UICGS / Bowhead Family of Companies
Cisco Identity Services Engineer/ Administrator
UICGS / Bowhead Family of Companies, Dahlgren, Virginia, United States, 22448
Cisco Identity Services Engineer/ Administrator
CISCO IDENTITY SERVICES ENGINEER/ADMINISTRATOR (RDTE)
Bowhead has an immediate opening for a Cisco Identity Services Engineer/Administrator (ISE) to provide Design and Engineering Operation and Maintenance support for ISE systems on the classified and unclassified Research, Development, Test and Evaluation (RDTE) networks at Dahlgren, VA. As an Cisco ISE Administrator, you will identify endpoints, and enable the creation and enforcement of security and access policies for endpoint devices connected to the company’s routers and switches, in order to simplify identity management across diverse devices and applications.
Configure, implement, and troubleshoot ISE.
Build and analyze ISE rules to comply with client network security policies.
Create policies for unseen network devices in a mixed environment, to include profiling devices, defining Downloadable Access Control Lists (DACL’s), and assigning Virtual Local Area Network (VLAN) to endpoints.
Implement 802.1x solutions to all “supplicant-enabled” devices via AnyConnect software and Network Access Manager (NAM) profiles using EAP-MSCHAPv2/TLS encryption methods.
Integrate with wired data, wireless infrastructure, and Virtual Private Network (VPN), as well as posture and client provisioning.
Configure and implement TACACS+ policies for network device administration.
Manage firewall and network security systems by establishing and enforcing approved policies
Analyze network security requirements and implement perimeter security changes
Serve as a subject matter expert in coordinating and troubleshooting with customers, other infrastructure support activities and business units
Develop network documentation of security infrastructure
Monitor network performance and implement performance tuning as necessary
Responsible for installing software, applying patches, managing file systems, and monitoring performance of ISE systems
Performs data backups and restoration of managed systems
Assist in the certification and accreditation process for managed systems and networks
Install and deploy of new ISE hardware and software
Review daily logs for managed systems and report on unusual activity
Participate in the development and maintenance of Standard Operating Procedures (SOPs) associated with managed systems and applications
Collaborate with IT staff on projects and initiatives
Provide input for a monthly progress and status report Five to eight (5-8) years of relevant experience
High School Diploma required. Bachelors Degree preferred.
ISE certifications: CCNP Security (SISE) highly desirable
Solid experience configuring and troubleshooting routing and switched infrastructure (e.g. CCNA, CCNP) and security certifications highly desirable
Experience in network security including: Device Hardening and patching
Experience with Cisco Secure Client or related supplicants.
Experience with MAC Authentication Bypass (MAB) and 802.1X troubleshooting concepts.
Experience with Public Key Infrastructure (PKI) to assist, maintain and troubleshoot 802.1X EAP-TLS issues
Knowledge of Cisco Secure Client Modules - (VPN, Posture, DART)
Diagnose and resolve complex network problems and improve network performance and reliability
Qualifications
Must currently hold a DoD 8570 Information Assurance Technical Level II certification
Position requires a strong understanding of ISE functions and operations (e.g. endpoint identification, authentication, authorization)
Ideal candidate will have experience with TCP/IP protocols and the OSI model and how they apply to production systems and networks
Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
Ability to communicate effectively with all levels of employees and outside contacts
Strong interpersonal skills and good judgment with the ability to work alone or as part of a team
Desired Skills
Cisco Access Control System (ACS), specifically with “role-based” TACACS+ commands/profiles
PxGrid, ThreatGrid and Security Group Tags (SGT’s) for back-end communication between Cisco Firepower and ISE server
Cisco Catalyst Center, MDM, ASA, DNS/DHCP, Network Load-Balancing, and 802.11a/b/g/n Wireless technologies and industry best practices.
Active Directory knowledge (e.g. Organizational Unit(OU) identification, domain “trusts”, Domain Name System(DNS), identity resolution)
Splunk ‘syslog’ experience with “raw” log interpretation and report/dashboard creation.
Physical Demands
Must be able to lift up to 10-20 pounds
Must be able to stand and walk for prolonged amounts of time
Must be able to twist, bend and squat periodically
SECURITY CLEARANCE REQUIREMENTS Must currently hold a security clearance at the Top Secret level. US Citizenship is a requirement for this contract.
Seniority level Mid-Senior level
Employment type Full-time
Job function Engineering and Information Technology
#J-18808-Ljbffr
Bowhead has an immediate opening for a Cisco Identity Services Engineer/Administrator (ISE) to provide Design and Engineering Operation and Maintenance support for ISE systems on the classified and unclassified Research, Development, Test and Evaluation (RDTE) networks at Dahlgren, VA. As an Cisco ISE Administrator, you will identify endpoints, and enable the creation and enforcement of security and access policies for endpoint devices connected to the company’s routers and switches, in order to simplify identity management across diverse devices and applications.
Configure, implement, and troubleshoot ISE.
Build and analyze ISE rules to comply with client network security policies.
Create policies for unseen network devices in a mixed environment, to include profiling devices, defining Downloadable Access Control Lists (DACL’s), and assigning Virtual Local Area Network (VLAN) to endpoints.
Implement 802.1x solutions to all “supplicant-enabled” devices via AnyConnect software and Network Access Manager (NAM) profiles using EAP-MSCHAPv2/TLS encryption methods.
Integrate with wired data, wireless infrastructure, and Virtual Private Network (VPN), as well as posture and client provisioning.
Configure and implement TACACS+ policies for network device administration.
Manage firewall and network security systems by establishing and enforcing approved policies
Analyze network security requirements and implement perimeter security changes
Serve as a subject matter expert in coordinating and troubleshooting with customers, other infrastructure support activities and business units
Develop network documentation of security infrastructure
Monitor network performance and implement performance tuning as necessary
Responsible for installing software, applying patches, managing file systems, and monitoring performance of ISE systems
Performs data backups and restoration of managed systems
Assist in the certification and accreditation process for managed systems and networks
Install and deploy of new ISE hardware and software
Review daily logs for managed systems and report on unusual activity
Participate in the development and maintenance of Standard Operating Procedures (SOPs) associated with managed systems and applications
Collaborate with IT staff on projects and initiatives
Provide input for a monthly progress and status report Five to eight (5-8) years of relevant experience
High School Diploma required. Bachelors Degree preferred.
ISE certifications: CCNP Security (SISE) highly desirable
Solid experience configuring and troubleshooting routing and switched infrastructure (e.g. CCNA, CCNP) and security certifications highly desirable
Experience in network security including: Device Hardening and patching
Experience with Cisco Secure Client or related supplicants.
Experience with MAC Authentication Bypass (MAB) and 802.1X troubleshooting concepts.
Experience with Public Key Infrastructure (PKI) to assist, maintain and troubleshoot 802.1X EAP-TLS issues
Knowledge of Cisco Secure Client Modules - (VPN, Posture, DART)
Diagnose and resolve complex network problems and improve network performance and reliability
Qualifications
Must currently hold a DoD 8570 Information Assurance Technical Level II certification
Position requires a strong understanding of ISE functions and operations (e.g. endpoint identification, authentication, authorization)
Ideal candidate will have experience with TCP/IP protocols and the OSI model and how they apply to production systems and networks
Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
Ability to communicate effectively with all levels of employees and outside contacts
Strong interpersonal skills and good judgment with the ability to work alone or as part of a team
Desired Skills
Cisco Access Control System (ACS), specifically with “role-based” TACACS+ commands/profiles
PxGrid, ThreatGrid and Security Group Tags (SGT’s) for back-end communication between Cisco Firepower and ISE server
Cisco Catalyst Center, MDM, ASA, DNS/DHCP, Network Load-Balancing, and 802.11a/b/g/n Wireless technologies and industry best practices.
Active Directory knowledge (e.g. Organizational Unit(OU) identification, domain “trusts”, Domain Name System(DNS), identity resolution)
Splunk ‘syslog’ experience with “raw” log interpretation and report/dashboard creation.
Physical Demands
Must be able to lift up to 10-20 pounds
Must be able to stand and walk for prolonged amounts of time
Must be able to twist, bend and squat periodically
SECURITY CLEARANCE REQUIREMENTS Must currently hold a security clearance at the Top Secret level. US Citizenship is a requirement for this contract.
Seniority level Mid-Senior level
Employment type Full-time
Job function Engineering and Information Technology
#J-18808-Ljbffr