Network ISE Engineer at Santa Clara, CA Urgent Need

• Design, deploy, configure, and maintain Cisco ISE for network access control (NAC) and identity-based policy enforcement.
• Implement 802.1X authentication, MAB (MAC Authentication Bypass), and posture assessment for wired and wireless networks.
• Manage device profiling, guest access portals, BYOD policies, and certificate-based authentication (EAP-TLS/PEAP).
• Integrate ISE with Active Directory, PKI, and other authentication systems.
• Develop and maintain ISE policies, network device groups, and authorization profiles.
• Monitor ISE logs and troubleshoot authentication and authorization issues.
• Perform ISE patching, backup, and system upgrades as part of lifecycle management.

Firewall Responsibilities:

• Configure, manage, and troubleshoot Cisco ASA, Firepower (FTD), Palo Alto, or Fortinet firewalls.
• Create and maintain access control policies (ACLs), NAT, VPNs, and security zones.
• Monitor and analyze firewall logs to detect anomalies or potential security breaches.
• Collaborate with security teams to enforce Zero Trust and micro-segmentation strategies.
• Conduct firewall performance tuning and ensure compliance with security standards.

Good to have

• General Network Security:
• Collaborate with network operations and security teams to ensure consistent policy enforcement across wired, wireless, and VPN environments.
• Participate in incident response, root cause analysis, and remediation for security events.
• Develop and maintain network documentation, diagrams, and standard operating procedures (SOPs)

Required Skills & Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or related field.
• 5+ years of experience in network security engineering.
• Hands-on experience with Cisco ISE (2.x or 3.x) deployment and management.
• Strong understanding of RADIUS, TACACS+, EAP, 802.1X, VLANs, and network access control.
• Experience with Cisco ASA, Firepower, or next-generation firewalls (NGFW).
• Proficiency with Cisco Catalyst switches, wireless controllers, and VPN technologies.
• Familiar with network monitoring tools (SolarWinds, Splunk, Wireshark, etc.).
• Cisco certifications such as CCNP Security, CCIE Security, or Cisco ISE Specialist are highly desirable.

Preferred Qualifications:

• Experience with multi-vendor firewall platforms (Palo Alto, Fortinet, Check Point).
• Understanding of Zero Trust Network Access (ZTNA) and SASE architectures.
• Familiarity with automation and scripting (Python, Ansible) for network configurations.