-
Summary
We are seeking a highly skilled Arkime (formerly Moloch) Implementation & Sustainment Engineer to design, deploy, operate, and enhance our enterprise packet-capture and deep network visibility capability. The ideal candidate combines hands-on Arkime expertise with strong Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a complex, distributed environment. You will directly improve the organization's ability to detect threats early, respond faster, and understand network behavior at scale—ensuring that identity-driven, least-privilege policies are backed by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and deployment to tuning, integrations, sustainment, and long-term optimization—while partnering with cross-functional security, network, and platform teams. Key Responsibilities:
Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs.
Develop and automate deployment workflows using scripts, orchestration tools, and configuration management.
Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows.
Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization.
Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements.
Support development of visibility baselines, identity-aware policies, and segmentation enforcement strategies.
Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage.
Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
Provide training, playbooks, and technical expertise to internal engineering and operations teams. Basic Qualifications:
5+ years of experience in cybersecurity, network security engineering, or security operations.
Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity-centric access.
Proficiency with Linux systems administration, containers, and distributed systems.
Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure-as-code concepts.
Active TS/SCI clearance; willingness to take a polygraph exam
Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date -
Job Description
We are seeking a highly skilled Arkime (formerly Moloch) Implementation & Sustainment Engineer to design, deploy, operate, and enhance our enterprise packet-capture and deep network visibility capability. The ideal candidate combines hands-on Arkime expertise with strong Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a complex, distributed environment. You will directly improve the organization's ability to detect threats early, respond faster, and understand network behavior at scale—ensuring that identity-driven, least-privilege policies are backed by deep telemetry and forensic depth
This role will drive full lifecycle engineering—from architecture and deployment to tuning, integrations, sustainment, and long-term optimization—while partnering with cross-functional security, network, and platform teams. Key Responsibilities:
Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs.
Develop and automate deployment workflows using scripts, orchestration tools, and configuration management.
Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows.
Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization.
Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements.
Support development of visibility baselines, identity-aware policies, and segmentation enforcement strategies.
Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage.
Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
Provide training, playbooks, and technical expertise to internal engineering and operations teams. Basic Qualifications:
5+ years of experience in cybersecurity, network security engineering, or security operations.
Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity-centric access.
Proficiency with Linux systems administration, containers, and distributed systems.
Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure-as-code concepts.
Active TS/SCI clearance; willingness to take a polygraph exam
Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date -
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-