Network ISE Engineer-L2 to work onsite 5 Days onsite

Office location- Santa Clara, CA 95054, United States

•             Design, deploy, configure, and maintain Cisco ISE for network access control (NAC) and identity-based policy enforcement.

•             Implement 802.1X authentication, MAB (MAC Authentication Bypass), and posture assessment for wired and wireless networks.

•             Manage device profiling, guest access portals, BYOD policies, and certificate-based authentication (EAP-TLS/PEAP).

•             Integrate ISE with Active Directory, PKI, and other authentication systems.

•             Develop and maintain ISE policies, network device groups, and authorization profiles.

•             Monitor ISE logs and troubleshoot authentication and authorization issues.

•             Perform ISE patching, backup, and system upgrades as part of lifecycle management.

Firewall Responsibilities:

•             Configure, manage, and troubleshoot Cisco ASA, Firepower (FTD), Palo Alto, or Fortinet firewalls.

•             Create and maintain access control policies (ACLs), NAT, VPNs, and security zones.

•             Monitor and analyze firewall logs to detect anomalies or potential security breaches.

•             Collaborate with security teams to enforce Zero Trust and micro-segmentation strategies.

•             Conduct firewall performance tuning and ensure compliance with security standards.

Good to have

General Network Security:

•             Collaborate with network operations and security teams to ensure consistent policy enforcement across wired, wireless, and VPN environments.

•             Participate in incident response, root cause analysis, and remediation for security events.

•             Develop and maintain network documentation, diagrams, and standard operating procedures (SOPs).

Required Skills & Qualifications:

•             Bachelor’s degree in Computer Science, Information Technology, or related field.

•             5+ years of experience in network security engineering.

•             Hands-on experience with Cisco ISE (2.x or 3.x) deployment and management.

•             Strong understanding of RADIUS, TACACS+, EAP, 802.1X, VLANs, and network access control.

•             Experience with Cisco ASA, Firepower, or next-generation firewalls (NGFW).

•             Proficiency with Cisco Catalyst switches, wireless controllers, and VPN technologies.

•             Familiar with network monitoring tools (SolarWinds, Splunk, Wireshark, etc.).

•             Cisco certifications such as CCNP Security, CCIE Security, or Cisco ISE Specialist are highly desirable.

Preferred Qualifications:

•             Experience with multi-vendor firewall platforms (Palo Alto, Fortinet, Check Point).

•             Understanding of Zero Trust Network Access (ZTNA) and SASE architectures.

•             Familiarity with automation and scripting (Python, Ansible) for network configurations.