Network Security Engineer (Cisco ISE/NAC | Network Access Control)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 3–5 years of cybersecurity experience with a strong focus on NAC and identity-based access control; 3+ years hands-on with Cisco ISE or similar NAC solutions (e.g., FortiNAC, Aruba ClearPass)
• Strong knowledge of 802.1X (EAP-TLS, PEAP, TEAP), certificate-based authentication, and integrations with AD, LDAP, PKI, and RADIUS/TACACS+
• 3+ years of hands-on experience with Cisco ASA/FTD firewalls (NGFW, VPN, NAT) or equivalent experience with third-party firewalls (Palo Alto, Fortinet, Check Point)
• Solid understanding of networking fundamentals: TCP/IP, DNS, DHCP, VLANs, trunking, and routing/switching
• Experience with Cisco Catalyst/Nexus switches for NAC enforcement (802.1X, MAB)
• Willingness to travel across the U.S. to support deployments
• Candidates must be U.S. citizens.

Nice To Haves

• CCNP Security or equivalent certification (ISE/NAC specialization preferred)
• CISSP, GIAC, or other security certifications a plus
• Experience with TrustSec/SGT/SXP, DUO MFA/ZTNA integration, Cisco Umbrella, and Cisco XDR
• Familiarity with SASE/Zero Trust architectures and security automation (Python, Ansible, APIs)
• Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, NIST)
• Prior consulting or professional services experience preferred

Responsibilities

• Design, deploy, and configure Cisco ISE for 802.1X wired/wireless, MAB, and CWA; manage policy sets, authentication/authorization, profiling, posture, and guest workflows end-to-end
• Integrate ISE with Active Directory, LDAP, PKI/CA, and MFA; manage distributed ISE deployments (PAN, PSN, MnT) with HA and scalability; deploy RADIUS/TACACS+ for network device administration
• Configure endpoint compliance/posture modules (AV, patch, OS); manage guest, sponsor portals, and BYOD onboarding; support TrustSec (SGT/SXP) segmentation
• Troubleshoot RADIUS failures, authentication timeouts, profiling inconsistencies, and policy mismatches with root cause analysis
• Design, implement, and configure Cisco FTD and ASA firewalls, including HA setups and scalable architectures
• Manage and optimize access control rules, NAT, security zones, and NGFW features IPS/IDS, URL filtering, Malware Policy, SSL decryption, and VPN (SSL/IPSec)
• Troubleshoot firewall and VPN connectivity issues including NAT, routing, SSL/IPSec VPN failures, and policy-related problems
• Collaborate with architects, senior engineers, and project managers to ensure accurate, timely solution delivery, while actively participating in project discussions to understand requirements, scope, and deployment sequencing
• Take end-to-end ownership of assigned tasks, including escalation, root cause analysis (RCA), and issue resolution
• Create and maintain comprehensive documentation including ISE policy matrices, network access diagrams, RADIUS/TACACS inventories, and operational runbooks
• Document firewall rules, VPN inventories, NAT tables, and change records for audit and compliance purposes
• Stay current on Cisco ISE releases, NAC trends, Zero Trust Network Access (ZTNA), and SASE architectures, applying new learnings to delivery work

Benefits

• Benefits