expertise in Suricata, particularly in understanding and managing its YAML configuration files, and how these configurations integrate and influence the Suricata Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). You will play a critical role in deploying, tuning, and maintaining Suricata within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux.A key focus of this role will be tuning Suricata to operate optimally with Napatech network interface cards (NICs), ensuring high-performance packet capture and processing while minimizing packet loss and system resource overhead.What You'll Work On: Designing, deploying, and maintaining Suricata IDS/IPS systems across enterprise networksDeveloping, reviewing, and optimizing Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positivesUnderstanding and managing the interaction between Suricata's YAML configuration and its runtime engine, including rule loading, protocol decoding, and loggingTuning Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration featuresCollaborating with security teams to integrate Suricata with SIEM and other security monitoring platformsTroubleshooting installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuningIdentifying and mitigating common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issuesProvide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processesStaying current with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancementRequirementsProven experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration filesStrong knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modulesExtensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SELinux configuration, and system optimizationHands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cardsFamiliarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for SuricataExperience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environmentExperience with scripting languages (Bash, Python) to automate Suricata configuration and deployment tasksTS/SCI clearance with the ability to obtain a counter-intelligence polygraphAssociate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degreeDoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND CertificationAbility to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start dateNice If You Have: Proficient understanding of network protocols, intrusion detection methodologies, and security event correlationExperience integrating Suricata with Splunk, or other SIEM solutionsKnowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environmentsFamiliarity with common Linux operating systems, including RHEL, Oracle, CentOSFamiliarity with other industry-standard IDS/IPS solutions and related technologiesAbility to be a self-starter, work without considerable direction, and work with a teamPossession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relationsBenefitsEssential Network Security (ENS) Solutions, LLC is a service-disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results. Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to our clients.Why ENS?Free Platinum-Level Medical/Dental/Vision coverage, 100% paid for by ENS401k Contribution from Day 1PTO + 11 Paid Federal HolidaysLong & Short Term Disability InsuranceGroup Term Life InsuranceTuition, Certification & Professional Development AssistanceWorkers' CompensationRelocation AssistanceCandidate AI Usage PolicyAI tools are an important part of daily work at ENS Solutions, and we are committed to their responsible and ethical use. To ensure a fair and equitable candidate evaluation based on individual skills, knowledge, and experience, candidates are not permitted to use artificial intelligence or other assistive tools during interviews, whether in person or virtual, unless explicit permission has been granted in advance.