Today
Secret
Mid Level Career (5+ yrs experience)
IT - Networking
Dahlgren, VA (On-Site/Office)
Cisco Identity Services Engineer (RDTE)
Location: Dahlgren, VA
Company: TEKsystems
Overview: TEKsystems is seeking a skilled Cisco Identity Services Engineer (ISE) to provide design, engineering, and operational support for ISE systems on both classified and unclassified Research, Development, Test, and Evaluation (RDTE) networks. As a Cisco ISE Administrator, you will be responsible for identifying endpoints and enabling the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches, simplifying identity management across diverse devices and applications.
Responsibilities:
• Configure, implement, and troubleshoot ISE systems.
• Build and analyze ISE rules to comply with client network security policies.
• Create policies for network devices in a mixed environment, including profiling devices, defining Downloadable Access Control Lists (DACLs), and assigning Virtual Local Area Networks (VLANs) to endpoints.
• Implement 802.1x solutions for all “supplicant-enabled” devices using AnyConnect software and Network Access Manager (NAM) profiles with EAP-MSCHAPv2/TLS encryption methods.
• Integrate ISE with wired data, wireless infrastructure, and Virtual Private Network (VPN), as well as posture and client provisioning.
• Configure and implement TACACS+ policies for network device administration.
• Manage firewall and network security systems by establishing and enforcing approved policies.
• Analyze network security requirements and implement perimeter security changes.
• Serve as a subject matter expert in coordinating and troubleshooting with customers, other infrastructure support activities, and business units.
• Develop network documentation of security infrastructure.
• Monitor network performance and implement performance tuning as necessary.
• Install software, apply patches, manage file systems, and monitor performance of ISE systems.
• Perform data backups and restoration of managed systems.
• Assist in the certification and accreditation process for managed systems and networks.
• Install and deploy new ISE hardware and software.
• Review daily logs for managed systems and report on unusual activity.
• Participate in the development and maintenance of Standard Operating Procedures (SOPs) associated with managed systems and applications.
• Collaborate with IT staff on projects and initiatives.
• Provide input for monthly progress and status reports.
Qualifications:
• Ten (10) years of experience in networking, IT, or related fields preferred.
• Bachelor’s degree required.
• ISE certifications: CCNP (SISE) highly desirable.
• Solid experience configuring and troubleshooting routing and switched infrastructure (e.g., CCNA, CCNP Security) and security certifications highly desirable.
• Experience in network security, including device hardening and patching.
• Experience with Cisco AnyConnect or related supplicants.
• Experience with Public Key Infrastructure (PKI) to assist, maintain, and troubleshoot 802.1X EAP-TLS issues.
• Experience with MAC Authentication Bypass (MAB) and 802.1X troubleshooting concepts.
• Knowledge of Cisco AnyConnect Modules (VPN, Posture, NAM).
• Ability to diagnose and resolve complex network problems and improve network performance and reliability.
• Must currently hold a DoD 8570 Information Assurance Technical Level II certification.
Skills and Abilities:
• Strong understanding of ISE functions and operations (e.g., endpoint identification, authentication, authorization).
• Familiarity with researching communication networks.
• Strong troubleshooting and critical thinking skills.
• Attention to detail, good documentation skills, and the ability to write clear, concise project reports.
• Ability to function with minimal instruction or supervision, or as part of a larger team reporting to formal project management.
Desired Skills:
• Experience with Cisco Access Control System (ACS), specifically with “role-based” TACACS+ commands/profiles.
• Knowledge of PxGrid, ThreatGrid, and Security Group Tags (SGTs) for back-end communication between Cisco Firepower and ISE server.
• Familiarity with Cisco Prime, MDM, ASA, DNS/DHCP, Network Load-Balancing, and 802.11a/b/g/n wireless technologies and industry best practices.
• Active Directory knowledge (e.g., Organizational Unit (OU) identification, domain “trusts,” Domain Name System (DNS), identity resolution).
Security Clearance Requirements:
• Must currently hold a security clearance at the Secret level.
Additional Information:
• Applicants may be subject to a pre-employment drug and alcohol screening and/or random drug screen and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements.
• If the position requires, an applicant must pass a pre-employment criminal background history check.
• All post-secondary education listed on the applicant’s resume/application may be subject to verification.
• Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver’s license for this position and will be subject to verification.
• In addition, the applicant must pass an in-house, online driving course to be authorized to drive for company purposes.
Location: Dahlgren, VA
Company: TEKsystems
Overview: TEKsystems is seeking a skilled Cisco Identity Services Engineer (ISE) to provide design, engineering, and operational support for ISE systems on both classified and unclassified Research, Development, Test, and Evaluation (RDTE) networks. As a Cisco ISE Administrator, you will be responsible for identifying endpoints and enabling the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches, simplifying identity management across diverse devices and applications.
Responsibilities:
• Configure, implement, and troubleshoot ISE systems.
• Build and analyze ISE rules to comply with client network security policies.
• Create policies for network devices in a mixed environment, including profiling devices, defining Downloadable Access Control Lists (DACLs), and assigning Virtual Local Area Networks (VLANs) to endpoints.
• Implement 802.1x solutions for all “supplicant-enabled” devices using AnyConnect software and Network Access Manager (NAM) profiles with EAP-MSCHAPv2/TLS encryption methods.
• Integrate ISE with wired data, wireless infrastructure, and Virtual Private Network (VPN), as well as posture and client provisioning.
• Configure and implement TACACS+ policies for network device administration.
• Manage firewall and network security systems by establishing and enforcing approved policies.
• Analyze network security requirements and implement perimeter security changes.
• Serve as a subject matter expert in coordinating and troubleshooting with customers, other infrastructure support activities, and business units.
• Develop network documentation of security infrastructure.
• Monitor network performance and implement performance tuning as necessary.
• Install software, apply patches, manage file systems, and monitor performance of ISE systems.
• Perform data backups and restoration of managed systems.
• Assist in the certification and accreditation process for managed systems and networks.
• Install and deploy new ISE hardware and software.
• Review daily logs for managed systems and report on unusual activity.
• Participate in the development and maintenance of Standard Operating Procedures (SOPs) associated with managed systems and applications.
• Collaborate with IT staff on projects and initiatives.
• Provide input for monthly progress and status reports.
Qualifications:
• Ten (10) years of experience in networking, IT, or related fields preferred.
• Bachelor’s degree required.
• ISE certifications: CCNP (SISE) highly desirable.
• Solid experience configuring and troubleshooting routing and switched infrastructure (e.g., CCNA, CCNP Security) and security certifications highly desirable.
• Experience in network security, including device hardening and patching.
• Experience with Cisco AnyConnect or related supplicants.
• Experience with Public Key Infrastructure (PKI) to assist, maintain, and troubleshoot 802.1X EAP-TLS issues.
• Experience with MAC Authentication Bypass (MAB) and 802.1X troubleshooting concepts.
• Knowledge of Cisco AnyConnect Modules (VPN, Posture, NAM).
• Ability to diagnose and resolve complex network problems and improve network performance and reliability.
• Must currently hold a DoD 8570 Information Assurance Technical Level II certification.
Skills and Abilities:
• Strong understanding of ISE functions and operations (e.g., endpoint identification, authentication, authorization).
• Familiarity with researching communication networks.
• Strong troubleshooting and critical thinking skills.
• Attention to detail, good documentation skills, and the ability to write clear, concise project reports.
• Ability to function with minimal instruction or supervision, or as part of a larger team reporting to formal project management.
Desired Skills:
• Experience with Cisco Access Control System (ACS), specifically with “role-based” TACACS+ commands/profiles.
• Knowledge of PxGrid, ThreatGrid, and Security Group Tags (SGTs) for back-end communication between Cisco Firepower and ISE server.
• Familiarity with Cisco Prime, MDM, ASA, DNS/DHCP, Network Load-Balancing, and 802.11a/b/g/n wireless technologies and industry best practices.
• Active Directory knowledge (e.g., Organizational Unit (OU) identification, domain “trusts,” Domain Name System (DNS), identity resolution).
Security Clearance Requirements:
• Must currently hold a security clearance at the Secret level.
Additional Information:
• Applicants may be subject to a pre-employment drug and alcohol screening and/or random drug screen and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements.
• If the position requires, an applicant must pass a pre-employment criminal background history check.
• All post-secondary education listed on the applicant’s resume/application may be subject to verification.
• Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver’s license for this position and will be subject to verification.
• In addition, the applicant must pass an in-house, online driving course to be authorized to drive for company purposes.
group id: 10105424
Accelerating IT transformation in the public sector
