Network Access Control (NAC) Engineer

The Level 2 Network Security Engineer plays a key operational role in safeguarding the organization's network infrastructure. This position focuses on the configuration, monitoring, and maintenance of network security systems such as firewalls, VPNs, IPS/IDS, and secure gateways. The engineer is responsible for identifying and responding to security incidents, managing rule changes, and supporting secure network design in coordination with Level 3 engineers and security architects.

Responsibilities:

• Access Control & VPNs: Manage remote access and site-to-site VPNs, including configurations, troubleshooting, and usage auditing. Support NAC and segmentation policies within LAN/WAN environments.
• Design and Implementation: Develop and implement Cisco ISE solutions, including Authentication, Authorization, and Accounting (AAA) policies, configuring policy sets, network access policies, and integrating ISE with other systems like Active Directory, LDAP, and Certificate Authorities.
• Troubleshooting and Support: Serve as a subject matter expert for all Cisco ISE-related issues, including advanced troubleshooting of authentication failures, network access problems, and endpoint misclassifications. Analyze logs and packet captures to identify root causes and provide solutions.
• Policy Management: Create and enforce detailed network access policies (e.g., 802.1X, MAC Authentication Bypass, Guest and BYOD policies) to ensure a secure network posture, also involving defining and managing endpoint profiling and posture assessment rules.
• System Maintenance and Optimization: Regularly monitor ISE infrastructure performance, applying patches and software upgrades as needed along with capacity planning and tuning for scalability and reliability.
• Integration and Automation: Integrate Cisco ISE with other security solutions such as firewalls and Security Information and Event Management (SIEM) systems to provide a comprehensive security overview.
• Compliance & Best Practices: Ensure alignment with internal security policies and regulatory standards (e.g., ISO 27001, SAMA, NCA). Assist in compliance reporting and periodic audits.

Mandatory Skills:

• Typically, 3+ years of relevant work experience in the industry, with a minimum of 2 years in a similar role.
• Solid understanding of network protocols (TCP/IP, DNS, NAT, VPN, SSL/TLS).
• Proficiency in AAA methodologies and protocols like RADIUS and TACACS+ is mandatory.
• Experience with network access control (NAC) solutions and technologies such as 802.1X, MAB, and device profiling.
• Familiarity with log analysis, SIEM tools, and incident handling procedures.
• Basic scripting or automation skills (Python, Bash) are a plus.
• Strong analytical and problem-solving abilities.
• Clear communication skills, particularly when interacting with cross-functional teams.

Nice-to-Have Skills:

• Education & Certifications:
  • Bachelor's Degree in Network Engineering, Computer Engineering, or a related field.
  • Preferred certifications: Cisco CCNA (required), CCNP (preferred).
  • SD-WAN or Wireless certifications (Cisco, Aruba, etc.) are a plus.
  • Experience with firewalls (Palo Alto, Fortinet, Cisco ASA/FTD), IPS/IDS, and secure web gateways are a plus.

Working Conditions:

• On-call responsibilities for after-hours security events may be required.
• Occasional work with external vendors, audits, or compliance teams.
• Participation in periodic vulnerability assessments and penetration test reviews.

Languages:

• English: C2 Proficient