BlueAlly Technology Solutions, LLC

Compensation

Full Description

Job Description:  This is a new role for a Senior ISE Engineer in the US to perform remote and project-based consulting with various customers, implementing and supporting Cisco ISE-based networks. Your first project is a full-time position with one of our customers, where you will deploy, integrate, and support a large Cisco ISE environment as part of a new 802.1X and Zero Trust rollout.  Following this engagement, you will continue to participate in other client projects that leverage their expertise in general networking, including routing, switching, wireless, and network security, providing architecture, deployment, and optimization support across BlueAlly’s enterprise customer base.  Travel for this role is minimal, but there will be the need for occasional onsite client visits, typically less than 10%.   In this role, you will:   * Design and deploy Cisco ISE architecture, including Policy Administration Nodes (PAN), Policy Service Nodes (PSN), and Certificate Authority integration. * Configure and test 802.1X wired and wireless authentication on Cisco Catalyst 9200/9300 switches and 9800 Wireless LAN Controllers. * Develop and enforce identity-based access policies and posture assessments aligned with Zero Trust principles. * Integrate ISE with directory services (Active Directory, Azure Entra ID) and third-party platforms such as Palo Alto Firewalls and MDM (Intune). * Conduct discovery, design, and validation workshops with client engineering teams. * Produce High-Level Design (HLD) and As-Built documentation. * Provide knowledge transfer and informal training to clients.   What you need to succeed:  * Experience with deploying ISE instances * Expert level knowledge of 802.1x, RADIUS, EAP-TLS, and related technologies for ISE * In-depth understanding of wired and wireless network access control, posture, and profiling. * Deep understanding of Cisco ISE architecture, optimization, and best practices. * Experience integrating ISE with Palo Alto firewalls or other policy enforcement platforms. * Strong understanding of VLAN design, ACLs, and network segmentation for enterprise networks. * Experience with Layer 2/3 switching and routing fundamentals (Cisco Catalyst platforms preferred). * Familiarity with DNS, DHCP, AAA, and TACACS+ integration. * Working knowledge of firewall and security zone integration (e.g., Palo Alto, Cisco ASA/FTD). * Ability to analyze packet captures and troubleshoot authentication and network connectivity issues end-to-end.   Desirable:   * Strongly prefer experience with the implementation of Cisco-based wired and wireless network infrastructure * Experience with Palo Alto integration via Security Group Tags (SGT) or PxGrid is a plus. * Familiarity with Zero Trust frameworks and enterprise segmentation strategies.