Network Security Engineer Senior

About The Position

Requirements

• Bachelor's degree in computer science, information systems or a related field with 8+ years (or commensurate experience).
• 5+ years of dedicated experience in network security, NAC or related roles.
• A minimum of 3+ years of direct, hands-on experience in Cisco ISE administration, NAC policy management and network authentication security.
• Clearance Required: Must be cleared up to an active Secret clearance.
• Current DoD 8570 IAT Level II certification (e.g., Security+ CE, CCNA Security, SSCP)
• Deep expertise in Cisco ISE architecture, profiling, posture assessment and endpoint classification
• Proficient with 802.1X, MAB, RADIUS, TACACS+, LDAP and Microsoft Active Directory integration
• Hands-on experience with Cisco Switch CLI for configuration and troubleshooting
• Strong understanding of certificate-based authentication (PKI, TLS/SSL, OpenSSL)
• Proven experience working within DoD cybersecurity compliance frameworks (e.g., DISA STIGs, NIST 800-53, IAVMs).

Nice To Haves

• Basic scripting knowledge (Python, Bash, or REST APIs) for automation and troubleshooting is a significant plus.
• Familiarity with Cisco Firepower, ASA firewalls, and Palo Alto NGFWs.

Responsibilities

• Configure, maintain, and optimize Cisco Identity Services Engine (ISE) for robust authentication, authorization and accounting (AAA)
• Administer and maintain the full ISE deployment, including Policy Service Nodes (PSNs), Monitoring and Troubleshooting Nodes (MnTs) and the Primary Admin Node (PAN)
• Implement and support 802.1X, MAB (MAC Authentication Bypass), posture assessment and advanced profiling for comprehensive endpoint security
• Configure and manage Cisco ISE Guest Access, BYOD policies, and endpoint device profiling.
• Perform routine ISE system updates, patches, and health checks to ensure optimal system stability and performance, including executing the node upgrade process
• Monitor and analyze RADIUS, TACACS+, LDAP, and Active Directory authentication logs to ensure security compliance and troubleshoot performance issues
• Expertly troubleshoot complex authentication failures, endpoint misclassifications, and network access issues
• Ensure all Network Access Control (NAC) enforcement strictly aligns with DoD Comply to Connect (C2C) policies and DISA STIGs
• Implement and support device posture validation, MSFT Defender, Tanium, dynamic ACL (dACL) provisioning, dynamic VLAN assignments and Security Group Tagging (SGT)
• Collaborate with network and security teams to design and enforce Zero Trust security models and the principle of least privilege access
• Assist in implementing and troubleshooting certificate-based authentication (TLS/SSL, OpenSSL operations and PKI infrastructure)
• Conduct deep-dive traffic analysis using tools like Wireshark, TCPDump and SolarWinds to diagnose authentication issues and identify network anomalies
• Support the seamless integration of Cisco ISE with security and network platforms, including Cisco Firepower, ASR/ISR/CSR/ASA firewalls, VERSA and Palo Alto NGFWs
• Assist in troubleshooting NAC-related network performance issues that affect LAN/WAN connectivity
• Provide expert support for multi-VRF environments, ensuring proper NAC enforcement across complex and segmented network topologies

Benefits

• Employee Assistance Program (EAP)
• Corporate Discounts
• Learning & Development platform, to include certification preparation content
• Training, Education and Certification Assistance
• Referral Bonus Program
• Internal Mobility Program
• Pet Insurance
• Flexible Work Environment