IS&T Consulting Group
Network Engineer (Contract, 3–6 Months)
Apply NowHands-on Network Engineer with deep routing & switching expertise and proven experience deploying Cisco ISE
Required Skills
| Skill | Years of Experience | Expertise Level | Skill Requirement Level |
|---|---|---|---|
| CISCO | 4-5 | 4 | Required |
| ROUTER | 4-5 | 4 | Required |
| SWITCHING | 4-5 | 4 | Required |
| CISCO ISE | 4-5 | 4 | Required |
| CISCO NAC | 4-5 | 4 | Required |
Job Description
Before you send me any applicant for the below, ask these questions and supply me the answers along with the resume.
Sample Screening Questions
• Walk through your last wired ISE rollout: topology, identity stores, and policy set structure.
• How do you handle printers/IoT that don’t do 802.1X? What’s your MAB and DACL approach?
• Common causes of 802.1X flapping or failed EAP-TLS and how you troubleshoot them.
• Your standard switch template snippets for NAC (critical VLAN, DACLs, device-tracking, storm control).
• How do you design failsafe so auth outages don’t take down access?
Summary
We’re seeking a hands-on Network Engineer with deep routing & switching expertise and proven experience deploying Cisco ISE for wired access (802.1X/MAB) in production. This is a 3–6 month contract focused on rolling out secure wired access across enterprise branch networks.
Engagement Details
Type: Contract (3–6 months)
• Hours: Full-time, Monday–Friday, weekends as needed
• Location: Onsite – ( some limited travel may be presented )
• Start: ASAP
• Work Authorization: Must be eligible to work in the U.S.
Key Responsibilities
• Lead end-to-end Cisco ISE wired NAC deployment: design, build, pilot, and phased rollout.
• Configure 802.1X/EAP-TLS, MAB fallback, RADIUS policies, profiling, and posture (as applicable).
• Create/standardize access switch templates (Catalyst IOS/IOS-XE), VLANs, ACLs, QoS, storm control, and device-tracking.
• Integrate ISE with Active Directory/PKI, device certificates, and AAA (TACACS+/RADIUS).
• Harden campus/LAN: STP/RSTP/MST, DHCP snooping, IP Source Guard, Dynamic ARP Inspection.
• Troubleshoot NAC onboarding, supplicants, and endpoint variances (Windows/macOS/Linux, phones, printers, IoT).
• Produce documentation: HLD/LLD, config standards, test plans, MOPs, rollback plans, and knowledge transfer.
• Mentor ops staff; hand off monitoring and day-2 procedures.
Required Qualifications
• 5+ years enterprise routing & switching (Catalyst; OSPF/BGP fundamentals; HSRP/VRRP; EtherChannel/LACP).
• Experience in the lifecycle of Cisco ISE wired deployment (design → pilot → production) in environments >500 users.
• Hands-on with 802.1X, MAB, EAP-TLS, authorization policies, downloadable ACLs, profiling/posture basics.
• Strong RADIUS/AAA skills; integration with AD/PKI and certificate lifecycle.
• Campus security controls (DHCP snooping, DAI, IP Device Tracking) and endpoint onboarding troubleshooting.
• Excellent runbook writing, change control (MOP/rollback), and stakeholder communication.
Nice to Have
• Cisco TrustSec/SGT, pxGrid, Posture policies.
• Cisco DNA Center (templates, SWIM) and/or Prime.
• Experience segmenting IoT/OT endpoints.
• Scripting for automation (Python/Ansible).
Deliverables (Success Criteria)
• Approved HLD/LLD and security policy matrix for wired NAC.
• Working deployment (160 locations) with success criteria met (auth rates, failsafe, user experience).
• Production rollout plan with staged change windows and rollback.
• Standardized switch configuration templates and ISE policy sets.
• Knowledge transfer sessions and runbooks for Operations (day-2 support).
• Post-deployment report with KPIs (auth success %, MAB ratio, incident counts).
Tools/Tech Stack
• Cisco ISE (current LTS), Catalyst 9K/3K, IOS-XE, AnyConnect NAM/Supplicant or native supplicants.
• RADIUS AD/LDAP, PKI/Cert Services, syslog/SNMP, Wireshark, SecureCRT/Markdown/Confluence.