Network Engineer

Overview:
Join our team as a Network Security Engineer, where your expertise will be crucial in safeguarding enterprise networks. This role focuses on designing, implementing, and maintaining a robust, Zero Trust Architecture-driven network infrastructure, with a special emphasis on advanced Network Access Control (NAC) solutions.

Key Responsibilities:

• Lead the design, deployment, and management of Cisco Identity Services Engine (ISE) to provide secure, scalable authentication and authorization services. Manage all aspects of the ISE environment, including Policy Service Nodes, Monitoring and Troubleshooting Nodes, and the Primary Admin Node.
• Implement and maintain comprehensive NAC solutions supporting 802.1X, MAC Authentication Bypass (MAB), endpoint posture assessment, and profiling to ensure endpoint security compliance.
• Configure and administer guest access, Bring Your Own Device (BYOD) policies, and device profiling within Cisco ISE, ensuring security best practices are followed.
• Conduct routine system updates, patches, and health checks on ISE deployment to maximize stability, including executing node upgrades and troubleshooting complex authentication issues.
• Analyze logs from RADIUS, TACACS+, LDAP, and Active Directory to troubleshoot and resolve authentication and network access issues effectively.
• Enforce strict NAC policies aligned with organizational security standards, supporting device posture validation, certificate-based authentication (TLS/SSL, PKI), and integration with security tools.
• Support traffic analysis using Wireshark, TCPDump, and network monitoring tools to diagnose network anomalies and authentication failures.
• Collaborate with network and security teams to design and implement Zero Trust security models and the principle of least privilege.
• Facilitate seamless integration of Cisco ISE with security infrastructure, including firewalls and next-generation firewall solutions.
• Provide expert support in multi-VRF environments, ensuring NAC enforcement across complex, segmented networks, and troubleshoot LAN/WAN connectivity and performance issues related to NAC.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, or related field with at least 8 years (or equivalent experience).
• Minimum of 5 years' dedicated experience in network security, with at least 3 years hands-on experience managing Cisco ISE and NAC policies.
• Active Secret clearance or higher.
• DoD 8570 IAT Level II certification (e.g., Security+ CE, CCNA Security, SSCP).
• Deep expertise in Cisco ISE architecture, endpoint profiling, posture assessment, and classification.
• Proficiency with 802.1X, MAB, RADIUS, TACACS+, LDAP, and Active Directory integration.
• Hands-on experience with Cisco switch CLI for configuration and troubleshooting.
• Strong understanding of PKI, TLS/SSL, OpenSSL, and certificate-based authentication.

Preferred Skills:

• Familiarity with security appliances such as firewalls and NGFWs.
• Basic scripting skills in Python, Bash, or REST APIs for automation and troubleshooting.
• Proven experience working within cybersecurity frameworks and compliance standards.

Publishing Pay Rate: $62.00 – $69.00 Hourly