Network Security Engineer / ISE Subject Matter Expert

Applied Insight
Arlington, VA
Sep 22, 2022
Sep 25, 2022
Full Time
Network EngineerAbout Us: Engineers solving real-world problemsAt Applied Insight, we leave no stone unturned in solving our customers' technology challenges. Supporting the Federal Government with the strongest mission focus, our solutions empower people to collaborate more effectively in delivering services vital to the nation. Our unique approach to information technology considers people first. We make it our job to understand our customer's mission and the user's reality right from the start, combining technology and process to deliver what customers really need to succeed - from adaptation to innovation - drawing on our long experience of supporting the US Defense, Intelligence and Federal Civilian communities.Our expectation is that you will excel in this role if you:Work Remotely 80% of a workweek (8-hour days) unless needed by the customerContribute to the overall strategic vision of agency to analyze requirements, design/test solutions and deploy into production. The network engineer will perform duties/tasks specifically related to engineering of Cisco Identity Services Engine (ISE), Wireless LAN (WLAN), and Adaptive Security Appliance (ASA). The candidate will provide policy management and control platform for wired, wireless, and VPN users. ISE is currently used for 802.1X authentication and Network Access Controls across all mediums utilizing the 802.1X framework. AnyConnect is currently deployed for VPN access.* Create Identity services Engine policies and profiling network devices that govern what type of access and devices are allowed on our network* Create Cisco Identity Services Engine (ISE) roles and personas that govern what user and service accounts may access and what actions a user may perform* Develop and administer a NAC reporting portal, Role based access control administration* Design and deploy functional networks (LAN, WLAN, WAN)* Resolving issues that tiers of support have escalated* Mentoring team members and addressing user needs* Excellent problem-solving skills and thorough knowledge of network administration and architecture* Monitor network performance and integrity* Work directly with customer and cross functional teams to design, develop and implement a NAC solution for endpoint security* Author enterprise compliance standards and networking architecture* Collaborate with Technical SMEs and vendor relations* ISE log interpretation for audit, compliance, risk, and security teams* Playbook development to support at arm's length Security Intelligence Center monitoring* Audit artifact collection and representation for security constructs supporting all network device assets and management systems.* Create and/or maintain standards documentation, design documentation/templates/ topology diagrams and workflow documents.What we are expecting from you (ie the qualifications you must have):* Demonstrate strong to advanced knowledge of Network Access Control (NAC).* Demonstrate strong to advanced knowledge of Cisco Identity Services Engine (ISE).* Demonstrate strong knowledge of network architecture and protocols* Demonstrate high level understanding of multi-tiered application traffic flow, server load balancing, global load balancing, and routing* Demonstrate operational experience with network platform technologies, including hardware refresh, software testing, software upgrades, and complex troubleshooting techniques* Demonstrate high level experience with Cisco switches and ACLs* Demonstrate experience leading troubleshooting and maintenance efforts for ISE* 10+ years' Networking experience* Ability to obtain a public trust clearanceNice to have:* Industry-related experience as a Network Engineer supporting Federal Government* Professional certification (eg Cisco, AWS Solution Architect Associate) desired* Solid background in network administration and architecture* Experience with network diagnostic, monitoring and analysis tools (eg SolarWinds network tools)* Demonstrate in-depth understanding of communication protocols (mainly TCP/IP) and routing protocols (eg BGP, OSPF)* Understanding of Interior Gateway Routing protocols (eg, OSPF, EIGRP), Border Gateway Protocol (BGP) configuration, BGP peering, BGP route advertisements, prefix-lists and route-maps, SSH and SNMP protocols* Strong knowledge of incident management, problem management, and change management best-practices* Excellent verbal and written communication skills due to the need to communicate extensively with remote team members, vendors and during time sensitive incidents* Experience using network management tools and packet captures to resolve operational issues* Sharp troubleshooting skills* Ability to work independently* Organizational and mentoring skills* Familiar and knowledgeable with load balancing technologies* Demonstrated ISE integration experience with wireless services, radius authentication, VPNs, and load balancing What we will provide in return: Excellent compensation and amazing benefits* Multiple health insurance options from CareFirst BCBS which include a PPO plan with ZERO deductibles and an HSA plan.* 401k Immediate Vesting. Company matches 100% of the first 3% contributed and 50% of the next 2% contributed.* Fully paid long-term disability, short-term disability, and life insurance.* Flexible Spending Account options.* Generous paid time off that includes one bucket of leave to use how the employee sees fit; no separate holiday, sick, or vacation.* Flexible work schedules with the ability to bank extra hours for additional time off.* Semi-Annual bonuses for hours worked "over standard".* Government shutdown protection where employees don't have to use leave for up to 3 days out of the year for inclement weather or budget issues.* Employee centric culture and a belief that we should empower those who are good at what they do and then give them the tools the need to achieve success and grow their career.* A commitment to learning and growth and easy ways to achieve both including a training budget, education assistance, mentorship programs and collaborative learning sessions.* A collaborative environment that fosters communication and an open door EEO/AA including Vets and Disabled.