CREATEYOUR CAREER

CREATE AND GROW WITH US

Your growth matters to us - explore our career development opportunities.

BE EMPOWERED TO SUCCEED

Connect with others in our people-first culture and enhance our collective ingenuity.

SUPPORT YOUR WELLBEING

Learn how we’ll support you as you pursue a balanced, fulfilling life.

YOUR CANDIDATE JOURNEY

Discover what to expect during your journey as a candidate with us.

Job Description

Remote Work:
No
Job Number:
R0230698
Location:
Washington,DC,US
Additional Locations:
  • Colorado Springs, Colorado, USA
  • Norfolk, Virginia, USA
  • Reston, Virginia, USA
  • Riverdale, Maryland, USA
IDS and IPS Cyber Security Engineer

The Opportunity:

We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS).

You will leverage hands-on engineering and O&M experience with Suricata or other network-based IDS capabilities such as Snort, VectraAI, or Corelight. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux.

Work with us as we secure and protect our nation's most sensitive capabilities.

What You’ll Work On:

  • Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks.
  • Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives.
  • Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
  • Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.
  • Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.
  • Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning.
  • Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues.
  • Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
  • Stay current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.

Join us. The world can’t wait.

You Have:

  • Experience working with network IDS/IPS systems such as Snort, Suricata, or Corelight, including hands-on management of YAML configuration files
  • Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, such as yumor or dnf, kernel module management, SE-Linux configuration, and system optimization via Unix CLI and remote shell access vectors, such as puTTY or SSH
  • Experience tuning Suricata for high-performance packet capture with Napatech NICs or advanced network interface cards
  • Experience with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata
  • Experience troubleshooting Suricata’s interaction with NIC drivers and kernel modules in an enterprise environment
  • Knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules
  • Active TS/SCI clearance; willingness to take a polygraph exam
  • Associate’s degree and 5+ years of experience supporting IT projects and activities or Bachelor’s degree and 3+ years of experience supporting IT projects and activities or Master’s degree and 1+ years of experience supporting IT projects and activities
  • DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
  • Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date

Nice If You Have:

  • Experience with scripting languages, such as Bash, Python, YAML, or Ansible to automate Suricata configuration and deployment tasks
  • Experience integrating Suricata with Splunk or other SIEM solutions
  • Experience with Detection and Response (NDR) solutions, including with Trellix or FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, or Trend Vision
  • Knowledge of network protocols, intrusion detection methodologies, and security event correlation
  • Knowledge of containerized deployments of Suricata, such as Docker or Kubernetes, in enterprise environments
  • Ability to be a self-starter, work without considerable direction, and work with a team
  • Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

  • If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
  • If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Apply

Not ready to apply? Join our Talent Community and sign up for job alerts.

< Back to search jobs