Cisco Identity Services Engineer – Ise

Cisco Identity Services Engineer – Ise

Requirements

• Ten (10) years of experience in networking, IT, or other related fields preferred
• Bachelors Degree degree required
• ISE certifications: CCNP (SISE) highly desirable
• Solid experience configuring and troubleshooting routing and switched infrastructure (e.g. CCNA, CCNP Security) and security certifications highly desirable
• Experience in network security including: Device Hardening and patching
• Experience with Cisco AnyConnect or related supplicants
• Experience with Public Key Infrastructure (PKI) to assist, maintain and troubleshoot 802.1X EAP-TLS issues
• Experience with MAC Authentication Bypass (MAB) and 802.1X troubleshooting concepts
• Knowledge of Cisco AnyConnect Modules – (VPN, Posture, NAM)
• Diagnose and resolve complex network problems and improve network performance and reliability
• Must currently hold a DoD 8570 Information Assurance Technical Level II certifications
• Position requires a strong understanding of ISE functions and operations (e.g. endpoint identification, authentication, authorization)
• Familiarity with researching communication networks
• Must have strong troubleshooting and critical thinking skills
• Strong attention to detail, good documentation skills, ability to write clear, concise project reports
• Ability to function with minimal instruction or supervision, or as a part of larger team reporting to formal project management

Responsibilities

• Configure, implement, and troubleshoot ISE
• Build and analyze ISE rules to comply with client network security policies
• Create policies for unseen network devices in a mixed environment, to include profiling devices, defining Downloadable Access Control Lists (DACL’s), and assigning Virtual Local Area Network (VLAN) to endpoints
• Implement 802.1x solutions to all “supplicant-enabled” devices via AnyConnect software and Network Access Manager (NAM) profiles using EAP-MSCHAPv2/TLS encryption methods
• Integrate with wired data, wireless infrastructure, and Virtual Private Network (VPN), as well as posture and client provisioning
• Configure and implement TACACS+ policies for network device administration
• Manage firewall and network security systems by establishing and enforcing approved policies
• Analyze network security requirements and implement perimeter security changes
• Serve as a subject matter expert in coordinating and troubleshooting with customers, other infrastructure support activities and business units
• Develop network documentation of security infrastructure
• Monitor network performance and implement performance tuning as necessary
• Responsible for installing software, applying patches, managing file systems, and monitoring performance of ISE systems
• Performs data backups and restoration of managed systems
• Assist in the certification and accreditation process for managed systems and networks
• Install and deploy of new ISE hardware and software
• Review daily logs for managed systems and report on unusual activity
• Participate in the development and maintenance of Standard Operating Procedures (SOPs) associated with managed systems and applications
• Collaborate with IT staff on projects and initiatives
• Provide input for a monthly progress and status report

Preferred Qualifications

• Cisco Access Control System (ACS), specifically with “role-based” TACACS+ commands/profiles
• PxGrid, ThreatGrid and Security Group Tags(SGT’s) for back-end communication between Cisco Firepower and ISE server
• Cisco Prime, MDM, ASA, DNS/DHCP, Network Load-Balancing, and 802.11a/b/g/n Wireless technologies and industry best practices
• Active Directory knowledge(e.g. Organizational Unit(OU) identification, domain “trusts”, Domain Name System(DNS), identity resolution)