Cybersecurity Sensor Engineer

The Opportunity:

We are looking for a skilled Cyber Security Sensor Engineer to enhance our cybersecurity team. The ideal candidate will have extensive technical knowledge and a comprehensive understanding of cyber security technologies that detect incoming data within enterprise environments. Responsibilities include installing, engineering, and providing Tier III troubleshooting for sensors operating on predominantly Linux-based systems. The role involves deploying, tuning, and maintaining sensors across a complex, multi-network global enterprise environment.

This position emphasizes daily operations, maintenance, troubleshooting, and engineering tasks related to cyber security sensor tools. These include Network Intrusion Detection Systems (IDS), Data Loss Prevention (DLP), threat detection, Deep Session Inspection, and full Packet Capture (PCAP) storage and analysis. While vendor-neutral, the role often involves working with tools from vendors such as Trellix/FireEye, Fidelis Security, Endace, SNORT, Suricata, Corelight, and Vectra AI. The candidate must be capable of supporting security sensor solutions and ensuring their optimal performance within a complex security infrastructure.

Work with us as we secure and protect our nation's most sensitive capabilities.

What You'll Work On:

• Design, deploy, and maintain Linux-based IDS/IPS systems across geographically dispersed, multi-domain enterprise networks.

• Develop, review, and optimize configuration files while collaborating with Security Operations Center analysts to enhance detection accuracy and reduce false positives.

• Manage the interaction between sensor configurations and runtime engines, including rule loading, protocol decoding, and logging processes.

• Work with security teams to integrate sensors with SIEM, SOAR, and other monitoring platforms.

• Keep abreast of updates to sensor operating systems, vendor software, NIC drivers, and community best practices for network interface tuning and IDS/IPS performance improvements, ensuring system effectiveness and security posture.

Join us. The world can't wait.

You Have:

• Experience managing IDS, IPS, PCAP, and NDR systems, including configuration management, OS upgrades, hotfix application, and adherence to STIGs for cybersecurity tools

• Experience in administering Red Hat Enterprise Linux (RHEL) systems, covering package management, such as yum/dnf, kernel module handling, SELinux configuration, and system performance tuning

• Experience optimizing sensors for high-performance packet capture, utilizing advanced network interfaces, such as Napatech NICs, or hardware with direct-memory access capabilities

• Experience managing administrative and user access to appliances, servers, and endpoints using domain accounts, TPAM, LDAP, Kerberos, and Active Directory

• Experience with scripting languages, such as Bash or Python, and automation tools, such as Ansible, to streamline configuration and deployment processes across large-scale systems

• Ability to troubleshoot Linux interactions with NICs, drivers, and kernel modules within enterprise environments

• Active TS/SCI clearance; willingness to take a polygraph exam

• Associate's degree and 5+ years of experience supporting IT projects and activities, or Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities

• DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification

• Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support (CSSP-IS) Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date

Nice If You Have:

• Experience remotely managing sensors, servers, and endpoints via SSH and SCP, using Linux and Windows command-line tools, including PuTTY

• Experience managing large enterprise data storage and RAID arrays in configurations, such as RAID 5/6/10/50/60, and fine-tuning packet capture sensors feeding sensor storage array for optimal throughput

• Experience with SOC operations, such as those performed by a Hunt Analyst, SOC analyst, or advanced threat prevention teams

• Experience with Suricata IDS on Red Hat Enterprise Linux, including troubleshooting installation and operational issues, ensuring compatibility, kernel module management, and SELinux policies

• Experience optimizing Suricata performance with Napatech NICs by configuring DMA, RSS queues, interrupt coalescing, and utilizing NIC-specific acceleration features

• Knowledge of configuration structures, syntax, and their role in controlling detection rules, logging, and output modules

• Knowledge of network protocols, intrusion detection techniques, and security event correlation

• Ability to integrate cybersecurity sensors with SIEM and SOAR platforms, such as Splunk and SolarWinds for enhanced security monitoring

• Ability to be a self-motivated professional, including working independently and collaboratively

• Possession of excellent communication skills to facilitate coordination and customer relations.

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.