Suricata Cyber Security Engineer

Suricata Cyber Security Engineer

Location: Reston, VA or Washington, DC

Required Clearance: TS/SCI with the ability to obtain a CI Polygraph

Employment Type: Full-Time Regular

Travel: Minimal

Remote: No Remote

Company Overview
We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver. There is no challenge we can't turn into an opportunity.

Position Description
We are seeking an experienced Suricata Cyber Security Engineer to support enterprise cybersecurity operations within a complex mission environment. This role focuses on the deployment, integration, tuning, and sustainment of Suricata IDS/IPS solutions operating within Red Hat Enterprise Linux environments. The ideal candidate will bring strong experience with Suricata configuration management, enterprise Linux administration, and high-performance packet capture technologies including Napatech network interface cards (NICs).
This position plays a critical role in securing and protecting mission systems through advanced intrusion detection, performance optimization, and enterprise cybersecurity engineering support.

Primary Responsibilities
• Design, deploy, and maintain Suricata IDS/IPS systems across enterprise networks.
• Develop, review, and optimize Suricata YAML configuration files to ensure strong detection capability and minimal false positives.
• Manage and tune the interaction between Suricata configuration, rule loading, protocol decoding, logging, and runtime engine performance.
• Tune Suricata for high-performance packet capture and processing with Napatech NICs, including DMA, RSS queues, interrupt coalescing, and hardware acceleration features.
• Troubleshoot Suricata deployments within Red Hat Enterprise Linux (RHEL) environments, including kernel modules, SELinux policies, package dependencies, and system optimization.
• Collaborate with cybersecurity and operations teams to integrate Suricata with SIEM and enterprise monitoring platforms.
• Identify and mitigate operational challenges in large-scale enterprise deployments, including resource constraints, packet loss, and NIC driver configuration issues.
• Develop automation scripts using Bash or Python to support deployment, tuning, and operational maintenance activities.
• Create and maintain technical documentation, deployment procedures, and operational runbooks.
• Stay current with Suricata releases, enterprise Linux updates, Napatech driver enhancements, and IDS/IPS performance best practices.

Required Qualifications
• Experience supporting and administering Suricata IDS/IPS systems in enterprise environments.
• Strong understanding of Suricata YAML configuration structure, syntax, detection rules, logging, and output modules.
• Experience administering Red Hat Enterprise Linux (RHEL), including yum/dnf package management, kernel module management, SELinux configuration, and system performance tuning.
• Hands-on experience tuning Suricata with Napatech NICs or comparable high-performance network interface cards.
• Familiarity with advanced NIC technologies such as DMA, RSS, interrupt moderation, and offload capabilities.
• Experience troubleshooting Suricata interaction with NIC drivers and Linux kernel modules.
• Experience with scripting and automation using Bash and/or Python.
• Strong understanding of network protocols, intrusion detection methodologies, and enterprise cybersecurity operations.
• Bachelor's degree and 3+ years of experience supporting IT projects and activities. Additional years of experience may be considered in lieu of degree requirements.
• Active DoD 8570 IAT Level II certification such as Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND.
• Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support certification within 30 days of start date.
• Active TS/SCI clearance with the ability to obtain a Counterintelligence Polygraph.

Preferred Qualifications
• Experience integrating Suricata with Splunk or other SIEM platforms.
• Familiarity with containerized Suricata deployments using Docker or Kubernetes.
• Experience supporting enterprise Linux environments including RHEL, Oracle Linux, and CentOS.
• Familiarity with other commercial or open-source IDS/IPS technologies.
• Ability to work independently in fast-paced mission environments while collaborating effectively across technical teams.
• Strong verbal and written communication skills with the ability to coordinate directly with customers and stakeholders.

Pay Range
$120,000-$185,000
The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

EEO Statement
Ennoble First is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

E-Verify Participation
Ennoble First participates in E-Verify.
Learn more at
E-Verify is a registered trademark of the U.S. Department of Homeland Security.

Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.


Ennoble First participates in E-Verify.


The information below will be listed on our website's careers landing page.



EEO is the Law | Pay Transparency Nondiscrimination


E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.