We are seeking a Cisco Identity Services Engine (ISE) Engineer to join our Comply to Connect (C2C) team in supporting and maintaining enterprise-level network access control (NAC) solutions. This role requires hands-on experience with Cisco ISE, network authentication protocols, security policy enforcement, and compliance with DoD cybersecurity frameworks. The ideal candidate will collaborate with a team of engineers to maintain, troubleshoot, and optimize Cisco ISE infrastructure while ensuring compliance with security standards such as DISA STIGs, NIST 800-53, and IAVM policies.

This is a technical, hands-on role requiring expertise in Cisco ISE configuration, policy management, troubleshooting, and NAC security integration within a large-scale enterprise environment.

Responsibilities

Cisco ISE Administration & NAC Support

• Assist in configuring, maintaining, and optimizing Cisco ISE for authentication, authorization, and accounting (AAA).
• Support 802.1X, MAB (MAC Authentication Bypass), posture assessment, and profiling for endpoint security.
• Troubleshoot authentication failures, endpoint misclassifications, and network access issues.
• Administer and maintain ISE Policy Service Nodes (PSNs), Monitoring and Troubleshooting Nodes (MnTs), and PAN (Primary Admin Node).
• Configure and troubleshoot Cisco ISE Guest Access, BYOD policies, and device profiling.
• Perform routine ISE system updates, patches, and health checks to ensure system stability.
• Monitor and analyze RADIUS, TACACS+, LDAP, and Active Directory authentication logs for security compliance and performance issues.

Network Security & Compliance Support

• Ensure NAC enforcement aligns with DoD Comply to Connect (C2C) policies and DISA STIGs.
• Support device posture validation, TrustSec, dynamic ACL (dACL) provisioning, VLAN assignments, and security group tagging (SGT).
• Work alongside network and security teams to enforce Zero Trust security models and least privilege access principles.
• Assist in implementing certificate-based authentication (TLS/SSL, OpenSSL operations, and PKI infrastructure).
• Conduct traffic analysis using Wireshark, TCPDump, and SolarWinds to identify authentication issues and network anomalies.

Firewall & Infrastructure Integration

• Support the integration of Cisco ISE with Cisco Firepower, ASR/ISR/CSR/ASA firewalls, and Palo Alto NGFWs.
• Assist in troubleshooting NAC-related network performance issues affecting LAN/WAN connectivity.
• Provide support for multi-VRF environments, ensuring proper NAC enforcement in complex network topologies.

Preferred

• Bachelor’s degree in Computer Science, Information Systems, Information Technology, or a related field.
• 5+ years of experience in network security, NAC, or related fields in lieu of a degree.
• 3+ years of hands-on experience in Cisco ISE administration, NAC policy management, and network authentication security.
• Experience with 802.1X, MAB, RADIUS, TACACS+, and LDAP integration.
• Strong understanding of Cisco ISE architecture, profiling policies, posture assessment, and endpoint classification.
• Hands-on experience troubleshooting authentication failures, network access issues, and ISE system health.
• Familiarity with Cisco Firepower, ASR/ISR/CSR/ASA firewalls, and Palo Alto NGFWs.
• Knowledge of certificate-based authentication (PKI, TLS/SSL, OpenSSL, and certificate management).
• Experience working within DoD cybersecurity compliance frameworks (DISA STIGs, NIST 800-53, IAVMs).
• Basic scripting knowledge (Python, Bash, or REST APIs) for automation and troubleshooting is a plus.
• Must be able to obtain and maintain a Top Secret (TS) security clearance.
• Preferred Certifications:
  • Cisco Certified Specialist – ISE
  • Cisco Certified Network Associate (CCNA) – Security or Enterprise
  • Cisco Certified Network Professional (CCNP) – Security or Enterprise
  • CompTIA Security+, CISSP, or equivalent

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.