Cisco ISE Deployment Engineer C2C jobs – Staten Island, NY

 Job Title: Cisco ISE Deployment Engineer – OT Network (Contract)

 Location: Staten Island, NY

 Duration: ~5 Months 

 Engagement: Full-time Contract (40 hours/week)

 Overview

A seasoned Cisco ISE Deployment Engineer to lead the implementation of a greenfield Cisco Identity Services Engine (ISE) cluster within its Operations Technology (OT) network. The role involves deploying a high-availability two-node ISE cluster on Nutanix AHV, integrating with Active Directory and Cisco DNA Center, and enabling AAA services including RADIUS (802.1X/MAB), TACACS+, and pxGrid.

 Key Responsibilities

Phase 1: Advisory & Planning

Collaborate with SIRTOA and MTA IT to map systems by VLAN and location.
Review network and VLAN design, validate Nutanix infrastructure readiness.
Produce High-Level and Low-Level Designs (HLD/LLD), segmentation models, and change plans.
Phase 2: ISE Installation & Cluster Configuration

Deploy two small-node ISE VMs on Nutanix AHV across two data centers.
Configure PAN, MnT, PSN, and pxGrid personas.
Register with Cisco Smart Licensing, install PKI certificates, and validate core services.
Phase 3: AAA Policy Implementation

Develop and test wired access policies using 802.1X-first and MAB fallback.
Configure TACACS+ for device administration and fail-safe access logic.
Validate authentication flows and logging using ISE Live Logs and switch debugs.
Phase 4: Ecosystem Integration & Pilot Rollout

Integrate ISE with Active Directory and Cisco DNA Center.
Enable pxGrid for session telemetry sharing.
Conduct pilot rollout with 15–20 switches in monitor mode and validate failover behavior.
Phase 5: Documentation & Training

Deliver As-Built documentation, SOPs, quick guides, and escalation workflows.
Conduct two recorded training sessions for SIRTOA administrators.
Provide post-deployment support and stabilization assistance.
 Required Skills & Experience

Proven experience deploying Cisco ISE clusters in OT or enterprise environments.
Strong understanding of AAA protocols (RADIUS, TACACS+), pxGrid, and TrustSec.
Familiarity with Nutanix AHV virtualization and Cisco Catalyst/Nexus/IE platforms.
Experience with Active Directory integration and Cisco DNA Center.
Ability to produce technical documentation and deliver training sessions.
Knowledge of TSA cybersecurity mandates and compliance workflows.
 Infrastructure Snapshot

2-node ISE cluster (PAN, MnT, PSN, pxGrid) on Nutanix AHV.
Network includes Catalyst 9606R, Nexus 93180YC-FX, Catalyst 9300, IE5000, IE3400.
Link speeds: 1G–100G across stations, CILs, towers, and data centers.
 Deliverables

HLD/LLD, segmentation model, and change plan.
Operational ISE cluster with validated services and integrations.
AAA policy sets, device-admin controls, and pilot test results.
Final configuration record, runbooks, SOPs, and training materials.