SME - Cisco Identity Services Engine (ISE)

Job Summary

The Network Access Control Operations SME is responsible for the reliable operation, optimization, and incident resolution of enterprise wired LAN, wireless, and authentication services across a multi-vendor environment. This role serves as the primary escalation point for complex network access control and authentication issues, driving operational excellence, security enforcement, and continuous improvement across our global network access infrastructure with 12-16 year of experience. Primary focus will be Aruba Clearpass & Cisco ISE.

Key Responsibilities

Platform Operations & Lifecycle Policy Design & Enforcement Identity & Security Integration Infrastructure & Operations Support Incident Resolution & Documentation

Skill Requirements

NAC Expertise: Proven, hands-on experience administering and engineering large, multi-node deployments of Cisco ISE AND Aruba Clear Pass (CPPM). Protocol Proficiency: Deep understanding of network AAA concepts, RADIUS, TACACS+, 802.1X, MAB, and EAP types (EAP-TLS, PEAP-MSCHAPv2). Identity & PKI: Demonstrated experience with certificate management, CRL/OCSP validation, PKI trust chains, and directory integrations (Active Directory, Entra ID). Network Infrastructure: Experience configuring RADIUS/TACACS+ attributes and AAA commands on Cisco Catalyst switches, Cisco 9800 WLCs, and multi-vendor wireless platforms. Advanced Troubleshooting: Strong skills tracking authentication flows via Cisco ISE Live Logs, Clear Pass Access Tracker, endpoint diagnostics, and Wireshark captures.

Other Requirements

Aruba Certifications: Aruba Certified Clear Pass Professional (ACCP) or Aruba Certified Clear Pass Expert (ACCX). Cisco Certifications: CCNP Enterprise, CCNP Security, or CCIE (Wireless/Security). Cloud Infrastructure: Practical experience with cloud networking (AWS VPCs, Azure VNets, Security Groups) supporting virtual NAC nodes. Automation: Familiarity with REST APIs to automate repetitive configuration tasks, endpoint profiling, or bulk provisioning. Role Overview\\r\\n The Network Access Control Operations SME is responsible for the reliable operation, optimization, and incident resolution of enterprise wired LAN, wireless, and authentication services across a multi-vendor environment. This role serves as the primary escalation point for complex network access control and authentication issues, driving operational excellence, security enforcement, and continuous improvement across our global network access infrastructure with 12-16 year of experience. Primary focus will be Aruba Clearpass & Cisco ISE.\\r\\n Key Responsibilities\\r\\n Platform Operations & Lifecycle:\\r\\n Own day-to-day operations, capacity planning, performance tuning, and health checks for both Cisco ISE and Aruba Clear Pass Policy Manager (CPPM).\\r\\n Manage lifecycle activities including software patching, major upgrades, backup validation, and system maintenance across multi-node, hybrid architectures.\\r\\n Policy Design & Enforcement:\\r\\n Design, implement, and maintain NAC policies for wired and wireless access using 802.1X, MAC Authentication Bypass (MAB), and Web Auth.\\r\\n Configure complex policy sets, enforcement profiles, service mappings, profiling rules, and posture compliance checks.\\r\\n Manage guest access workflows, BYOD onboarding flows, and device registration portals.\\r\\n Identity & Security Integration:\\r\\n Integrate and maintain identity source sequences including Active Directory, LDAP, and cloud identity providers (e.g., Microsoft Entra ID).\\r\\n Manage PKI and certificate lifecycles for secure, certificate-based authentication.\\r\\n Infrastructure & Operations Support:\\r\\n Operate and optimize network access layers across Cisco Catalyst environments, Cisco wireless controllers (WLCs / IOS XE), and Aruba/Meraki wireless access points.\\r\\n Maintain hybrid deployments of NAC nodes (On-premises and Cloud environments like AWS/Azure), ensuring resilient connectivity and consistent security posture.\\r\\n Incident Resolution & Documentation:\\r\\n Act as the highest tier of internal escalation for advanced wireless, wired, and authentication outages; utilize packet captures, RADIUS/TACACS+ logs, and live logs to troubleshoot.\\r\\n Produce and maintain operational runbooks, troubleshooting guides, and self-service documentation to empower Tier 1 support teams and reduce MTTR.\\r\\n Requirements (Mandatory) :\\r\\nNAC Expertise: Proven, hands-on experience administering and engineering large, multi-node deployments of Cisco ISE AND Aruba Clear Pass (CPPM).\\r\\n Protocol Proficiency: Deep understanding of network AAA concepts, RADIUS, TACACS+, 802.1X, MAB, and EAP types (EAP-TLS, PEAP-MSCHAPv2).\\r\\n Identity & PKI: Demonstrated experience with certificate management, CRL/OCSP validation, PKI trust chains, and directory integrations (Active Directory, Entra ID).\\r\\n Network Infrastructure: Experience configuring RADIUS/TACACS+ attributes and AAA commands on Cisco Catalyst switches, Cisco 9800 WLCs, and multi-vendor wireless platforms.\\r\\n Advanced Troubleshooting: Strong skills tracking authentication flows via Cisco ISE Live Logs, Clear Pass Access Tracker, endpoint diagnostics, and Wireshark captures.\\r\\n Preferred Qualifications:\\r\\n Aruba Certifications: Aruba Certified Clear Pass Professional (ACCP) or Aruba Certified Clear Pass Expert (ACCX).\\r\\n Cisco Certifications: CCNP Enterprise,