Job Description
Job Title: Arkime Engineer
Location: Washington D.C.
Eligibility: Candidate must possess an active TS/SCI with CI Polygraph
clearance
Job Description:
We are seeking a highly skilled Arkime (formerly Moloch) Implementation
& Sustainment Engineer to design, deploy, operate, and enhance our
enterprise packet-capture and deep network visibility capability. The
ideal candidate combines hands-on Arkime expertise with strong Zero
Trust engineering principles to support threat detection, forensics,
segmentation, and continuous monitoring across a complex, distributed
environment. You will directly improve the organization’s ability to
detect threats early, respond faster, and understand network behavior at
scale—ensuring that identity-driven, least-privilege policies are backed
by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and
deployment to tuning, integrations, sustainment, and long-term
optimization—while partnering with cross-functional security, network,
and platform teams.
Key Responsibilities:
· Architect, deploy, and configure Arkime clusters, capture nodes,
viewer nodes, and storage subsystems.
· Design packet capture strategies aligned to network topology, mission
requirements, and Zero Trust monitoring needs.
· Develop and automate deployment workflows using scripts, orchestration
tools, and configuration management.
· Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to
enrich detection and investigation workflows.
· Conduct regular tuning of parsers, views, tags, and sessions to
support detection engineering and threat hunting.
· Perform version upgrades, patching, configuration changes, data
lifecycle management, and log retention optimization.
· Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry
requirements.
· Support development of visibility baselines, identity-aware policies,
and segmentation enforcement strategies.
· Work with network engineering, cloud engineering, and security
operations to ensure end-to-end telemetry coverage.
· Develop dashboards, queries, workflows, and documentation for SOC,
detection engineers, and incident responders.
· Provide training, playbooks, and technical expertise to internal
engineering and operations teams.
Basic Qualifications:
· 5+ years of experience in cybersecurity, network security engineering,
or security operations.
· Strong background in packet analysis, PCAP management, DPI
technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
· Familiarity with Suricata, Zeek, or other packet/flow analysis
platforms.
· Experience engineering within a Zero Trust Architecture (ZTA),
including segmentation, continuous verification, and identity-centric
access.
· Proficiency with Linux systems administration, containers, and
distributed systems.
· Experience leveraging SIEM/SOAR platforms and integrating packet
telemetry with detection workflows.
· Familiarity with automation tools (Ansible, Terraform, scripts) and
infrastructure-as-code concepts.
· Active TS/SCI clearance; willingness to take a polygraph exam
· Associate’s degree and 5+ years of experience supporting IT projects
and activities, Bachelor’s degree and 3+ years of experience supporting
IT projects and activities, or Master’s degree and 1+ year of experience
supporting IT projects and activities. Years of experience may be
accepted in lieu of degree.
· DoD 8570.01-M Information Assurance Technician (IAT) Level II
Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+,
GICSP, or CND Certification
· Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider -
Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+,
or CND certification within 30 days of start date
Additional Qualifications:
· Hands-on experience implementing and maintaining Arkime/Moloch in
production environments.
· Experience with cloud networking and traffic inspection in
AWS/Azure/GCP.
· Experience with Elastic Stack or similar search/index pipelines.
· Background supporting regulated or high-security environments
(FedRAMP, DoD, IC, PCI, etc.).
· Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
· Strong analytical and problem-solving skills.
· Ability to translate technical findings into clear operational
guidance.
· Comfortable leading discussions with engineers, analysts, architects,
and leadership.
Apply Now
Back to Results
Location: Washington D.C.
Eligibility: Candidate must possess an active TS/SCI with CI Polygraph
clearance
Job Description:
We are seeking a highly skilled Arkime (formerly Moloch) Implementation
& Sustainment Engineer to design, deploy, operate, and enhance our
enterprise packet-capture and deep network visibility capability. The
ideal candidate combines hands-on Arkime expertise with strong Zero
Trust engineering principles to support threat detection, forensics,
segmentation, and continuous monitoring across a complex, distributed
environment. You will directly improve the organization’s ability to
detect threats early, respond faster, and understand network behavior at
scale—ensuring that identity-driven, least-privilege policies are backed
by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and
deployment to tuning, integrations, sustainment, and long-term
optimization—while partnering with cross-functional security, network,
and platform teams.
Key Responsibilities:
· Architect, deploy, and configure Arkime clusters, capture nodes,
viewer nodes, and storage subsystems.
· Design packet capture strategies aligned to network topology, mission
requirements, and Zero Trust monitoring needs.
· Develop and automate deployment workflows using scripts, orchestration
tools, and configuration management.
· Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to
enrich detection and investigation workflows.
· Conduct regular tuning of parsers, views, tags, and sessions to
support detection engineering and threat hunting.
· Perform version upgrades, patching, configuration changes, data
lifecycle management, and log retention optimization.
· Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry
requirements.
· Support development of visibility baselines, identity-aware policies,
and segmentation enforcement strategies.
· Work with network engineering, cloud engineering, and security
operations to ensure end-to-end telemetry coverage.
· Develop dashboards, queries, workflows, and documentation for SOC,
detection engineers, and incident responders.
· Provide training, playbooks, and technical expertise to internal
engineering and operations teams.
Basic Qualifications:
· 5+ years of experience in cybersecurity, network security engineering,
or security operations.
· Strong background in packet analysis, PCAP management, DPI
technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
· Familiarity with Suricata, Zeek, or other packet/flow analysis
platforms.
· Experience engineering within a Zero Trust Architecture (ZTA),
including segmentation, continuous verification, and identity-centric
access.
· Proficiency with Linux systems administration, containers, and
distributed systems.
· Experience leveraging SIEM/SOAR platforms and integrating packet
telemetry with detection workflows.
· Familiarity with automation tools (Ansible, Terraform, scripts) and
infrastructure-as-code concepts.
· Active TS/SCI clearance; willingness to take a polygraph exam
· Associate’s degree and 5+ years of experience supporting IT projects
and activities, Bachelor’s degree and 3+ years of experience supporting
IT projects and activities, or Master’s degree and 1+ year of experience
supporting IT projects and activities. Years of experience may be
accepted in lieu of degree.
· DoD 8570.01-M Information Assurance Technician (IAT) Level II
Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+,
GICSP, or CND Certification
· Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider -
Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+,
or CND certification within 30 days of start date
Additional Qualifications:
· Hands-on experience implementing and maintaining Arkime/Moloch in
production environments.
· Experience with cloud networking and traffic inspection in
AWS/Azure/GCP.
· Experience with Elastic Stack or similar search/index pipelines.
· Background supporting regulated or high-security environments
(FedRAMP, DoD, IC, PCI, etc.).
· Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
· Strong analytical and problem-solving skills.
· Ability to translate technical findings into clear operational
guidance.
· Comfortable leading discussions with engineers, analysts, architects,
and leadership.
Apply Now
Success!
Your application was successfully sent!
Send Us Your Information
We are always looking for passionate and dedicated people to join our team.
Send us your resume and if a job opens up and we find a good match, we’ll be in touch!
Your Information
We’re sorry, there was some trouble processing your submission. The error code is:
Please ensure all fields have been filled.