Cisco ISE Network Security Engineer

Location: Luton (20% onsite/80% remote)
Rate: £60-£65 per hour (Inside IR35)
Duration: 6 months
Security Clearance: BPSS required prior to start

We are seeking an experienced Cisco ISE Network Security Engineer to support the delivery of a unified Network Access Control (NAC) solution across a large enterprise environment. This project will enhance network security, standardise access control, and centralise policy management across multiple UK locations.

The successful candidate will play a key role in the deployment, configuration, testing, migration, and go-live activities associated with Cisco Identity Services Engine (ISE) appliances and services. This includes implementing approved low-level designs, migrating existing NAC services, and providing technical leadership throughout the deployment life cycle.

• Lead the deployment, configuration, and implementation of Cisco ISE solutions across enterprise environments.
• Implement Network Access Control (NAC) policies, including:
  • 802.1X authentication
  • MAC Authentication Bypass (MAB)
  • Guest access and onboarding workflows
• Configure and support Cisco ISE hardware appliances across multiple geographically dispersed sites.
• Integrate Cisco ISE with:
  • Cisco switching and wireless infrastructure
  • Firewalls
  • Microsoft Entra ID
  • Active Directory
• Perform functional, failover, and acceptance testing.
• Troubleshoot complex authentication and network access issues during deployment and early-life support.
• Design and implement guest access solutions, including captive portals, onboarding workflows, and sponsor portals.
• Collaborate with security teams to ensure compliance with organisational security policies.
• Produce and maintain technical documentation, including implementation guides, design documents, and operational procedures.
• Provide both remote and onsite support during deployment and post-implementation phases.
• Participate in incident response activities and root cause analysis investigations.
• Deliver knowledge transfer sessions and technical workshops to internal IT teams.

• Cisco Certified Network Professional (CCNP) preferred.
• CCNA candidates with extensive Cisco ISE implementation experience will also be considered.
• Cisco Fire Jumper Field Engineer Certification.

Candidates must demonstrate proven experience delivering Cisco ISE solutions with the following capabilities:

• Cisco ISE 3.x or later.
• High-availability deployments across multiple sites.
• 802.1X authentication for wired and wireless environments.
• MAC Authentication Bypass (MAB).
• Guest access and customised onboarding workflows.
• Integration with existing Cisco network infrastructure.
• Microsoft NPS integration and support.
• Multiple end-to-end Cisco ISE deployments, including migration of existing NAC services and devices.
• Experience working within large-scale, multi-site enterprise environments.

• Endpoint compliance and posture assessment within Cisco ISE.
• Device profiling and policy enforcement.
• Integration with third-party security solutions such as:
  • SIEM platforms
  • Mobile Device Management (MDM) solutions
  • Other security tooling

• Strong analytical and troubleshooting capabilities.
• Excellent communication and stakeholder engagement skills.
• Strong documentation and reporting abilities.
• Ability to work independently and within cross-functional teams.
• Comfortable operating in fast-paced, high-pressure project environments.