Cisco ISE Engineer

The Cisco ISE Engineer supports the SEC ISS contract by designing and operating Cisco Identity Services Engine (ISE) capabilities that control secure access across SEC enterprise networks. This role implements and maintains AAA services, integrates ISE with Microsoft Active Directory and Microsoft Entra ID, and enforces policy-based access for wired and wireless environments. The position advances the PWS zero-trust direction by strengthening identity-centric controls, reducing legacy authentication exposure, and supporting compliance with federal cybersecurity requirements. The engineer also supports incident resolution, operational monitoring, and SLA-driven service delivery for mission-critical SEC IT services.

Primary responsibilities

ISE Solution Architecture and Deployment 

- Design, implement, and administer Cisco ISE solutions to enforce network access control across SEC-managed enterprise environments. 

- Build and maintain ISE policy sets, authentication/authorization rules, and enforcement workflows for user and device onboarding. 

- Plan and execute ISE platform upgrades, patching, and optimization activities to maintain performance, resiliency, and service continuity. 

- Coordinate ISE architecture and implementation activities with network engineering teams supporting WAN, LAN, and WLAN services.

AAA and Identity Integration 

- Configure and manage AAA services using RADIUS and TACACS+ for secure access to network infrastructure and services. 

- Integrate Cisco ISE with Microsoft Active Directory and Microsoft Entra ID (Azure AD) to support centralized identity lifecycle and access governance. 

- Implement 802.1X authentication methods and NAC controls for wired and wireless endpoint access. 

- Align role-based access outcomes with enterprise identity and access management practices, including policy consistency and periodic access review support.

Zero-Trust and Security Compliance Enforcement 

- Translate zero-trust requirements into ISE enforcement policies for identity, device trust, and session-based access decisions. 

- Support implementation of SEC-directed control enforcement activities, including secure authentication methods and protection of data in transit. 

- Maintain configuration documentation, SOP inputs, and control evidence to support FISMA-aligned audits and ongoing authorization requirements. 

- Partner with cybersecurity and governance stakeholders to remediate access-control gaps and strengthen enterprise security posture.

Operations, Troubleshooting, and Service Delivery 

- Troubleshoot complex authentication, authorization, and network access issues across Cisco switching, routing, and wireless infrastructure. 

- Monitor ISE health, logs, and policy outcomes; proactively identify trends and implement corrective actions to reduce recurring incidents. 

- Participate in incident response and escalation workflows, including cross-team coordination for high-priority operational events. 

- Support SLA-focused reporting by capturing service data, documenting outcomes, and contributing to continuous service improvement.

Required qualifications

USA Citizenship required. 

Clearance: Ability to obtain and maintain SEC Public Trust (or higher if required). 

Education: Bachelors in a relevant field (e.g., Information Technology, Cybersecurity, Computer Science, Engineering).

Experience: 

- 5-7 years of experience in network engineering and/or security roles in enterprise environments. 

- 3+ years of hands-on experience implementing and managing Cisco ISE in production environments. 

- Experience integrating identity and access controls with Microsoft Active Directory and Microsoft Entra (Azure AD).

Technical Skills: 

- Cisco Identity Services Engine (ISE) design, deployment, policy management, and troubleshooting. 

- Strong knowledge of network protocols, including AAA protocols such as RADIUS and TACACS+, and 802.1X/NAC controls. 

- Wired and wireless network security best practices across Cisco network devices. 

- Enterprise security frameworks and zero-trust access control principles. 

- Incident analysis, root-cause troubleshooting, and operational documentation for SLA-driven support environments.

Preferred qualifications

- Experience supporting federal IT environments with FISMA/NIST-aligned security and compliance requirements. 

- Experience implementing certificate-based authentication, MFA/FIDO-aligned controls, and device trust policies in ISE. 

- Experience automating network security policy or reporting workflows using scripting or infrastructure automation tools. 

- Demonstrated success in 24x7 operational support environments with major incident escalation and cross-team bridge participation. 

- Cisco security certification(s) such as CCNP Security or Cisco Identity-focused specialist credentials. 

- CCNP Security 

- Cisco Certified Specialist - Security Identity Management Implementation (SISE) 

- CISSP

WORK ENVIRONMENT / OTHER

Operational Support: May require participation in on-call or surge support activities depending on operational needs. 

Location: Telework (subject to SEC/contract direction). 

Travel: As required per contract direction.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.