Job Description
Key Responsibilities Architecture & Design Define the target architecture and patterns for multinode, multisite Cisco ISE deployments (PAN/MnT/PSN personas; HA/DR; scale & performance modeling). Design policy frameworks (AuthZ/AuthC), Policy Sets, Authorization Profiles, Security Group Tags (SGT/SGACL), downloadable ACLs, and TrustSec/Scalable Group integrations across LAN/WLAN/VPN. Architect device onboarding (BYOD/Corp/IoT/OT), posture assessment (AnyConnect/SS), and certificatebased access (EAPTLS) with enterprise PKI and certificate lifecycle management. Define network device requirements (NAD standards) for switches, controllers, and firewalls; guide templates for EX/Access/Campus cores, WLCs, and VPN headend. Build & Implementation Lead greenfield and brownfield ISE builds, upgrades, and migrations (e.g., multiversion upgrades, hardware/VM migration, policy refactoring, and phased site rollouts). Implement ISE integration patterns: AD/LDAP/IDP (SAML), MDM/UEM, SIEM/SOAR, endpoint posture, PKI/CA, DHCP/DNS, and ticketing/CMDB. Establish sourcecontrolled configuration baselines (Git), infraascode where applicable (templates, APIs), and automated pre/postchange validation. Operations & Troubleshooting Serve as Tier4 escalation for complex auth failures (802.1X/MAB/EAP-TLS/PEAP), posture exceptions, guest/contractor access, and profiling anomalies. Lead root cause analysis (RCA) and drive problem management across NAC, identity, wireless, and switching domains. Tune performance and scale (session concurrency, profiling probes, pxGrid services) and optimize PSN placement, load balancing, and redundancy. Governance, Security & Transformation Align ISE controls with Zero Trust, segmentation, and compliance requirements (e.g., ISO 27001, PCI, SOX as relevant). Define guardrails, runbooks, and golden configs for enterprise rollout; enable L2/L3 teams through training and playbooks. Partner with stakeholders to deliver a multiyear NAC transformation roadmap (capability maturity, deprecations, telemetry, and metrics). Requirements Required Qualifications 812+ years in Network/Security; 5+ years dedicated to Cisco ISE architecture and operations at enterprise scale. Expert in ISE personas (PAN/MnT/PSN), Policy Sets, AuthC/AuthZ, profiling, pxGrid, Guest/BYOD, posture, SCEP/EST/PKI. Strong command of 802.1X/EAP, MAB, RADIUS/TACACS+, CoA, SGT/SGACL/TrustSec, dACL, NAD configuration standards (Catalyst/Aruba/Juniper). Proven experience with WLAN (Cisco/Mist/Aruba) integrations (WLCs, SSIDs, 802.1X, fastsecure roaming, QoS, segmentation). Handson troubleshooting across ISE and NADs using logs, debugs, and packet captures (SPAN/ERSPAN, Wireshark), and methodical RCA. Scripting/automation familiarity (Python/REST APIs), version control (Git), and CI/CDstyle change validation. Excellent stakeholder communication; ability to translate security policy into enforceable network controls. Cisco certifications (CCNP Security, CCIE Security preferred), or equivalent field experience. Experience with zero trust programs and micro/macrosegmentation (SGT/SGACL, firewall policy orchestration). Integration experience with MDM/UEM (Intune, JAMF), EDR, IDP (Okta, AAD), and SIEM/SOAR platforms. Exposure to SDWAN (Viptela, Meraki), wireless (Cisco/Aruba/Mist), and firewalls (Palo Alto/Fortinet/F5 APM) for endtoend designs. Background in compliance frameworks and audit readiness (policy evidence, attestation, logging).
5+ years
Required Skills & Experience: • Strong hands-on experience with Microsoft Active Directory (installation, multi-forest/domain management, GPO, DNS/DHCP, Trust, AD replication). • In-depth knowledge of Microsoft Entra ID (Azure AD), especially password protection features and custom banned password lists. • Experiences in monitoring, analytics tools like SCOM, Zabbix, Splunk, Azure log analytics, ELK etc. • Advanced PowerShell scripting skills for automation and reporting. • Experience with regulatory compliance projects (e.g., HKMA C-RAF, SOX, GDPR) is a plus. • Excellent analytical, troubleshooting, and communication skills. • 10-15 years of IT experience, with at least 5 years in AD/Entra ID environments. Preferred Certifications: • Microsoft Certified for AD and Entra ID. Education level: Degree or equivalent in engineering/ IT field
5+ years
Required Skills & Experience: • Strong hands-on experience with Microsoft Active Directory (installation, multi-forest/domain management, GPO, DNS/DHCP, Trust, AD replication). • In-depth knowledge of Microsoft Entra ID (Azure AD), especially password protection features and custom banned password lists. • Experiences in monitoring, analytics tools like SCOM, Zabbix, Splunk, Azure log analytics, ELK etc. • Advanced PowerShell scripting skills for automation and reporting. • Experience with regulatory compliance projects (e.g., HKMA C-RAF, SOX, GDPR) is a plus. • Excellent analytical, troubleshooting, and communication skills. • 10-15 years of IT experience, with at least 5 years in AD/Entra ID environments. Preferred Certifications: • Microsoft Certified for AD and Entra ID. Education level: Degree or equivalent in engineering/ IT field
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application