Suricata Engineer
| Company | True Zero Technologies |
|---|---|
| Location | Las Vegas, NV, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- Active Top Secret Clearance (SCI eligibility strongly preferred)
- 5+ years of cybersecurity engineering or network security experience
- Hands-on expertise in deploying and tuning Suricata IDS/IPS
- Strong understanding of packet analysis, network protocols, and threat detection methodologies
- Experience working with Linux systems, system hardening, and automation tools (e.g., Ansible, Terraform)
- Proficiency in scripting (e.g., Python, Bash) for automation and data parsing
- Experience integrating Suricata with SIEM platforms (Splunk, Elastic, Graylog, etc.)
Responsibilities
- Design and deploy Suricata IDS/IPS in high-performance, secure network environments
- Tune and maintain custom rule sets (ET Open, ET Pro, custom rules)
- Integrate Suricata output with SIEMs (e.g., Splunk, Elastic) and Cribl Stream for log routing and transformation
- Optimize performance of Suricata on high-throughput networks, including hardware offloading and multithreading
- Collaborate with SOC analysts, incident responders, and threat intel teams to provide actionable network visibility
- Support structured detection mapping to frameworks like MITRE ATT&CK and integrate detection into analytics pipelines
- Ensure systems comply with DoD and IC standards (e.g., STIGs, RMF)
- Provide guidance and mentorship to junior engineers and analysts
Preferred Qualifications
- Experience with Cribl Stream or Edge for data pipeline management
- Exposure to Corelight, Zeek, or other network security tools
- Familiarity with cloud-based deployments (AWS, Azure)
- Understanding of Zero Trust architecture and NIST 800-207
- Certifications: GIAC GCIA, GSEC, Cribl Certified Admin, or similar