Job Description

Milestone is seeking a Senior Cisco Identity Services Engine (ISE) Network Engineer to drive the day-to-day operations, maintenance, and continuous improvement of a client’s Cisco ISE infrastructure.

This role will focus on ensuring secure, policy-based access control across wired, wireless, and VPN endpoints in a highly distributed enterprise network.

LOCAL CANDIDATES ONLY, PLEASE. This is a 12-month contract that is on-site in Santa Clara, CA.

W2 only - $60.00 an hour - NO C2C please.

The ideal candidate will have hands-on experience with Cisco ISE in production environments, advanced troubleshooting capabilities, and a comprehensive understanding of NAC, RADIUS/TACACS+, posture, profiling, and endpoint compliance integrations.

Key Responsibilities:

• Cisco ISE Operations & Maintenance
• Perform regular operational health checks and system diagnostics for multi-node ISE deployments (PAN, MnT, PSNs).
• Apply system updates, cumulative patches, and hotfixes per Cisco’s recommended practices.
• Conduct backups, restore testing, and disaster recovery validation.
• Authentication & Authorization
• Configure and manage 802.1X, MAB, and authentication methods.
• Design and implement downloadable ACLs (dACLs), VLAN assignment, and dynamic policy enforcement.
• Develop and maintain device profiling policies using SNMP, DHCP, and NMAP probes.
• Integration & Automation
• Integrate ISE with external identity sources (Active Directory, LDAP, SAML IdPs).
• Connect ISE to third-party tools
• Automate policy deployment and configuration using REST APIs, Python scripting, or Ansible playbooks.
• Visibility & Compliance
• Configure posture assessments using Cisco AnyConnect modules and HostScan packages.
• Create robust guest access workflows (sponsored and self-service) and BYOD onboarding using MyDevices portal.
• Monitor logs and alarms via ISE logging system, MnT, and external SIEM platforms.
• Infrastructure Design & Optimization
• Provide design input for scalable, highly available ISE topologies across data centers.
• Analyze network traffic flow, policy hits/misses, and system utilization for performance tuning.
• Coordinate with wireless and switching teams to ensure consistent policy enforcement across platforms.
• Documentation & Knowledge Sharing
• Maintain detailed configuration guides, topology diagrams, change control records, and knowledge base articles.
• Mentor junior engineers and serve as escalation point for complex access control issues.

Qualifications:

Required: Preferred:

• 5+ years of experience with Cisco ISE (including versions 3.x and above), HA clustering and distributed deployment models.
• Deep understanding of AAA protocols (RADIUS, TACACS+), EAP types, and Cisco TrustSec architecture.
• Hands-on experience with Cisco Catalyst and Nexus switches, WLCs, and wireless APs in ISE-integrated environments.
• Familiarity with certificate management, including PKI integration, SCEP, and certificate-based auth.
• Strong command of ISE’s policy sets, authentication/authorization rules, and profiling mechanisms.
• Cisco CCNP certification.
• Experience with pxGrid, ERS APIs, and integrations with Cisco DNA Center, AMP for Endpoints, and SecureX.
• Proficiency in Linux CLI and familiarity with ISE CLI-level administration (e.g., troubleshooting logs, interface configs).
• Working knowledge of segmentation technologies (VLAN, SGT, VRF) and micro/macro segmentation strategies.
• Experience with large enterprise deployments (10,000+ endpoints).

Job Tags

Similar Jobs