Cisco ISE Engineer

Leidos•Fort Meade, MD

2d•$87,100 - $157,450•Onsite

About The Position

We are seeking an expert-level Cisco ISE Subject Matter Expert to support the U.S. Africa Command (AFRICOM) mission. This role serves as the primary technical authority for a large-scale, distributed Cisco ISE deployment. The focus is on securing the DoD enterprise network through advanced Identity and Access Management, Zero Trust architecture, and endpoint compliance. The successful candidate will ensure secure, policy-driven access across a highly classified, globally dispersed infrastructure, serving as the cornerstone for the command's Zero Trust transformation.

Requirements

Must possess an active Top Secret security clearance.
Must meet DoD 8570/8140 IAT Level II baseline certification (e.g., Security+ CE).
Minimum of 5 years of hands-on engineering experience dedicated to Cisco ISE, NAC, and AAA protocols.
Deep understanding of RADIUS, TACACS+, EAP protocols (specifically EAP-TLS and TEAP), and PKI certificate lifecycles.

Nice To Haves

Specific Cisco Certifications such as CCNP Security (specifically the SISE 300-715 exam) or CCIE Security.
Familiarity with the DoD Zero Trust Strategy and related architecture pillars.
Experience with Cisco DNA Center (Catalyst Center) and Software-Defined Access (SDA) integrations.
Scripting experience using Python or REST APIs for automating ISE policy deployments and endpoint management.

Responsibilities

Architect and deploy Zero Trust Network Access (ZTNA) principles using Cisco ISE to strictly enforce least-privilege access across the enterprise network.
Develop and maintain dynamic, context-aware access policies that continuously evaluate user identity, device posture, location, and telemetry before granting or maintaining network access.
Engineer and maintain Cisco TrustSec, Security Group Tags (SGTs), and Security Group Access Control Lists (SGACLs) to contain lateral movement and enforce granular network segmentation.
Ensure all ISE integrations directly support the "Identity" and "Device" pillars of the DoD Zero Trust Reference Architecture.
Design, deploy, and manage multi-node, distributed Cisco ISE deployments including Policy Administration (PAN), Monitoring (MnT), Policy Service (PSN), and pxGrid nodes.
Implement and troubleshoot 802.1X, MAC Authentication Bypass (MAB), and WebAuth across enterprise wired, wireless, and VPN infrastructures.
Manage TACACS+ for centralized network device administration and strict role-based access control (RBAC).
Configure advanced endpoint profiling and deep posture assessments to ensure only compliant DoD devices can connect to mission-critical enclaves.
Integrate ISE with external identity stores (Active Directory, LDAP), Public Key Infrastructure (PKI), Mobile Device Management (MDM), and SIEM platforms.
Perform complex packet-level troubleshooting (RADIUS, EAP-TLS, EAP-TEAP) to resolve authentication failures and ensure continuous AFRICOM mission readiness.