Apply on Employer Site

Booz Allen Hamilton · 1 day ago

Arkime Engineer

Colorado Springs, CO

Full-time

Hybrid

Senior Level

$78K/yr - $176K/yr

5+ years exp

Booz Allen Hamilton is a leading consulting firm, and they are seeking an Arkime Engineer to architect and deploy Arkime clusters while integrating them with various security platforms. The role involves developing automation workflows, conducting regular system tuning, and collaborating with engineering teams to enhance cybersecurity measures.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems

Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs

Develop and automate deployment workflows using scripts, orchestration tools, and configuration management

Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows

Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting

Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization

Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements

Support the development of visibility baselines, identity-aware policies, and segmentation enforcement strategies

Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage

Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders

Provide training, playbooks, and technical expertise to internal engineering and operations teams

Qualification

Arkime deploymentZero Trust ArchitecturePacket analysisLinux systems administrationAutomation toolsCloud networkingElastic StackSecurity certificationsAnalytical skillsProblem-solving skillsTechnical communication

Required

5+ years of experience in cybersecurity, network security engineering, or security operations

Experience in packet analysis, PCAP management, DPI technologies, and network protocols such as TCP/IP, DNS, TLS, or HTTP

Experience with packet or flow analysis platforms such as Suricata or Zeek

Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity-centric access

Experience with Linux systems administration, containers, and distributed systems, leveraging SIEM/SOAR platforms, and integrating packet telemetry with detection workflows

Experience with automation tools, such as Ansible, Terraform, and scripts, and infrastructure-as-code concepts

Active TS/SCI clearance; willingness to take a polygraph exam

Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities

Active DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND

Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification within 30 days of start date