Suricata Cyber Security Engineer

Designing, deploying, and maintaining Suricata IDS/IPS systems across enterprise networks. Developing, reviewing, and optimizing Suricata YAML configuration files to ensure optimal detection capabilities and minimal false positives. Understanding and managing the interaction between Suricata's YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging. Tuning Suricata for optimal performance with Napatech NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features. Collaborating with security teams to integrate Suricata with SIEM and other security monitoring platforms. Troubleshooting installation and operational issues specific to Suricata on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SELinux policies, and performance tuning. Identifying and mitigating common pitfalls encountered when deploying Suricata in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues. Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes. Staying current with Suricata releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement. Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation Experience integrating Suricata with Splunk, or other SIEM solutions. Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments. Familiarity with common Linux operating systems, including RHEL, Oracle, CentOS. Familiarity with other industry-standard IDS/IPS solutions and related technologies. Ability to be a self-starter, work without considerable direction, and work with a team.

• Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations.

• Proven experience working with Suricata IDS/IPS systems, including hands-on management of its YAML configuration files.

• Strong knowledge of the Suricata configuration structure, syntax, and how it controls detection rules, logging, and output modules.

• Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SELinux configuration, and system optimization.

• Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards.

• Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata.

• Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment.

• Experience with scripting languages (Bash, Python) to automate Suricata configuration and deployment tasks.

• TS/SCI clearance with the ability to obtain a counter-intelligence polygraph.

• Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.

• DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.

• Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date.

Benefits at Recro

• 100% paid medical, dental, and vision
• 401k - 6% matching and 401k profit sharing
• PTO - 120 Hours
• Federal Holidays
• Education and Tuition Reimbursements
• Wellness Benefits
• A lot of cool gear!

Recro, a Certified Small Business, helps federal agencies achieve their goals through IT infrastructure, cybersecurity, DevOps, cloud services, and digital transformation. We prioritize innovation, employee growth, and a collaborative work environment, guided by our core value - to make a difference., Working at Recro * A Great Culture - We are building a culture at Recro where amazing people (like you) can do their best work. If you are ready to grow your career and recro (re-invent) the way our clients operate, you have come to the right place. * A Great Place to Work - Employees are treated like people, not line items. We work smart when we can and hard when we must but we always do it together, as a team. We are a team with tons of passion and enthusiasm to blaze new trails and improve the state of our clients, the broader community, and even the world. * A Great Place to Contribute - We believe diverse perspectives improve each challenge that we face. We trust and enable our amazing people to accomplish amazing feats. At Recro, you will be empowered to deliver your best work. * A Great Place to Grow - We believe in our people and maximizing your potential. At Recro, we continue to look into the future and invest in each other through teamwork, collaboration, and training.