One of our clients in Oil & Gas industry is seeking a highly skilled Cisco Network Security Engineer with medium to advanced expertise in Cisco Identity Services Engine (ISE). The ideal candidate will play a pivotal role in designing, deploying, and maintaining network access control solutions using Cisco ISE to ensure the security and compliance of our enterprise network. This position requires a strong understanding of network security concepts, hands-on experience with Cisco ISE, and the ability to integrate ISE with various network infrastructure components.
Title: Cisco Network Security Engineer
Location: Houston, TX – Onsite (5 days a week)
Industry: Oil & Gas
Duration: Long Term Contract
W2 Only. No C2C / No Visa Sponsorship
No Relocation
Key Responsibilities:
- Cisco ISE Design and Implementation:
- Design and configure Cisco ISE policies for secure network access and device management.
- Develop posture assessment policies for endpoint compliance checks.
- Policy Management and Troubleshooting:
- Create and manage authentication and authorization rules for diverse user groups and device types.
- Troubleshoot issues related to user authentication, endpoint compliance, and network access.
- Integration and Support:
- Integrate Cisco ISE with Active Directory.
- Ensure seamless communication between Cisco ISE and other network security tools.
- Provide ongoing support for ISE deployments, including system upgrades and performance tuning.
- Monitoring and Reporting:
- Monitor network access logs and ISE system health using built-in tools and third-party monitoring solutions.
- Generate compliance reports for audits and security reviews.
- Collaboration and Training:
- Work with cross-functional teams to align network security policies with business objectives.
- Train IT staff on Cisco ISE administration and best practices.
Expected Knowledge Areas:
- Identity management, profiling, and guest access.
- Network access device integration (e.g., switches, wireless controllers).
- Authentication and Authorization Protocols:
- Knowledge of 802.1X, EAP (PEAP, EAP-TLS), and RADIUS.
- Configuration of certificate-based authentication and PKI integration.
- Endpoint Profiling and Compliance:
- Device profiling using ISE probes (e.g., DHCP, HTTP, RADIUS).
- Integration with antivirus and endpoint management systems (e.g., SCCM).
- Network Access Control (NAC):
- Configuring VLANs, access control lists (ACLs), and segmentation policies.
- Dynamic VLAN assignment based on user roles.
- ISE cluster management, including primary/secondary node configuration.
- Backup, restoration, and software upgrades of Cisco ISE.
- Zero Trust principles and network segmentation.
- Compliance with frameworks such as GDPR, HIPAA, or PCI-DSS.
Qualifications:
- 3+ years of hands-on experience with Cisco ISE in enterprise environments.
- Strong understanding of network infrastructure, including LAN/WAN, switches, and firewalls.
- Relevant certifications such as CCNP Security, Cisco ISE Specialist, or equivalent are highly desirable.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document.
