We are seeking a highly experienced Network Engineer to lead the assessment, procurement, installation, and configuration of a Cisco Identity Services Engine (ISE) environment with integrated PKI, Single Sign-On (SSO), and 802.1X Network Access Control (NAC). You will support the Arizona Army National Guard (AZARNG) in replacing and enhancing its existing Forescout deployment to improve cybersecurity posture across multiple military installations.
 

Key Responsibilities

• Lead the procurement, installation, and configuration of Cisco ISE hardware and software, including:

• Cisco SNS-36x5-k9 appliances with TPM, RAID, and 10G NICs
• FIPS 140-2 compliant systems and secure configurations

• Conduct a comprehensive Forescout NAC assessment, capturing device policies and access control configurations
• Migrate and implement Cisco ISE policies for:

• AD/LDAP/NTP/DNS integration
• Network Access Devices (NADs), VLANs, ACLs, syslog, CoA
• Static and dynamic VLANs, 802.1X, MAC bypass, RADIUS, SNMP

• Implement Active Directory SSO and CAC PKI authentication across Cisco platforms (ISE, Catalyst Center, CUCM, Unity Connection, Cisco ER, SSH)
• Configure policies for:

• 50 baseline NADs and guide gov’t staff on remaining devices
• Wired authentication/authorization, profiling policies
• Devices both 802.1X-capable and non-capable

• Ensure failover, device visibility, identity groups, endpoint monitoring
• Collaborate with AZARNG network administrators and submit technical documentation/deliverables in accordance with the Quality Assurance Surveillance Plan (QASP)

Minimum Qualifications

• 8+ years of experience in enterprise network engineering, with a focus on Cisco ISE and 802.1X deployments
• Hands-on experience with PKI, AD integration, RADIUS/TACACS+, VLANs, syslog, SNMP, static routing, and endpoint authentication
• Deep knowledge of Cisco Catalyst hardware/software, network access control (NAC), and SSO solutions
• Demonstrated experience deploying secure network appliances in DoD or federal environments
• Familiarity with Army IT policies, OPSEC, AT Level 1, and iWATCH training standards
• Experience with COMSEC, FISMA/FIPS, DoD 8570.01-M, and NISPOM guidelines
• Must be U.S. citizen and eligible for government facility access
• Strong documentation and QA compliance skills

Clearance: Must be able to obtain and maintain base access. May require a favorable background investigation per DoD/Federal requirements.

Preferred Qualifications

• Certifications:
  • Cisco Certified Network Professional (CCNP) Security or Enterprise
  • Cisco ISE Specialist, CCIE, or similar
  • DoD 8570 Baseline Certification (e.g., Security+ CE, CISSP)
• Prior military or federal contracting experience strongly preferred
• Experience configuring authentication/authorization profiles using Cisco ISE with over 5,000 users and 250+ devices

Travel Required
No anticipated travel for this position.

Additional Information

• Pay Range: The proposed salary range for this position is $120,000 - $135,000.
• We offer competitive compensation, benefits and learning and development opportunities.