Posted today
Secret
Mid Level Career (5+ yrs experience)
Unspecified
Occasional travel
Engineering - Systems
Remote/Hybrid•Alexandria, VA (Off-Site/Hybrid)•Kearneysville, WV (Off-Site/Hybrid)
Description
CyKor is a fast-growing Service-Disabled Veteran Owned business providing full-service IT solutions to both federal and commercial clients. We attribute our continued growth to our core values, our professional team, and the valuable relationships with our clients. Our small and growing team fosters an environment in which each team member is respected, valued, and appreciated for their contributions.
Role Overview:
We are seeking a Cisco Identity Services Engine (ISE) Subject Matter Expert (SME) to support the design, development, testing, and deployment of Comply-to-Connect (C2C) identity and authorization solutions for DHS networks. This Architect will help design and develop an end-to-end C2C framework that aligns with DoD Zero Trust principles and security compliance requirements.
Key Responsibilities:
· Lead architecture and design of Cisco ISE 3.x solutions (multi-node personas, PSN scaling, redundancy, PKI integration, backup/DR).
· Map ISE capabilities (802.1X/EAP-TLS, MAB, profiling, posture, SGT/TrustSec, pxGrid, TACACS+) to DoD C2C controls and Zero Trust policies.
· Design and document high-level (HLD) and low-level (LLD) architectures, test plans, cutover/runbooks, and operational documentation.
· Work jointly with another Architect to ensure consistent design standards and interoperability across USCG network segments.
· Support configuration, testing, and deployment of ISE-based NAC solutions across campus, data center, and wireless infrastructures.
· Integrate ISE with adjacent tools and platforms, including:
o SIEMs (Splunk/Elastic)
o Next-Generation Firewalls
o Endpoint Protection/EDR, MDM/UEM (Intune, JAMF)
o Vulnerability Management (Tenable/ACAS)
o ITSM platforms
· Support RMF/ATO documentation (SSP inputs, POA&Ms, control traceability).
· Act as the technical SME and primary liaison for DHS stakeholders, security teams, and third-party vendors.
· Participate in joint architecture reviews and cross-domain integration testing with DHS engineering teams.
Requirements
Active DoD Secret Clearance (or higher)
IAT Level III certification such as CCIE Security, CCNP Security, or Cisco ISE Specialist / DoD 8570/8140: Security+ CE, CISSP, or CASP+
7+ years of ISE design and deployment experience in DoD environments
Proven experience implementing DoD C2C solutions, including endpoint identification, compliance enforcement, and automated remediation workflows
Technical Skills:
802.1X/EAP-TLS, supplicant configuration (Windows/macOS/Linux), MAB fallback, guest/BYOD posture and profiling
TrustSec/SGT design
pxGrid, ERS/REST APIs, Python automation
Enterprise PKI (DoD PKI/CAC, AD CS, SCEP/EST)
Core routing/switching, TACACS+, wireless integration
Familiarity with DISA STIGs, RMF, ACAS/Tenable, and audit documentation
Scripting experience (Python, REST APIs), version control (Git), and Infrastructure-as-Code familiarity
CyKor, LLC is an equal opportunity employer and values diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status, and will not be discriminated against on the basis of disability.
CyKor is a fast-growing Service-Disabled Veteran Owned business providing full-service IT solutions to both federal and commercial clients. We attribute our continued growth to our core values, our professional team, and the valuable relationships with our clients. Our small and growing team fosters an environment in which each team member is respected, valued, and appreciated for their contributions.
Role Overview:
We are seeking a Cisco Identity Services Engine (ISE) Subject Matter Expert (SME) to support the design, development, testing, and deployment of Comply-to-Connect (C2C) identity and authorization solutions for DHS networks. This Architect will help design and develop an end-to-end C2C framework that aligns with DoD Zero Trust principles and security compliance requirements.
Key Responsibilities:
· Lead architecture and design of Cisco ISE 3.x solutions (multi-node personas, PSN scaling, redundancy, PKI integration, backup/DR).
· Map ISE capabilities (802.1X/EAP-TLS, MAB, profiling, posture, SGT/TrustSec, pxGrid, TACACS+) to DoD C2C controls and Zero Trust policies.
· Design and document high-level (HLD) and low-level (LLD) architectures, test plans, cutover/runbooks, and operational documentation.
· Work jointly with another Architect to ensure consistent design standards and interoperability across USCG network segments.
· Support configuration, testing, and deployment of ISE-based NAC solutions across campus, data center, and wireless infrastructures.
· Integrate ISE with adjacent tools and platforms, including:
o SIEMs (Splunk/Elastic)
o Next-Generation Firewalls
o Endpoint Protection/EDR, MDM/UEM (Intune, JAMF)
o Vulnerability Management (Tenable/ACAS)
o ITSM platforms
· Support RMF/ATO documentation (SSP inputs, POA&Ms, control traceability).
· Act as the technical SME and primary liaison for DHS stakeholders, security teams, and third-party vendors.
· Participate in joint architecture reviews and cross-domain integration testing with DHS engineering teams.
Requirements
Active DoD Secret Clearance (or higher)
IAT Level III certification such as CCIE Security, CCNP Security, or Cisco ISE Specialist / DoD 8570/8140: Security+ CE, CISSP, or CASP+
7+ years of ISE design and deployment experience in DoD environments
Proven experience implementing DoD C2C solutions, including endpoint identification, compliance enforcement, and automated remediation workflows
Technical Skills:
802.1X/EAP-TLS, supplicant configuration (Windows/macOS/Linux), MAB fallback, guest/BYOD posture and profiling
TrustSec/SGT design
pxGrid, ERS/REST APIs, Python automation
Enterprise PKI (DoD PKI/CAC, AD CS, SCEP/EST)
Core routing/switching, TACACS+, wireless integration
Familiarity with DISA STIGs, RMF, ACAS/Tenable, and audit documentation
Scripting experience (Python, REST APIs), version control (Git), and Infrastructure-as-Code familiarity
CyKor, LLC is an equal opportunity employer and values diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status, and will not be discriminated against on the basis of disability.
group id: 91173057
