Network Security Architect

We are seeking a highly skilled Senior Network Security Architect with a deep specialization in Cisco Identity Services Engine (ISE) and Cisco TrustSec. This role is pivotal in driving our transition toward a Zero Trust architecture across the enterprise LAN. You will lead the design and implementation of sophisticated sub-segmentation strategies, utilizing SGTs and SXP to ensure granular security and optimized traffic engineering., * Zero Trust Design: Architect and lead the sub-segmentation strategy for the enterprise LAN, focusing on achieving a robust Zero Trust security posture.

• ISE Deployment: Deploy and manage complex ISE Policy Sets, Profiling, and Posturing to enforce strict identity-based access control.
• Segmentation & Enforcement: Implement and manage Scalable Group Tags (SGTs) and SGACLs to enforce granular security policies across the global campus network.
• Traffic Engineering: Design and implement SGT-aware Policy Based Routing (PBR) for intelligent traffic steering and role-based path selection (e.g., isolating IoT, Guest, and Corporate traffic).
• Hybrid Integration: Utilize SGT Exchange Protocol (SXP) to extend TrustSec policies to legacy or non-capable hardware, maintaining a consistent SGT-to-IP mapping database.
• Legacy & Multi-Tier Support: Configure Inline Tagging and ensure seamless SGT propagation across multi-tier LAN environments.
• Tier-3 Escalation: Serve as the final technical authority for complex authentication, authorization, and SGT propagation issues.
• Documentation & Compliance: Author Standard Operating Procedures (SOPs) and Work Instructions. Ensure all network access policies meet corporate audit and regulatory compliance standards., Based in the technology hub of Eindhoven, you will work within a high-performance team dedicated to securing enterprise infrastructure through cutting-edge Cisco technologies. This role offers the opportunity to be the primary architect of a modern, segmented network environment.

• Certification: CCNP Enterprise (or higher) with proven hands-on experience in Cisco ISE.
• Core Security Expertise: Deep understanding of Identity-Based Networking, including 802.1X, Profiling, and Posturing.
• TrustSec Mastery: Proven experience in TrustSec deployment, including SGT-based PBR for traffic steering and role-based path selection.
• Network Integration: Hands-on experience configuring Inline Tagging and SGT propagation across multi-tier LAN environments.
• Routing & Switching: Advanced Layer 3 routing skills (OSPF and BGP) and Layer 2 switching expertise (STP, VTP, and StackWise).

Good-to-Have Skills

• Specialized Certification: Cisco Certified Specialist - Security Identity Management (SISE).
• Next-Gen Networking: Experience with Cisco DNA Center / Catalyst Center (SD-Access) for automated segmentation.
• Automation: Knowledge of Python or Ansible for automating SGT policy updates.
• Encryption: Familiarity with MACsec (802.1AE) encryption within a TrustSec domain., * Experience: 6-8 years of hands-on experience in large-scale network security environments, specifically focusing on Cisco's security portfolio.
• Expertise: Proven track record of deploying TrustSec in complex, multi-tier architectures.
• Analytical Skills: Strong ability to troubleshoot deep-seated protocol issues within identity-based networking.
• Communication: Fluent in English; capable of leading technical discussions and mentoring junior engineers.