Description
The Security Engineer is responsible for supporting IT verticals and business units in implementing new applications and making network modifications as part of assigned Cisco ISE (Identity Services Engine) projects. This position requires analysis, design and engineering of Cisco ISE network solutions within the architectural framework to meet project needs as well as some development work.
This position requires an engineer that:
Implements and integrates Network Access Control (NAC) / Cisco ISE with wired data, wireless infrastructure, and VPN as well as posturing and client provisioning
Creates detailed network designs that meet the customer requirements (including physical and logical) of complex network systems to meet the functional objectives of the business
Builds and analyzes ISE rules to comply with client network security policies
Writes/engineers ISE rules scripts with associated change documentation to meet project goals and deadlines.
Develop and manage API-based integrations with Cisco ISE, leveraging REST APIs for communication with other systems.
Write code/scripts to automate network access control processes and security policies using APIs (Python, JavaScript, etc.).
Create workflows and automate repetitive tasks like user onboarding, device management, and security policy updates.
Establishes processes to test applications and devices before planned network deployment to quantify their performance and recommend steps to ensure they are optimized
Serves as a technical resource providing guidance and advice to associates on Network Access Control (NAC) / Cisco Identity Services Engine (ISE) for utilizing the full capability of technology in designing effective solutions
Plans and leads ISE projects/assignments, ensuring their timely and successful completion
Makes recommendations regarding improvements to the network operations, project planning, and project implementation
Supports in the authoring and maintenance of ISE related documentation, including that for standards, processes, network security, topology, and inventory, to ensure high quality service on an ongoing basis
Demonstrates a spirit of teamwork and personal responsibility to promote the sharing of knowledge and expedite the accomplishment of assigned tasks
Implements any ISE changes during appropriate change windows (typically after hours)
Participates in on-call support rotation for Network Access Control (NAC) / ISE, to maximize network availability (after hours)
Qualified candidates will possess:
5+ years of experience as a Cisco ISE Engineer creating design documentation, building ISE rules, implementing ISE solutions across a variety of environments, and be a subject matter expert on the ISE application.
B.S. Computer Science, Cybersecurity, Technology Information Systems (CIA/MIS), Electrical Engineering or equivalent experience.
Demonstrated experience providing ISE policy management and control platforms for wired, wireless, and VPN users.
Proficiency in developing API calls, scripting, and coding using Python, JavaScript, or similar languages.
Strong understanding of RESTful APIs and web services.
Knowledge of network security protocols (RADIUS, TACACS+,802.1x).
Ability to analyze complex problems associated with the ISE platform and implement solutions and/or workarounds to comply with network security policies.
Excellent communications, interpersonal, and problem-solving skills with a track record as a problem solver & an effective team player is essential
Flexible person with the ability to manage stressful situations and adapt to changing environments.
Act as the liaison between IT verticals, vendors, the business, and the network team.
Consult with technical peers and leadership on the deployment of applications within the network.
Be the escalation point for resolution of Cisco ISE integration issues.
Proactively recommend courses of action to maintain cost effectiveness and competitiveness.
Excellent oral and written communication skills with the ability to lead both technical and non-technical discussions.
Proven ability to build and facilitate relationships at all levels of the organization, both internally and externally.
Attention to detail as well as ability to prioritize workload and efficiently complete tasks with minimal supervision.
Any experience with Meraki wireless infrastructure including the associated cloud controllers, access points, and portal would be an advantage.