Network Security Engineer

Tria Federal
Waldorf, United States of America
18 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Waldorf, United States of America

Tech stack

IEEE 802.1X
Microsoft Active Directory
User Authentication
Configuration Management
Profiling
Computer Security
System Configuration
Network Security
Lightweight Directory Access Protocols (LDAP)
Network Architecture
Cisco Nexus Switches
Public Key Infrastructure
Zero Trust Network Access
Security Information and Event Management
Systems Integration
Terminal Access Controller Access-Control System (TACACS)
Wireless Access Point
Wireless Networks
Wireless LAN Controllers
Wireless Telecommunications
SSL Certificate Management
Network Routers
Identity Services Engine
Network Access Control
System Availability
Firewalls (Computer Science)
Information Technology
Cisco Switches
Cisco networks

Job description

Tria Federal is seeking a Network Security Engineer to join the Network Engineering Team. In this role, you will collaborate to support a large-scale routing and switching infrastructure, contributing to general network tier support while focusing primarily on the deployment and management of the agency's new network access control platform. The engineer will assist with environment wide policy configuration, handling authentication, device administration, and posture checks for users and endpoints.

This role supports modernization efforts by improving authentication processes and strengthening identity-based access controls. The engineer will troubleshoot connectivity issues, refine policies, and ensure secure, reliable access as the organization completes its system transition., * Support a large-scale routing and switching infrastructure by assisting the team with the operation and maintenance of Cisco Catalyst 9300, 3850, 2960 and Nexus 2k, 5k, 7k series switches.

  • Troubleshoot and resolve Cisco ISE issues across RADIUS, TACACS+, 802.1X, device administration, and endpoint authentication.
  • Deploy, configure, and maintain Cisco ISE running on two clustered Cisco SNS-3715 appliances, ensuring high availability and consistent policy enforcement.
  • Provide general wireless support, including basic troubleshooting, wireless access workflows, and coordination with wireless infrastructure teams.
  • Configure and support Cisco ISE integrations with Cisco 9800 WLCs, including guest/registration portals, wireless onboarding, and policy-driven access control.
  • Integrate and maintain Cisco ISE with Active Directory (AD) and LDAP, including identity lookups, group-based authorization, and directory-based authentication workflows.
  • Deploy, configure, and maintain Cisco ISE components, including:
  • Policy Sets, Authorization Profiles, and Authentication Rules
  • TACACS+ device administration
  • 1X for wired and wireless networks
  • Profiling, posture, and compliance policies
  • Certificate-based authentication and PKI integrations
  • Monitor security events using ISE logs, syslog, and performing root cause analysis for authentication and access issues.
  • Manage identity integrations, enforce security policies, and tune configurations to support Zero Trust and improve user experience.
  • Perform routine health checks, upgrades, migrations, and document changes through SOPs, engineering designs, and implementation procedures.
  • Work closely with engineering, operations, and compliance teams while mentoring junior staff and contributing to knowledge sharing efforts.

ABILITY TO OBTAIN A DOL PUBLIC TRUST CLEARANCE (Must be a U.S. Citizen or Green Card Holder residing in the United States for more than 3.5 years

Requirements

Do you have experience in Zero trust architecture design?, Do you have a Bachelor's degree?, * Experience providing hands-on engineering and troubleshooting support for enterprise Cisco switches and routers within a large-scale network infrastructure

  • Responsible for designing, configuring, monitoring, and troubleshooting Cisco ISE as a NAC/NAM platform, including TACACS+/RADIUS services, device administration policies, and wired/wireless 802.1X authentication.
  • Experience working with Cisco ISE deployed on Cisco SNS-3715 appliances, preferably in a two-node clustered, high-availability setup.
  • Experience providing general wireless network support, including basic troubleshooting, controller interactions, and wireless access workflows.
  • Hands-on experience integrating Cisco ISE with Active Directory (AD) and LDAP, including identity lookups, group-based policy decisions, and directory-based authentication.
  • Eight (8) years of experience in a large government organization with five (5) years in technical leadership, including four (4) years implementing, managing and troubleshooting Cisco ISE with expertise in:
  • Authentication and authorization policies (RADIUS/TACACS+)
  • 1X/EAP methods for wireless and wired access
  • Device profiling, posture checks, and endpoint compliance
  • Certificate-based authentication (EAP-TLS) and PKI integration
  • AAA integrations for switches, appliances, firewalls, and wireless controllers
  • Experience supporting Cisco ISE integrations with Cisco 9800 Wireless LAN Controllers, including guest/registration page redirection and wireless onboarding.
  • Experience migrating legacy NAC, RADIUS, or device authentication systems into Cisco ISE while aligning with Zero Trust principles.
  • Four (4) years of experience supporting identity-centric or Zero Trust architectures with strong knowledge of segmentation, certificate management, and endpoint posture controls.
  • Solid understanding of telecommunications, network security, and Zero Trust best practices.
  • Strong communication skills with the ability to explain Cisco ISE, NAC/NAM, and AAA concepts to both technical and non-technical audiences.
  • Bachelor's degree in Information Technology, Cybersecurity, or a related field.
  • Preferred certifications: Cisco CCNP Security, Cisco ISE Specialist, or similar identity/security certifications.

About the company

Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. For two decades, federal agencies have relied on Tria companies to advance their critical missions and modernize their systems, so that they can uphold their commitment to the American people. Today, we are pushing the boundaries of possibility through partnerships and investments in artificial intelligence and emerging technologies, developing solutions for the biggest challenges that government will face tomorrow., What defines the Tria brand is more than just our dedication to excellence in our craft; it's our incredible team of dedicated, talented, and passionate people that make Tria so exceptional. As people powering possible, we are all partners in our team's shared success. As a company that cares about people, we seek to cultivate a culture in which all can thrive personally and professionally. We offer a top-tier benefits package to invest in your physical, mental, and financial health and wellness so that you can be your best self - at work and in life. At Tria, we are growth-minded, entrepreneurial in spirit, and committed to fostering a culture of inclusion and opportunity for all. Whatever your background, your role, your department, or stage in your professional journey, here you will have opportunities to learn new skills, seize new challenges, and advance your career as we grow.

Apply for this position