Lead Network Security Engineer - IDS/IPS

Description

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

Dragonfli Group is seeking a highly skilled IDS/IPS Security Engineer Lead to support advanced boundary protection services for a large federal agency. This role offers a unique opportunity to take ownership of intrusion detection and prevention systems, contribute to emerging detection methodologies, and lead critical security operations in a dynamic threat environment.

As a senior engineer, you’ll operate and maintain next-generation intrusion systems while actively shaping the evolution toward automated detection, LLM-based analytics, and future-state NDR/XDR solutions. If you thrive in high-impact environments, possess deep technical fluency, and enjoy translating complex threats into resilient protections—this role is for you.

Responsibilities

• Operate, maintain, and deploy IDS and IPS devices. Taking the steps needed to implement the latest automation and/or LLM into detection. 
• Maintain intrusion ruleset, optimizing detection, configure NGFW ACLs, general device configuration and maintenance, troubleshoot the devices when needed.
• Provide operational requirements and recommendations to the Security Architects for service enhancements and system improvements. Start reviewing the possibilities for transforming into a NDR or XDR solution for the Enterprise.
• On-call availability for network impacting or network outage situations outside of business hours 
• Effectively work within a Security team, and support and collaborate with other teams 
• Conduct Intrusion event analysis and support security operation center (SOC) incident response, threat detection teams.
• Develop documentation, e.g., standard operating procedures (SOP), and support audit events 
• Develop reports on systems status and performance.

Requirements

Must-Have

• 9+ years of security or cybersecurity experience
• CISCO Firepower Threat Defense IDS/IPS, FMC 
• Prior job experience maintaining and troubleshooting IDS/IPS devices 
• Experience with Splunk and other SIEM tools. 
• Proficiency with packet analysis/Wireshark 
• Networking – routing and switching, TCP/IP stack, IP subnets, VPN 
• Scripting – python, Perl, JavaScript. 
• Experience with threat analysis, triage, and mitigation   
• Experience with Linux 
• Experience with packet analysis 
• Knowledge of databases 
• Knowledge of networking and network protocols 
• Certification in one or more of the following: Security+ or CISSP

Preferred:

• Bachelor’s or master’s degree, Information Systems, Cybersecurity, or other related fields. Or equivalent work experience.

Skill(S)

• Networking+, CCNA Route Switch or CCNA Security, CCNP Route Switch or CCNP Security
• Experience with threat analysis, triage, and mitigation 
• Tipping Point IDS, ATD, DDI, DDD, SPS, SMS 
• Understanding of NGFW ACLs 
• Experience writing Snort rules 
• Proficiency with Wireshark 
• Experience with Splunk 
• Ability to write clear procedural and technical documentation 
• Experience troubleshooting network problems at layers 1, 2, and 3 

Benefits

• Insurance - health, dental, vision
• PTO & 11 Federal Holidays
• 401(k), employer match

Travel

None