IDS/IPS Implementation & Management Expert

Job Description

Project Summary:

We are seeking an expert in Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to perform a complete implementation and configuration project. This is a critical initiative to significantly enhance our network's ability to detect, analyze, and prevent malicious activities, thereby improving our overall security posture.

The Business Imperative & Our Security Challenges:

Our current security setup is not sufficient to proactively defend against modern, sophisticated cyber threats. We are facing several critical challenges that must be addressed:

• Lack of Proactive Detection: Our network lacks a dedicated IDS/IPS solution, leaving us with a significant blind spot for detecting malicious network traffic and unauthorized activity.
• Insufficient Threat Visibility: We have limited visibility into potential threats and attack vectors, making it difficult to perform effective threat hunting and incident response.
• Manual & Reactive Response: Our current security processes are reactive and heavily reliant on manual analysis, which is inefficient and delays our ability to respond to security incidents.

Required Expertise & Technical Skills:

We require a specialist with deep, hands-on experience and a strategic mindset. The ideal candidate must possess:

• Core IDS/IPS Platforms: Proven expertise with both open-source (e.g., Snort, Suricata) and commercial IDS/IPS technologies.
• Network & Security Protocols: A deep understanding of network protocols, common attack vectors, and the ability to interpret and analyze network traffic at a packet level.
• Rule Writing & Customization: Extensive experience in writing and fine-tuning custom rules for Snort/Suricata to detect threats specific to our environment.
• SIEM Integration: The ability to seamlessly integrate IDS/IPS alerts and logs with our existing SIEM (Security Information and Event Management) system for centralized monitoring and analysis.
• Incident Response & Threat Analysis: Proven experience in analyzing security incidents, performing root cause analysis, and providing clear, actionable recommendations.

Scope of Work & Key Deliverables:

The project will involve a full-scale implementation and fine-tuning plan, culminating in a fully operational and optimized IDS/IPS system. Key deliverables include:

• A comprehensive assessment of our network to determine the optimal placement of IDS/IPS sensors.
• A complete installation and configuration of the selected IDS/IPS solution.
• Development and fine-tuning of custom rules tailored to our business environment.
• Seamless integration with our existing SIEM for centralized logging and alerting.
• Documentation of the IDS/IPS architecture, rules, and operational procedures.

Support & Post-Project Expectations:

Beyond the project's completion, we expect a final knowledge transfer session with our internal team. This session should cover the new configurations, rule management, and best practices for monitoring and responding to alerts. We also require a commitment to providing 1-2 weeks of post-project email support to address any unforeseen issues or questions that arise from the implementation.