ISE Network Engineer

The primary responsibility for the C2C Network Engineer Subject Matter Expert (SME) position is to plan, design, deploy, and continue to support a mission critical project for the Cisco Identity Services Engine (ISE) and Armis Agentless Device Security platform. Secondary responsibilities include supporting enterprise network infrastructure systems in Route/Switch, Security, and Wireless technologies. Technologies include Cisco, Juniper, Ruckus, Aruba, Palo Alto Firewalls, and Panorama, along with integration with VMWare, Linux, Windows Server, and enterprise storage. The SME will also coordinate cross-functional teams for deployment and support activities.

Location Address: DHHQ, 7700 Arlington Blvd, Falls Church, VA 22042

Work Hours/Shift:
Full-Time, Monday - Friday
Core hours 9:00 a.m. - 3:00 p.m.
Must be adaptive to working hours outside of normal business hours.
You Will Be Responsible for:
Administration

• Participate in planning meetings to recommend cost-effective, scalable, and high-performance network solutions.
• Adhere to change management policies; prepare and represent complex changes during reviews.
• Document administrative and project information for internal use and management.
• Manage incident and service request tickets in accordance with SLT/SLA targets.
• Share technical knowledge across teams to support continuous improvement.
• Pursue development through certifications and training in technical and non-technical areas.
• Serve as project lead or technical resource for enterprise-level engineering initiatives.
• Submit status updates and provide verbal progress reports in team meetings.

Network Administration

• Design, deploy, upgrade, and support enterprise network infrastructure and the Cisco ISE and Armis platforms for both wired and wireless environments.
• Collaborate with cross-functional teams to manage long-term ISE initiatives.
• Support infrastructure architecture, troubleshoot application/system issues, and review performance.
• Perform installation, configuration, and maintenance of network systems.
• Monitor and optimize network systems, document root cause analysis, and provide resolution strategies.
• Work with Enterprise Security Architecture teams to ensure all security initiatives are met.
• Implement and support enterprise network systems in collaboration with engineering leads and architects.

Additional Responsibilities for C2C SME:

The System Administrator (SA) will oversee the security posture of the C2C solution. Responsibilities include:

• Running vulnerability scans and applying Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) using Checklist files (CKLs) on C2C infrastructure.
• Remediating known vulnerabilities based on scan results across C2C servers and application components.
• Supporting risk assessments and annual system reviews for the Authorization to Operate (ATO) process.
• Performing sustainment and troubleshooting tasks across C2C infrastructure to maintain secure and functional systems.
• Managing ISE configuration, compliance enforcement, and policy administration to ensure secure network access.
• Resolving issues affecting the C2C solution and related infrastructure.
• Managing patch implementation by analyzing, testing, and deploying vendor updates and configuration changes.
• Loading and provisioning Public Key Infrastructure (PKI) certificates.
• Assisting with platform and software upgrades, ensuring testing and performance before deployment.

Additional Requirements:

• Must report in person due to classified network requirements.
• Must possess a Department of Defense 8570 Information Assurance Technical (IAT) Level II certification (e.g., Security+ CE).

Qualifications

Experience and Required Skills:

• Subject Matter Expert (SME)-level experience with profiling services to identify and categorize endpoints.
• Expertise in developing and applying posture policies for compliance enforcement.
• Strong troubleshooting capabilities related to profiling, posture assessments, and endpoint compliance.
• In-depth understanding of ISE profiling dictionaries for accurate endpoint classification.
• Ten years of task management experience in Cisco ISE or comparable Network Access Control (NAC) solutions such as Forescout.
• Ten years of hands-on experience with Cisco ISE, Forescout, Brocade/Ruckus, Juniper, and Cisco switches, as well as Active Directory and production firewalls.
• Six years of experience in network authentication protocols including 802.1X, RADIUS, TACACS+, and MACSEC.
• Eight years of experience with Layer 2 configuration and troubleshooting.
• Proven skills in both verbal and written communication.
• Technical writing experience.

Education and Certification

Preferred Education:

• Bachelor of Arts or Bachelor of Science in Computer Science, Information Systems, or related field with five years of experience; or eight years of directly relevant experience.

Preferred Certifications:

• Cisco Certified Network Professional (CCNP) Security, Cisco Certified Internetwork Expert (CCIE) Security, or equivalent.
• 8570 Compliant / CCNP Operating System certification.
• Must be able to obtain a Top Secret (TS) security clearance.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.