Posted today
Top Secret/SCI
$130,000 - $155,000
CI Polygraph
IT - Security
Reston, VA (On-Site/Office)
*Active TS/SCI clearance and willingness to sit for CI Poly needed for consideration*
Zachary Piper Solutions seeks a Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands-on engineering and O&M experience with Suricata and/or other network-based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. This is a fully onsite position that can be executed out of Washington DC (JBAB), Reston, VA, or Annapolis Junction, MD.
Responsibilities:
Qualifications:
Compensation:
This job posting opens on 12/12/2025 and will remain open for at least 30 days from the posting date
#LI-CB1
Keywords: windows, Security+, secret clearance, active secret clearance, active directory, CompTIA, troubleshooting, monitoring, end user support, red hat, linux, shell, scripting, CLI, VMware, ansible, top secret, intelligence community, intel, TS/SCI, information technology, infrastructure, hardware, redhat satellite, automation, deployment, perl, system admin, system administrator, systems administrator, senior system administrator, senior systems administrator, systems engineer, administrator, windows, active directory, client, LDAP, CI Poly, counterintelligence, Fidelis, Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, CND, Windows, UNIX, Linux, Host-based Security System, Endpoint Security Suite (ESS), Splunk, Cribl, network security tools, intrusion detection systems, IDS, snort, suricata, corelight, intrustion prevention systems, IPS
Zachary Piper Solutions seeks a Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands-on engineering and O&M experience with Suricata and/or other network-based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. This is a fully onsite position that can be executed out of Washington DC (JBAB), Reston, VA, or Annapolis Junction, MD.
Responsibilities:
- Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks.
- Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives.
- Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging.
- Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features.
- Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms.
- Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning.
- Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues.
- Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes.
- Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement.
Qualifications:
- Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree
- Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files.
- Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules.
- Extensive experience administering Red Hat Enterprise Linux (RHEL) systems
- Active DoD 8570.01-M Certification (Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND)
- Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider (CSSP) - Infrastructure Support (IS) certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND prior to start date.
- Active TS/SCI Clearance with CI Poly
Compensation:
- $130,000 - $155,000 *based on experience*
- Health, Dental, Vision,
- 401K, PTO, Paid Holidays, Sick Leave if Required by Law
This job posting opens on 12/12/2025 and will remain open for at least 30 days from the posting date
#LI-CB1
Keywords: windows, Security+, secret clearance, active secret clearance, active directory, CompTIA, troubleshooting, monitoring, end user support, red hat, linux, shell, scripting, CLI, VMware, ansible, top secret, intelligence community, intel, TS/SCI, information technology, infrastructure, hardware, redhat satellite, automation, deployment, perl, system admin, system administrator, systems administrator, senior system administrator, senior systems administrator, systems engineer, administrator, windows, active directory, client, LDAP, CI Poly, counterintelligence, Fidelis, Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, CND, Windows, UNIX, Linux, Host-based Security System, Endpoint Security Suite (ESS), Splunk, Cribl, network security tools, intrusion detection systems, IDS, snort, suricata, corelight, intrustion prevention systems, IPS
group id: 10430981
