Overview
A UK-based engineering organisation is seeking an experienced Network Access Control (NAC) engineer to deliver a single, unified NAC solution supporting two major business divisions. This programme will enhance security, standardise access control, and centralise policy management across multiple UK sites.
Responsibilities
- Lead the deployment, configuration, and implementation of Cisco Identity Services Engine (ISE) in enterprise environments.
- Implement NAC policies, including 802.1X, MAB, and guest access workflows.
- Integrate ISE with network infrastructure, including switching, wireless controllers, firewalls, Entrata ID, and Active Directory.
- Conduct testing and validation: functional testing, fail‑over testing, and meet agreed acceptance criteria.
- Troubleshoot complex access/authentication issues and provide early‑life support after go‑live.
- Configure guest access: captive portal, onboarding workflows, and sponsor portal configuration.
- Collaborate with security stakeholders to enforce compliance and security policy requirements.
- Produce and maintain technical documentation (design artefacts, diagrams, operational procedures).
- Provide a blend of on‑site and remote support during deployment and post‑implementation phases.
- Support incident response and root‑cause analysis for security/access events.
- Deliver knowledge transfer through workshops and training to internal IT teams.
Qualifications
- Pass a BPSS security check.
- Strong hands‑on experience delivering Cisco ISE 3.x (or later) implementations, including migration/transition of devices and services from prior NAC solutions.
- Multi‑site enterprise deployment experience, including high‑availability design and implementation.
- Experience with 802.1X for wired and wireless, MAC authentication bypass, and guest access with customisable workflows.
- Integration experience with existing Cisco estate and Microsoft services, including familiarity with Microsoft NPS.
- Strong operational capability in troubleshooting authentication, policy, certificate, and network‑access issues.
Certifications
- CCNP preferred (or CCNA with extensive Cisco ISE delivery experience).
Preferred
- Endpoint compliance/posture and profiling capabilities within ISE.
- Integrations with third‑party security tools (e.g., SIEM).
