Arkime Engineer
Arena Technical Resources, LLC
Job Title: Arkime Engineer
Location: Washington D.C.
Eligibility: Candidate must possess an active TS/SCI with CI Polygraph
clearance
Job Description:
We are seeking a highly skilled Arkime (formerly Moloch) Implementation
& Sustainment Engineer to design, deploy, operate, and enhance our
enterprise packet-capture and deep network visibility capability. The
ideal candidate combines hands-on Arkime expertise with strong Zero
Trust engineering principles to support threat detection, forensics,
segmentation, and continuous monitoring across a complex, distributed
environment. You will directly improve the organization’s ability to
detect threats early, respond faster, and understand network behavior at
scale—ensuring that identity-driven, least-privilege policies are backed
by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and
deployment to tuning, integrations, sustainment, and long-term
optimization—while partnering with cross-functional security, network,
and platform teams.
Key Responsibilities:
· Architect, deploy, and configure Arkime clusters, capture nodes,
viewer nodes, and storage subsystems.
· Design packet capture strategies aligned to network topology, mission
requirements, and Zero Trust monitoring needs.
· Develop and automate deployment workflows using scripts, orchestration
tools, and configuration management.
· Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to
enrich detection and investigation workflows.
· Conduct regular tuning of parsers, views, tags, and sessions to
support detection engineering and threat hunting.
· Perform version upgrades, patching, configuration changes, data
lifecycle management, and log retention optimization.
· Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry
requirements.
· Support development of visibility baselines, identity-aware policies,
and segmentation enforcement strategies.
· Work with network engineering, cloud engineering, and security
operations to ensure end-to-end telemetry coverage.
· Develop dashboards, queries, workflows, and documentation for SOC,
detection engineers, and incident responders.
· Provide training, playbooks, and technical expertise to internal
engineering and operations teams.
Basic Qualifications:
· 5+ years of experience in cybersecurity, network security engineering,
or security operations.
· Strong background in packet analysis, PCAP management, DPI
technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
· Familiarity with Suricata, Zeek, or other packet/flow analysis
platforms.
· Experience engineering within a Zero Trust Architecture (ZTA),
including segmentation, continuous verification, and identity-centric
access.
· Proficiency with Linux systems administration, containers, and
distributed systems.
· Experience leveraging SIEM/SOAR platforms and integrating packet
telemetry with detection workflows.
· Familiarity with automation tools (Ansible, Terraform, scripts) and
infrastructure-as-code concepts.
· Active TS/SCI clearance; willingness to take a polygraph exam
· Associate’s degree and 5+ years of experience supporting IT projects
and activities, Bachelor’s degree and 3+ years of experience supporting
IT projects and activities, or Master’s degree and 1+ year of experience
supporting IT projects and activities. Years of experience may be
accepted in lieu of degree.
· DoD 8570.01-M Information Assurance Technician (IAT) Level II
Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+,
GICSP, or CND Certification
· Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider -
Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+,
or CND certification within 30 days of start date
Additional Qualifications:
· Hands-on experience implementing and maintaining Arkime/Moloch in
production environments.
· Experience with cloud networking and traffic inspection in
AWS/Azure/GCP.
· Experience with Elastic Stack or similar search/index pipelines.
· Background supporting regulated or high-security environments
(FedRAMP, DoD, IC, PCI, etc.).
· Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
· Strong analytical and problem-solving skills.
· Ability to translate technical findings into clear operational
guidance.
· Comfortable leading discussions with engineers, analysts, architects,
and leadership.
Location: Washington D.C.
Eligibility: Candidate must possess an active TS/SCI with CI Polygraph
clearance
Job Description:
We are seeking a highly skilled Arkime (formerly Moloch) Implementation
& Sustainment Engineer to design, deploy, operate, and enhance our
enterprise packet-capture and deep network visibility capability. The
ideal candidate combines hands-on Arkime expertise with strong Zero
Trust engineering principles to support threat detection, forensics,
segmentation, and continuous monitoring across a complex, distributed
environment. You will directly improve the organization’s ability to
detect threats early, respond faster, and understand network behavior at
scale—ensuring that identity-driven, least-privilege policies are backed
by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and
deployment to tuning, integrations, sustainment, and long-term
optimization—while partnering with cross-functional security, network,
and platform teams.
Key Responsibilities:
· Architect, deploy, and configure Arkime clusters, capture nodes,
viewer nodes, and storage subsystems.
· Design packet capture strategies aligned to network topology, mission
requirements, and Zero Trust monitoring needs.
· Develop and automate deployment workflows using scripts, orchestration
tools, and configuration management.
· Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to
enrich detection and investigation workflows.
· Conduct regular tuning of parsers, views, tags, and sessions to
support detection engineering and threat hunting.
· Perform version upgrades, patching, configuration changes, data
lifecycle management, and log retention optimization.
· Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry
requirements.
· Support development of visibility baselines, identity-aware policies,
and segmentation enforcement strategies.
· Work with network engineering, cloud engineering, and security
operations to ensure end-to-end telemetry coverage.
· Develop dashboards, queries, workflows, and documentation for SOC,
detection engineers, and incident responders.
· Provide training, playbooks, and technical expertise to internal
engineering and operations teams.
Basic Qualifications:
· 5+ years of experience in cybersecurity, network security engineering,
or security operations.
· Strong background in packet analysis, PCAP management, DPI
technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
· Familiarity with Suricata, Zeek, or other packet/flow analysis
platforms.
· Experience engineering within a Zero Trust Architecture (ZTA),
including segmentation, continuous verification, and identity-centric
access.
· Proficiency with Linux systems administration, containers, and
distributed systems.
· Experience leveraging SIEM/SOAR platforms and integrating packet
telemetry with detection workflows.
· Familiarity with automation tools (Ansible, Terraform, scripts) and
infrastructure-as-code concepts.
· Active TS/SCI clearance; willingness to take a polygraph exam
· Associate’s degree and 5+ years of experience supporting IT projects
and activities, Bachelor’s degree and 3+ years of experience supporting
IT projects and activities, or Master’s degree and 1+ year of experience
supporting IT projects and activities. Years of experience may be
accepted in lieu of degree.
· DoD 8570.01-M Information Assurance Technician (IAT) Level II
Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+,
GICSP, or CND Certification
· Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider -
Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+,
or CND certification within 30 days of start date
Additional Qualifications:
· Hands-on experience implementing and maintaining Arkime/Moloch in
production environments.
· Experience with cloud networking and traffic inspection in
AWS/Azure/GCP.
· Experience with Elastic Stack or similar search/index pipelines.
· Background supporting regulated or high-security environments
(FedRAMP, DoD, IC, PCI, etc.).
· Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
· Strong analytical and problem-solving skills.
· Ability to translate technical findings into clear operational
guidance.
· Comfortable leading discussions with engineers, analysts, architects,
and leadership.
Confirm your E-mail: Send Email
All Jobs from Arena Technical Resources, LLC