Network Security Engineer Senior
US-WV-Kearneysville
Careers (External)
Req #: 7287
Type: Full-Time
|
|
||||||||||
|
|||||||||||
Overview:
GovCIO is seeking an experienced Network Security Engineer (Senior) to provide critical support for our U.S. Coast Guard program. This position will be located in Kearneysville, WV and will be a hybrid remote position.
Responsibilities:
The ideal candidate will specialize in designing, implementing, and maintaining our secure network infrastructure with a core focus on Zero Trust Architecture and Network Access Control (NAC). This role is critical for protecting high-value assets within large-scale U.S. Coast Guard enterprise environments, including NIPRNet, SIPRNet and DDIL. You will be a subject matter expert on Cisco ISE, and responsible for the full lifecycle of our C2C and 802.1x NAC solutions in a fast-paced, high-stakes environment.
Cisco ISE Administration and NAC Support
* Configure, maintain, and optimize Cisco Identity Services Engine (ISE) for robust authentication, authorization and accounting (AAA)
* Administer and maintain the full ISE deployment, including Policy Service Nodes (PSNs), Monitoring and Troubleshooting Nodes (MnTs) and the Primary Admin Node (PAN)
* Implement and support 802.1X, MAB (MAC Authentication Bypass), posture assessment and advanced profiling for comprehensive endpoint security
* Configure and manage Cisco ISE Guest Access, BYOD policies, and endpoint device profiling.
* Perform routine ISE system updates, patches, and health checks to ensure optimal system stability and performance, including executing the node upgrade process
* Monitor and analyze RADIUS, TACACS+, LDAP, and Active Directory authentication logs to ensure security compliance and troubleshoot performance issues
* Expertly troubleshoot complex authentication failures, endpoint misclassifications, and network access issues
Network Security and Compliance Support
* Ensure all Network Access Control (NAC) enforcement strictly aligns with DoD Comply to Connect (C2C) policies and DISA STIGs
* Implement and support device posture validation, MSFT Defender, Tanium, dynamic ACL (dACL) provisioning, dynamic VLAN assignments and Security Group Tagging (SGT)
* Collaborate with network and security teams to design and enforce Zero Trust security models and the principle of least privilege access
* Assist in implementing and troubleshooting certificate-based authentication (TLS/SSL, OpenSSL operations and PKI infrastructure)
* Conduct deep-dive traffic analysis using tools like Wireshark, TCPDump and SolarWinds to diagnose authentication issues and identify network anomalies
Firewall and Infrastructure Integration
* Support the seamless integration of Cisco ISE with security and network platforms, including Cisco Firepower, ASR/ISR/CSR/ASA firewalls, VERSA and Palo Alto NGFWs
* Assist in troubleshooting NAC-related network performance issues that affect LAN/WAN connectivity
* Provide expert support for multi-VRF environments, ensuring proper NAC enforcement across complex and segmented network topologies
Qualifications:
* Bachelor's degree in computer science, information systems or a related field with 8+ years (or commensurate experience).
* 5+ years of dedicated experience in network security, NAC or related roles.
* A minimum of 3+ years of direct, hands-on experience in Cisco ISE administration, NAC policy management and network authentication security.
* Clearance Required: Must be cleared up to an active Secret clearance.
Required Skills and Experience
* Current DoD 8570 IAT Level II certification (e.g., Security+ CE, CCNA Security, SSCP)
* Deep expertise in Cisco ISE architecture, profiling, posture assessment and endpoint classification
* Proficient with 802.1X, MAB, RADIUS, TACACS+, LDAP and Microsoft Active Directory integration
* Hands-on experience with Cisco Switch CLI for configuration and troubleshooting
* Strong understanding of certificate-based authentication (PKI, TLS/SSL, OpenSSL)
* Framework & Tools Knowledge:
* Proven experience working within DoD cybersecurity compliance frameworks (e.g., DISA STIGs, NIST 800-53, IAVMs).
* Familiarity with Cisco Firepower, ASA firewalls, and Palo Alto NGFWs.
Preferred Skills
* Basic scripting knowledge (Python, Bash, or REST APIs) for automation and troubleshooting is a significant plus.
#JP #USCG #DICE
Share this job:
