About the RoleThe Network Security Engineer will join the US Solutions Delivery team, specializing in Cisco Identity Services Engine (ISE) and Network Access Control (NAC) deployments across enterprise customer environments. This is a hands-on, delivery-focused role centered on designing, implementing, and troubleshooting Cisco ISE-based NAC solutions including 802.1X, MAB, posture assessment, profiling, and guest services. The engineer also supports Cisco firewall platforms (ASA and FTD/NGFW) as a secondary discipline. The role owns assigned workstreams end-to-end - from lab validation through production cutovers - and works closely with architects, project managers, and customer stakeholders.
Key ResponsibilitiesCisco ISE / NAC Deployment & Operations - Design, deploy, and configure Cisco ISE for 802.1X wired/wireless, MAB, and CWA; manage policy sets, authentication/authorization, profiling, posture, and guest workflows end-to-end
- Integrate ISE with Active Directory, LDAP, PKI/CA, and MFA; manage distributed ISE deployments (PAN, PSN, MnT) with HA and scalability; deploy RADIUS/TACACS+ for network device administration
- Configure endpoint compliance/posture modules (AV, patch, OS); manage guest, sponsor portals, and BYOD onboarding; support TrustSec (SGT/SXP) segmentation
- Troubleshoot RADIUS failures, authentication timeouts, profiling inconsistencies, and policy mismatches with root cause analysis
Cisco Firewall Deployment & Operations: - Design, implement, and configure Cisco FTD and ASA firewalls, including HA setups and scalable architectures
- Manage and optimize access control rules, NAT, security zones, and NGFW features IPS/IDS, URL filtering, Malware Policy, SSL decryption, and VPN (SSL/IPSec)
- Troubleshoot firewall and VPN connectivity issues including NAT, routing, SSL/IPSec VPN failures, and policy-related problems
Execution & Coordination - Collaborate with architects, senior engineers, and project managers to ensure accurate, timely solution delivery, while actively participating in project discussions to understand requirements, scope, and deployment sequencing
- Take end-to-end ownership of assigned tasks, including escalation, root cause analysis (RCA), and issue resolution
Documentation & Continuous Improvement - Create and maintain comprehensive documentation including ISE policy matrices, network access diagrams, RADIUS/TACACS inventories, and operational runbooks
- Document firewall rules, VPN inventories, NAT tables, and change records for audit and compliance purposes
- Stay current on Cisco ISE releases, NAC trends, Zero Trust Network Access (ZTNA), and SASE architectures, applying new learnings to delivery work
Basic Qualifications- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
- 3-5 years of cybersecurity experience with a strong focus on NAC and identity-based access control; 3+ years hands-on with Cisco ISE or similar NAC solutions (e.g., FortiNAC, Aruba ClearPass)
- Strong knowledge of 802.1X (EAP-TLS, PEAP, TEAP), certificate-based authentication, and integrations with AD, LDAP, PKI, and RADIUS/TACACS+
- 3+ years of hands-on experience with Cisco ASA/FTD firewalls (NGFW, VPN, NAT) or equivalent experience with third-party firewalls (Palo Alto, Fortinet, Check Point)
- Solid understanding of networking fundamentals: TCP/IP, DNS, DHCP, VLANs, trunking, and routing/switching
- Experience with Cisco Catalyst/Nexus switches for NAC enforcement (802.1X, MAB)
- Willingness to travel across the U.S. to support deployments
Preferred Qualifications- CCNP Security or equivalent certification (ISE/NAC specialization preferred); CISSP, GIAC, or other security certifications a plus
- Experience with TrustSec/SGT/SXP, DUO MFA/ZTNA integration, Cisco Umbrella, and Cisco XDR
- Familiarity with SASE/Zero Trust architectures and security automation (Python, Ansible, APIs)
- Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, NIST); prior consulting or professional services experience preferred.
Salary Range $65,000 - $110,000 USD + Benefits
This is a full-time position with Gruve and is based onsite at our Edison, New Jersey office & Plano, Dallas Office. Please note that Gruve does not provide visa sponsorship for this role; candidates must be U.S. citizens. 
