Network security engineer (zeek/suricata/elastic- ot/network focus)

Role OverviewWe are looking for a Network Security Engineer with experience in deploying and managing open-source network security platforms.

The role involves setting up visibility sensors, handling network traffic capture, and building log pipelines that integrate into SIEM environments.

The ideal candidate has worked with packet capture tools, IDS/IPS, and log management frameworks in production or lab setups.Key ResponsibilitiesDeploy and configure open-source network security monitoring tools (e.g., Security Onion, Zeek, Suricata, Bro).Configure and maintain IDS/IPS signatures and tune for industrial/enterprise network traffic.Build and manage log pipelines using tools such as Filebeat, Logstash, or similar agents.Normalize and enrich security telemetry for use in downstream SIEMs (Elastic, Open Search, Wazuh, Splunk, etc.).Collaborate with SIEM engineers to ensure alerts and dashboards are functional and reliable.Support PCAP-based testing and validation for visibility and detection use cases.Required Skills & ExperienceHands-on experience with open-source security monitoring platforms (Zeek, Suricata, Security Onion, or equivalent).Strong understanding of network protocols (ICS/OT protocol exposure is a must).Familiarity with log collection and enrichment tools (Logstash, Filebeat, or similar).Knowledge of SIEM concepts (rules, decoders, correlation).Linux administration and basic scripting skills.Ability to troubleshoot packet capture and log ingestion issues.Nice to HaveExperience with Elastic Stack or Open Search.Exposure to industrial networks (ICS/OT).Familiarity with MITRE ATT& CK or other threat detection frameworks.