Arkime Engineer (TS/SCI CI Poly)

This role requires someone working onsite in DC/Reston/Quantic/College Park. A TS/SCI CI Poly is required.

We are seeking a highly skilled Arkime (formerly Moloch) Implementation & Sustainment Engineer to design, deploy, operate, and enhance our enterprise packet-capture and deep network visibility capability. The ideal candidate combines hands-on Arkime expertise with strong Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a complex, distributed environment. You will directly improve the organization’s ability to detect threats early, respond faster, and understand network behavior at scale—ensuring that identity-driven, least-privilege policies are backed by deep telemetry and forensic depth

This role will drive full lifecycle engineering—from architecture and deployment to tuning, integrations, sustainment, and long-term optimization—while partnering with cross-functional security, network, and platform teams.

Key Responsibilities:

• Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
• Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs.
• Develop and automate deployment workflows using scripts, orchestration tools, and configuration management.
• Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows.
• Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
• Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization.
• Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements.
• Support development of visibility baselines, identity-aware policies, and segmentation enforcement strategies.
• Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage.
• Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
• Provide training, playbooks, and technical expertise to internal engineering and operations teams.

Basic Qualifications:

• 5+ years of experience in cybersecurity, network security engineering, or security operations.
• Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
• Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
• Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity-centric access.
• Proficiency with Linux systems administration, containers, and distributed systems.
• Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
• Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure-as-code concepts.
• Active TS/SCI clearance; willingness to take a polygraph exam
• Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor’s degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. 
• DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
• Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date

Additional Qualifications:

• Hands-on experience implementing and maintaining Arkime/Moloch in production environments.
• Experience with cloud networking and traffic inspection in AWS/Azure/GCP.
• Experience with Elastic Stack or similar search/index pipelines.
• Background supporting regulated or high-security environments (FedRAMP, DoD, IC, PCI, etc.).
• Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
• Strong analytical and problem-solving skills.
• Ability to translate technical findings into clear operational guidance.
• Comfortable leading discussions with engineers, analysts, architects, and leadership.