Recro Corporation
Arkime Engineer (Cyber Engineer) with Security Clearance
Recro Corporation, Fairfax, Virginia, United States, 22032
Arkime Engineer (Cyber Engineer) with Security Clearance
Recro, a Certified Small Business, helps federal agencies achieve their goals through IT infrastructure, cybersecurity, DevOps, cloud services, and digital transformation. We prioritize innovation, employee growth, and a collaborative work environment, guided by our core value— to make a difference. Currently, Recro is seeking a motivated, career‑oriented Arkime Engineer (Cyber Engineer) to join our team in McLean, VA, JB Andrews, MD, Norfolk, VA, Tampa, FL, Colorado Springs, CO, Reston, VA, and College Park, MD.
Security Clearance:
TS/SCI (Willing to obtain a CI Polygraph)
Responsibilities
Design, deploy, operate, and enhance our enterprise packet‑capture and deep network visibility capability using Arkime (formerly Moloch).
Apply Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a distributed environment.
Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
Design packet‑capture strategies aligned with network topology, mission requirements, and Zero Trust monitoring needs.
Develop and automate deployment workflows with scripts, orchestration tools, and configuration management.
Integrate Arkime with SIEM, SOAR, EDR, and threat‑intel platforms to enrich detection and investigation workflows.
Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
Perform version upgrades, patching, configuration changes, data‑lifecycle management, and log retention optimization.
Align Arkime data capture with Zero Trust Architecture telemetry requirements.
Support the development of visibility baselines, identity‑aware policies, and segmentation enforcement strategies.
Collaborate with network engineering, cloud engineering, and security operations to ensure end‑to‑end telemetry coverage.
Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
Provide training, playbooks, and technical expertise to internal engineering and operations teams.
Required Qualifications
5+ years of experience in cybersecurity, network security engineering, or security operations.
Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity‑centric access.
Proficiency with Linux systems administration, containers, and distributed systems.
Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure‑as‑code concepts.
Active TS/SCI clearance; willingness to take a polygraph exam.
Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of a degree.
DoD 8570.01‑M Information Assurance Technician (IAT) Level II Certification, including Security+, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
Ability to obtain a DoD 8570.01‑M Cybersecurity Service Provider – Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date.
Preferred Qualifications
Hands‑on experience implementing and maintaining Arkime/Moloch in production environments.
Experience with cloud networking and traffic inspection in AWS, Azure, or GCP.
Experience with Elastic Stack or similar search/index pipelines.
Background supporting regulated or high‑security environments (FedRAMP, DoD, IC, PCI, etc.).
Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
Strong analytical and problem‑solving skills.
Ability to translate technical findings into clear operational guidance.
Comfortable leading discussions with engineers, analysts, architects, and leadership.
Benefits
100% paid medical, dental, and vision.
401k with 6% matching and 401k profit sharing.
PTO—120 hours.
Federal holidays.
Education and tuition reimbursements.
Wellness benefits.
A lot of cool gear.
Working at Recro
A great culture where amazing people can do their best work.
Employees are treated like people, not line items—teamwork, passion, and enthusiasm drive us.
We empower our people to achieve their fullest potential and contribute meaningfully.
Continuous investment in growth, training, and collaboration.
#J-18808-Ljbffr
Security Clearance:
TS/SCI (Willing to obtain a CI Polygraph)
Responsibilities
Design, deploy, operate, and enhance our enterprise packet‑capture and deep network visibility capability using Arkime (formerly Moloch).
Apply Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a distributed environment.
Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems.
Design packet‑capture strategies aligned with network topology, mission requirements, and Zero Trust monitoring needs.
Develop and automate deployment workflows with scripts, orchestration tools, and configuration management.
Integrate Arkime with SIEM, SOAR, EDR, and threat‑intel platforms to enrich detection and investigation workflows.
Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting.
Perform version upgrades, patching, configuration changes, data‑lifecycle management, and log retention optimization.
Align Arkime data capture with Zero Trust Architecture telemetry requirements.
Support the development of visibility baselines, identity‑aware policies, and segmentation enforcement strategies.
Collaborate with network engineering, cloud engineering, and security operations to ensure end‑to‑end telemetry coverage.
Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders.
Provide training, playbooks, and technical expertise to internal engineering and operations teams.
Required Qualifications
5+ years of experience in cybersecurity, network security engineering, or security operations.
Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.).
Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.
Experience engineering within a Zero Trust Architecture (ZTA), including segmentation, continuous verification, and identity‑centric access.
Proficiency with Linux systems administration, containers, and distributed systems.
Experience leveraging SIEM/SOAR platforms and integrating packet telemetry with detection workflows.
Familiarity with automation tools (Ansible, Terraform, scripts) and infrastructure‑as‑code concepts.
Active TS/SCI clearance; willingness to take a polygraph exam.
Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of a degree.
DoD 8570.01‑M Information Assurance Technician (IAT) Level II Certification, including Security+, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification.
Ability to obtain a DoD 8570.01‑M Cybersecurity Service Provider – Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date.
Preferred Qualifications
Hands‑on experience implementing and maintaining Arkime/Moloch in production environments.
Experience with cloud networking and traffic inspection in AWS, Azure, or GCP.
Experience with Elastic Stack or similar search/index pipelines.
Background supporting regulated or high‑security environments (FedRAMP, DoD, IC, PCI, etc.).
Security certifications (e.g., CISSP, GCIH, GCIA, GNFA, GCED).
Strong analytical and problem‑solving skills.
Ability to translate technical findings into clear operational guidance.
Comfortable leading discussions with engineers, analysts, architects, and leadership.
Benefits
100% paid medical, dental, and vision.
401k with 6% matching and 401k profit sharing.
PTO—120 hours.
Federal holidays.
Education and tuition reimbursements.
Wellness benefits.
A lot of cool gear.
Working at Recro
A great culture where amazing people can do their best work.
Employees are treated like people, not line items—teamwork, passion, and enthusiasm drive us.
We empower our people to achieve their fullest potential and contribute meaningfully.
Continuous investment in growth, training, and collaboration.
#J-18808-Ljbffr