Arkime Engineer - Active TS/SCI with CI Poly

Job Description

Job Description

We are seeking a highly skilled Arkime (formerly Moloch) Implementation & Sustainment Engineer to design, deploy, operate, and enhance our enterprise packet-capture and deep network visibility capability. The ideal candidate combines hands-on Arkime expertise with strong Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a complex, distributed environment. You will directly improve the organization’s ability to detect threats early, respond faster, and understand network behavior at scale—ensuring that identity-driven, least-privilege policies are backed by deep telemetry and forensic depth

This role will drive full lifecycle engineering—from architecture and deployment to tuning, integrations, sustainment, and long-term optimization—while partnering with cross-functional security, network, and platform teams.

Key Responsibilities:

• Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
• Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs.
• Develop and automate deployment workflows using scripts, orchestration tools, and configuration management.
• Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows.
• Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
• Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization.
• Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements.
• Support development of visibility baselines, identity-aware policies, and segmentation enforcement strategies.
• Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage.
• Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
• Provide training, playbooks, and technical expertise to internal engineering and operations teams.

Requirements

• 5+ years of experience in cybersecurity, network security engineering, or security operations.
• Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
• Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
• Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity-centric access.
• Proficiency with Linux systems administration, containers, and distributed systems.
• Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
• Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure-as-code concepts.
• Active TS/SCI clearance; willingness to take a polygraph exam
• Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor’s degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree.
• DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification
• Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date

Additional Qualifications:

• Hands-on experience implementing and maintaining Arkime/Moloch in production environments.
• Experience with cloud networking and traffic inspection in AWS/Azure/GCP.
• Experience with Elastic Stack or similar search/index pipelines.
• Background supporting regulated or high-security environments (FedRAMP, DoD, IC, PCI, etc.).
• Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
• Strong analytical and problem-solving skills.
• Ability to translate technical findings into clear operational guidance.
• Comfortable leading discussions with engineers, analysts, architects, and leadership.

Benefits

Essential Network Security (ENS) Solutions, LLC is a service-disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results. Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to our clients.

Why ENS?

• Free Platinum-Level Medical/Dental/Vision coverage, 100% paid for by ENS
• 401k Contribution from Day 1
• PTO + 11 Paid Federal Holidays
• Long & Short Term Disability Insurance
• Group Term Life Insurance
• Tuition, Certification & Professional Development Assistance
• Workers’ Compensation
• Relocation Assistance