Job Description

12+ Month W2 Contract (No C2C and No Visa or Student Sponsorship)

Must be local to Santa Clara (No relocations)

Pay up to $65/hr. W2.

Milestone is seeking a Senior Cisco Identity Services Engine (ISE) Network Engineer to drive the day-to-day operations, maintenance, and continuous improvement of a client’s Cisco ISE infrastructure. This role will focus on ensuring secure, policy-based access control across wired, wireless, and VPN endpoints in a highly distributed enterprise network. The ideal candidate will have hands-on experience with Cisco ISE in production environments, advanced troubleshooting capabilities, and a comprehensive understanding of NAC, RADIUS/TACACS+, posture, profiling, and endpoint compliance integrations.

Qualifications:

• 5+ years of experience with Cisco ISE (including versions 3.x and above), HA clustering and distributed deployment models.
• Deep understanding of AAA protocols (RADIUS, TACACS+), EAP types, and Cisco TrustSec architecture.
• Hands-on experience with Cisco Catalyst and Nexus switches, WLCs, and wireless APs in ISE-integrated environments.
• Familiarity with certificate management, including PKI integration, SCEP, and certificate-based auth.
• Strong command of ISE’s policy sets, authentication/authorization rules, and profiling mechanisms.
• Cisco CCNP certification.
• Experience with pxGrid, ERS APIs, and integrations with Cisco DNA Center, AMP for Endpoints, and SecureX.
• Proficiency in Linux CLI and familiarity with ISE CLI-level administration (e.g., troubleshooting logs, interface configs).
• Working knowledge of segmentation technologies (VLAN, SGT, VRF) and micro/macro segmentation strategies.
• Experience with large enterprise deployments (10,000+ endpoints).

Key Responsibilities:

• Cisco ISE Operations & Maintenance
• Perform regular operational health checks and system diagnostics for multi-node ISE deployments (PAN, MnT, PSNs).
• Apply system updates, cumulative patches, and hotfixes per Cisco’s recommended practices.
• Conduct backups, restore testing, and disaster recovery validation.
• Authentication & Authorization
• Configure and manage 802.1X, MAB, and authentication methods.
• Design and implement downloadable ACLs (dACLs), VLAN assignment, and dynamic policy enforcement.
• Develop and maintain device profiling policies using SNMP, DHCP, and NMAP probes.
• Integration & Automation
• Integrate ISE with external identity sources (Active Directory, LDAP, SAML IdPs).
• Connect ISE to third-party tools
• Automate policy deployment and configuration using REST APIs, Python scripting, or Ansible playbooks.
• Visibility & Compliance
• Configure posture assessments using Cisco AnyConnect modules and HostScan packages.
• Create robust guest access workflows (sponsored and self-service) and BYOD onboarding using MyDevices portal.
• Monitor logs and alarms via ISE logging system, MnT, and external SIEM platforms.
• Infrastructure Design & Optimization
• Provide design input for scalable, highly available ISE topologies across data centers.
• Analyze network traffic flow, policy hits/misses, and system utilization for performance tuning.
• Coordinate with wireless and switching teams to ensure consistent policy enforcement across platforms.
• Documentation & Knowledge Sharing
• Maintain detailed configuration guides, topology diagrams, change control records, and knowledge base articles.
• Mentor junior engineers and serve as escalation point for complex access control issues.

The estimated pay range for this position is USD $55.00/Hr - USD $65.00/Hr. Exact compensation and offers of employment are dependent on job-related knowledge, skills, experience, licenses or certifications, and location. We also offer comprehensive benefits. The Talent Acquisition Partner can share more details about compensation or benefits for the role during the interview process.

Job Tags

Similar Jobs