Cisco ISE Architect - DHS at CyKor, LLC

Alexandria, Virginia, United States -

Full Time

Start Date

Immediate

Expiry Date

02 Jun, 26

Salary

0.0

Posted On

04 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cisco ISE, Identity Services Engine, C2C, Zero Trust, 802.1X/EAP-TLS, MAB, SGT/TrustSec, pxGrid, TACACS+, HLD/LLD Documentation, PKI Integration, Splunk/Elastic, Intune/JAMF, Tenable/ACAS, Python Automation, Git

Industry

IT Services and IT Consulting

Description

Description CyKor is a fast-growing Service-Disabled Veteran Owned business providing full-service IT solutions to both federal and commercial clients. We attribute our continued growth to our core values, our professional team, and the valuable relationships with our clients. Our small and growing team fosters an environment in which each team member is respected, valued, and appreciated for their contributions. Role Overview: We are seeking a Cisco Identity Services Engine (ISE) Subject Matter Expert (SME) to support the design, development, testing, and deployment of Comply-to-Connect (C2C) identity and authorization solutions for DHS networks. This Architect will help design and develop an end-to-end C2C framework that aligns with DoD Zero Trust principles and security compliance requirements. Key Responsibilities: · Lead architecture and design of Cisco ISE 3.x solutions (multi-node personas, PSN scaling, redundancy, PKI integration, backup/DR). · Map ISE capabilities (802.1X/EAP-TLS, MAB, profiling, posture, SGT/TrustSec, pxGrid, TACACS+) to DoD C2C controls and Zero Trust policies. · Design and document high-level (HLD) and low-level (LLD) architectures, test plans, cutover/runbooks, and operational documentation. · Work jointly with another Architect to ensure consistent design standards and interoperability across USCG network segments. · Support configuration, testing, and deployment of ISE-based NAC solutions across campus, data center, and wireless infrastructures. · Integrate ISE with adjacent tools and platforms, including: o SIEMs (Splunk/Elastic) o Next-Generation Firewalls o Endpoint Protection/EDR, MDM/UEM (Intune, JAMF) o Vulnerability Management (Tenable/ACAS) o ITSM platforms · Support RMF/ATO documentation (SSP inputs, POA&Ms, control traceability). · Act as the technical SME and primary liaison for DHS stakeholders, security teams, and third-party vendors. · Participate in joint architecture reviews and cross-domain integration testing with DHS engineering teams. Requirements Active DoD Secret Clearance (or higher) IAT Level III certification such as CCIE Security, CCNP Security, or Cisco ISE Specialist / DoD 8570/8140: Security+ CE, CISSP, or CASP+ 7+ years of ISE design and deployment experience in DoD environments Proven experience implementing DoD C2C solutions, including endpoint identification, compliance enforcement, and automated remediation workflows Technical Skills: 802.1X/EAP-TLS, supplicant configuration (Windows/macOS/Linux), MAB fallback, guest/BYOD posture and profiling TrustSec/SGT design pxGrid, ERS/REST APIs, Python automation Enterprise PKI (DoD PKI/CAC, AD CS, SCEP/EST) Core routing/switching, TACACS+, wireless integration Familiarity with DISA STIGs, RMF, ACAS/Tenable, and audit documentation Scripting experience (Python, REST APIs), version control (Git), and Infrastructure-as-Code familiarity CyKor, LLC is an equal opportunity employer and values diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status, and will not be discriminated against on the basis of disability.

Responsibilities

The role involves leading the architecture, design, testing, and deployment of Cisco Identity Services Engine (ISE) solutions for Department of Homeland Security (DHS) networks, focusing on Comply-to-Connect (C2C) identity and authorization frameworks aligned with Zero Trust principles. This includes mapping ISE capabilities to DoD controls, designing high-level and low-level architectures, and integrating ISE with various adjacent security and IT platforms.