We are commissioning a production-ready, lightweight Network Anomaly Detection System designed for environments that do not operate a full Security Operations Center (SOC) but still require early detection of abnormal or malicious network behavior. This system is intended for small and mid-size enterprise networks, MSP-managed customer environments, and isolated or segmented enterprise network zones. The objective is to deploy a resource-efficient, low-maintenance monitoring solution that continuously observes network traffic, establishes a behavioral baseline, and detects early indicators of compromise such as network scanning activity, lateral movement attempts, or abnormal and previously unseen connection patterns before they escalate into security incidents. This is not a proof of concept or an academic exercise; the deliverable must be fully operational, auditable, maintainable, and suitable for real-world deployment. The system must be capable of learning normal network behavior automatically without manual tuning, continuously profiling hosts, ports, protocols, and traffic volumes, and adapting during an initial learning period. Detection logic may be rule-based, model-based, or hybrid, but must remain explainable and reliable. Every detected event must generate a local system log entry, an email notification, and a clear visual indication in a lightweight web or GUI dashboard. Alerts must be understandable and actionable by non-SOC administrators. The solution must operate efficiently on modest hardware such as a small virtual machine or a Raspberry Pi-class device, with low CPU and memory usage, and the same codebase must be deployable across all target environments with only minor configuration changes. Technology selection is flexible, but all components must remain open, auditable, easy to maintain, and free of unnecessary dependencies. Acceptable approaches may include Suricata and/or Zeek, Python or Go services, and lightweight machine-learning techniques such as scikit-learn or equivalent. Deliverables include complete source code or reproducible build artifacts, a clear installation and deployment guide suitable for a junior administrator, and a quick-start operational playbook demonstrating how baseline learning is verified, how to trigger a test scan or anomaly, and how to confirm alerts via logs, email, and dashboard. Acceptance testing will include deployment in a lab environment, replay of PCAP traffic, verification that the defined behaviors are detected, confirmation of low false-positive rates, and validation of alert delivery across all channels. Due to compliance with United States export control, financial, and data protection regulations, we are only considering candidates based in countries aligned with U.S. regulatory frameworks. This includes, but is not limited to, countries not subject to U.S. economic or trade sanctions, candidates able to meet U.S.-aligned financial and identity verification requirements, and candidates capable of complying with U.S.-based data protection and privacy standards. Applicants must confirm they are eligible to work under these conditions in order to be considered. This project is intentionally posted below its full market value, estimated at $20,000 USD, and is published in the $5,000–$10,000 USD range to enable faster selection, attract experienced engineers seeking long-term collaboration, and leave room for follow-on phases and extended engagements. Candidates proposing shortcut solutions, black-box tools, or SOC-scale architectures will not be considered..