Network Security Engineer (Cisco ISE / TrustSec)

We are looking for an experienced Network Security Engineer with strong expertise in Cisco Identity Services Engine (ISE) and TrustSec to support the implementation of secure, segmented enterprise network architectures. The role focuses on enabling Zero Trust network access, identity-based networking, and advanced traffic segmentation within a complex enterprise LAN environment., * Design and lead the sub-segmentation strategy for enterprise LAN environments to support Zero Trust architecture.

• Deploy and manage Security Group Tags (SGTs), SGACLs, and ISE policy sets for granular access control.
• Implement SGT-based Policy-Based Routing (PBR) to optimize traffic flow for different user groups (e.g., IoT, guest, corporate).
• Configure and manage Inline Tagging and SGT propagation across multi-tier LAN environments.
• Integrate legacy systems using SXP to extend TrustSec policies to non-capable hardware.
• Act as Tier-3 escalation support for authentication, authorization, and TrustSec propagation issues.
• Ensure network policies align with security audits, compliance, and regulatory requirements.
• Develop standard operating procedures (SOPs) and technical documentation.

• CCNP Enterprise (or higher) certification.
• Strong hands-on experience with Cisco ISE and TrustSec deployments.
• Expertise in Identity-Based Networking (802.1X, profiling, posturing).
• Advanced knowledge of Layer 3 routing (OSPF, BGP) and Layer 2 switching (STP, VTP, StackWise).
• Experience with SGT propagation and inline tagging in enterprise networks., * Cisco Certified Specialist - Security Identity Management (SISE).
• Experience with Cisco DNA Center / Catalyst Center (SD-Access).
• Automation experience using Python or Ansible.
• Knowledge of MACsec (802.1AE) encryption., * Cyber Security
• Cisco Identity Services Engine (ISE)
• Network segmentation and Zero Trust architecture
• Advanced enterprise network troubleshooting