Senior Network Security Engineer – Cisco ISE & Zero Trust Segmentation

About The Position

Requirements

• 5+ years of hands-on experience deploying and operating Cisco Identity Services Engine (ISE).
• Strong expertise in: ISE Policy Sets Profiling and Posture Assessment Guest and BYOD access workflows pxGrid integrations TACACS+ device administration
• Deep understanding of 802.1X and MAB authentication for wired and wireless networks.
• Strong knowledge of supplicant behavior, Change of Authorization (CoA), and EAP methods such as PEAP and EAP-TLS.
• Experience integrating ISE with: Active Directory / Identity Providers PKI and certificate-based authentication Mobile Device Management (MDM) platforms
• Hands-on experience with Cisco TrustSec: SGT classification and propagation SGACL policy design and enforcement
• Experience implementing segmentation across Catalyst switches, Nexus platforms, and wireless controllers.
• Advanced troubleshooting skills using ISE logs, packet captures, session directory, and network device debugging tools.
• Strong knowledge of Layer 2 and Layer 3 networking fundamentals.
• Experience with routing protocols including OSPF and BGP.
• Experience with ACLs, QoS, NAT, Spanning Tree, and wireless networking (WLC / 802.11).
• Familiarity with enterprise network services including NTP, DNS, and DHCP.
• Proven experience supporting enterprise campus and data center network architectures.

Nice To Haves

• Experience designing or supporting Zero Trust Network Access (ZTNA) architectures.
• Strong understanding of identity-driven access control and least-privilege security models.
• Knowledge of north–south vs. east–west traffic patterns in enterprise environments.
• Experience performing threat modeling and lateral movement analysis within segmented networks.
• Experience implementing data center or host-based microsegmentation.
• Experience with large-scale network policy orchestration and automation.
• Cisco certifications such as CCNP Security, CCIE Security, or Cisco ISE Specialist.

Responsibilities

• Design, deploy, and operate Cisco ISE (2.x and 3.x) environments supporting enterprise NAC and identity-based policy enforcement.
• Develop and manage ISE policy sets, profiling policies, posture assessment, and guest/BYOD access workflows.
• Implement and maintain 802.1X and MAB authentication across wired and wireless environments.
• Integrate ISE with Active Directory, PKI infrastructures, certificate-based authentication, and MDM platforms.
• Configure and maintain TACACS+ device administration for network infrastructure access control.
• Support pxGrid integrations to enable identity and context sharing across security platforms.
• Design and implement TrustSec segmentation architectures using Security Group Tags (SGTs) and SGACL policies.
• Enable identity-to-role mapping and enforce segmentation policies across Catalyst switches, Nexus platforms, and wireless controllers.
• Lead the design and implementation of microsegmentation strategies across campus and data center environments.
• Perform advanced troubleshooting using ISE live logs, session directory, packet captures, and switch/WLC debugging tools.
• Collaborate with network and security teams to implement Zero Trust principles, minimizing lateral movement and enforcing least-privilege access.
• Manage network security changes through structured implementation plans, pilot deployments, and staged rollouts.
• Develop testing procedures and rollback strategies to ensure stable production operations.
• Travel to multiple sites within the city of Chicago as needed and work onsite 3–4 days per week to support network deployments and troubleshooting activities.