Senior Network Security Engineer - Cisco ISE & Zero Trust Segmentation

We are seeking a Senior Network Security Engineer with deep expertise in Cisco Identity Services Engine (ISE) and identity-driven network segmentation to support and enhance a modern enterprise security architecture. This role will focus on designing, implementing, and operating network access control (NAC) and TrustSec-based segmentation across wired, wireless, and data center environments.

The ideal candidate will have extensive hands-on experience deploying and managing Cisco ISE platforms and will play a key role in advancing Zero Trust Network Access (ZTNA) strategies. This position requires strong technical depth across authentication protocols, identity-based policy enforcement, and enterprise networking fundamentals. This position requires regular onsite presence at client locations within the Chicago metropolitan area (3-4 days per week). Candidates must currently reside within commuting distance of Chicago and be able to attend onsite meetings, deployments, and troubleshooting activities on short notice.

**** Applicants who are not currently located in the Chicago area will not be considered. ****

Key Responsibilities

• Design, deploy, and operate Cisco ISE (2.x and 3.x) environments supporting enterprise NAC and identity-based policy enforcement.
• Develop and manage ISE policy sets, profiling policies, posture assessment, and guest/BYOD access workflows.
• Implement and maintain 802.1X and MAB authentication across wired and wireless environments.
• Integrate ISE with Active Directory, PKI infrastructures, certificate-based authentication, and MDM platforms.
• Configure and maintain TACACS+ device administration for network infrastructure access control.
• Support pxGrid integrations to enable identity and context sharing across security platforms.
• Design and implement TrustSec segmentation architectures using Security Group Tags (SGTs) and SGACL policies.
• Enable identity-to-role mapping and enforce segmentation policies across Catalyst switches, Nexus platforms, and wireless controllers.
• Lead the design and implementation of microsegmentation strategies across campus and data center environments.
• Perform advanced troubleshooting using ISE live logs, session directory, packet captures, and switch/WLC debugging tools.
• Collaborate with network and security teams to implement Zero Trust principles, minimizing lateral movement and enforcing least-privilege access.
• Manage network security changes through structured implementation plans, pilot deployments, and staged rollouts.
• Develop testing procedures and rollback strategies to ensure stable production operations.
• Travel to multiple sites within the city of Chicago as needed and work onsite 3-4 days per week to support network deployments and troubleshooting activities.

Mandatory Skills

• 5+ years of hands-on experience deploying and operating Cisco Identity Services Engine (ISE).
• Strong expertise in:
  
  • ISE Policy Sets
  • Profiling and Posture Assessment
  • Guest and BYOD access workflows
  • pxGrid integrations
  • TACACS+ device administration
• Deep understanding of 802.1X and MAB authentication for wired and wireless networks.
• Strong knowledge of supplicant behavior, Change of Authorization (CoA), and EAP methods such as PEAP and EAP-TLS.
• Experience integrating ISE with:
  
  • Active Directory / Identity Providers
  • PKI and certificate-based authentication
  • Mobile Device Management (MDM) platforms
• Hands-on experience with Cisco TrustSec:
  
  • SGT classification and propagation
  • SGACL policy design and enforcement
• Experience implementing segmentation across Catalyst switches, Nexus platforms, and wireless controllers.
• Advanced troubleshooting skills using ISE logs, packet captures, session directory, and network device debugging tools.
• Strong knowledge of Layer 2 and Layer 3 networking fundamentals.
• Experience with routing protocols including OSPF and BGP.
• Experience with ACLs, QoS, NAT, Spanning Tree, and wireless networking (WLC / 802.11).
• Familiarity with enterprise network services including NTP, DNS, and DHCP.
• Proven experience supporting enterprise campus and data center network architectures.

Desirable Skills

• Experience designing or supporting Zero Trust Network Access (ZTNA) architectures.
• Strong understanding of identity-driven access control and least-privilege security models.
• Knowledge of north-south vs. east-west traffic patterns in enterprise environments.
• Experience performing threat modeling and lateral movement analysis within segmented networks.
• Experience implementing data center or host-based microsegmentation.
• Experience with large-scale network policy orchestration and automation.
• Cisco certifications such as CCNP Security, CCIE Security, or Cisco ISE Specialist.

Additional Requirements
• Candidates must currently reside in the Chicago metropolitan area.
• Identity will be verified during the interview process.
• Candidates should expect live technical interviews and onsite verification meetings as part of the hiring process.
• This role cannot be performed fully remotely.

Compensation

$90-$100 per hour (1099/W2)

Department Technology Locations Chicago