Leidos Corporate Information Security (CIS) Group has an immediate opening for an experienced and motivated Senior Network Intrusion Detection Engineer to join our Development Security Engineering Team (DevSecEng). In this role, you will work with Security Engineers and Analysts in the organization to design and deploy Internally-Developed IDS solutions running on COTS hardware. You will focus primarily on the proper configuration and deployment of IDS software, signature-set development, system performance management, and the development of key system integrations.
If selected for this role, you will have the opportunity to work with a team of skilled developers pushing the envelope, expanding Leidos' detection capabilities beyond that of traditional IDS Solutions. This position can be supported from one of our following locations: Orlando - FL, Reston - VA, or Gaithersburg - MD.
- Design, Build and Deploy Network Intrusion Detection Security (IDS) solutions using a combination of open source and internally developed software.
- Optimize the performance of IDS sensors to maximize packet capture and packet processing.
- Compile IDS Signatures from various sources into a single signature set for implementation on IDS Sensors.
- Create custom IDS signatures as needed to support incident response processes and to improve overall detection capabilities.
- Analyze deployed signatures for false positives and perform remediation.
- Work with Incident Responders and Analysts to tune out extraneous IDS alerting and metadata to improve detection reliability.
- Develop and Document IDS Maintenance Processes and Procedures for use by Operations Staff.
- Perform Linux System Administration tasks as needed to support development activities.
- Bachelor's degree and minimum 12 years of experience in Information Security. Additional years of relevant experience may be considered in lieu of Bachelor's degree.
- Prior experience must include 3 - 5 years of experience designing and implementing Network IDS solutions based on at least one open source tool (Snort, Suricata, Bro).
- Good understanding of IDS configuration and tuning on at least one tool (Snort, Suricata, Bro).
- Strong Understanding of TCP/IP and Network Security Concepts.
- Ability to write IDS signatures on at least one open source IDS tool (Snort, Suricata, Bro).
- Ability to perform PCAP analysis for IDS Signature Development.
- Good understanding of Regular Expressions.
- Linux System Administration Experience.
- US citizenship is required and able to obtain security clearance.
- Experience with high-speed packet capture 10 Gbps or greater.
- Experience with one or more of the following: Linux Performance Tuning, IDS / SIEM Integration, Linux Configuration Management tools like Ansible, Puppet, or Chef.
- Familiarity with DevOps processes and CI/CD.
- Familiarity with SDLC and Agile development processes.
- GIAC GCIA Certification is a plus.