Strong consulting, discovery, requirements mapping, documentation, risk management, customer communication, change management (ITIL), and training/admin KT.
Requirements:
Lead end-to-end delivery of Cisco ISE and Firepower projects: discovery, high-level and low-level design, build, cutover, validation, documentation, and knowledge transfer; facilitate workshops; create SOW inputs and delivery artifacts.
Architect and deploy Cisco ISE in standalone and distributed personas with HA/scale; design 802.1X/MAB, device posture, SGTs, and integrate with AD/LDAP, PKI, Duo, and pxGrid; guide segmentation strategies.
Design and implement Cisco Firepower (FTD/FMC) including policy creation (Access Control, SSL decryption, intrusion policies), NAT, VPNs, HA/clustering; migrate from ASA to FTD with cutover/runbooks; SIEM integration.
Collaborate across Networking/Ecosystem; tie-in with Cisco security solutions (AnyConnect, Duo, Umbrella, SecureX); produce high-quality documentation, enablement, KT, and post-delivery hypercare; identify follow-on opportunities.
Job description
We’re seeking a client-facing Senior Technical Consultant with deep, hands-on expertise in Cisco Identity Services Engine (ISE) and Cisco Firepower Threat Defense/Firepower Management Center (FTD/FMC). You will design, implement, migrate, and optimize secure network access and perimeter/segmentation controls for enterprise customers. This role blends technical leadership, delivery ownership, and trusted-advisor consulting—across discovery, architecture, build, testing, knowledge transfer, and post-deployment support
What You’ll Do (Key Responsibilities)
Client Delivery & Consulting
Lead end-to-end delivery of Cisco ISE and Firepower projects: discovery, High-level Design (HLD), Low-level Design (LLD), build, cutover, validation, documentation, and knowledge transfer.
Facilitate workshops to gather requirements, assess current state, and map outcomes to best practices and security frameworks (e.g., Zero Trust, NIST).
Create SOW inputs (scope, assumptions, milestones) and delivery artifacts (migration plans, rollback plans, test plans, runbooks).
Cisco ISE (Core Focus)
Architect and deploy ISE in standalone and distributed personas (PAN/MnT/PSN), including HA and scale considerations.
Design 802.1X and MAB policies for wired/wireless, RADIUS/TACACS+ services, device profiling, posture assessment, and Guest/BYOD onboarding flows.
Build authorization policies using security group tags (SGT/TrustSec), dACLs, and dynamic VLANs; integrate with Active Directory/LDAP, PKI, Duo, and AnyConnect posture modules.
Implement pxGrid integrations with ecosystem tools (e.g., SIEM, EDR, NAC partners) and guide segmentation strategies.
Cisco Firepower – FTD/FMC (Core Focus)
Design and implement FTD (physical and virtual appliances) managed by FMC (HA, clustering, multi-context where applicable).
Build Access Control Policies, SSL decryption, Intrusion Policies, Malware, Security Intelligence, URL Filtering, and NAT; tune policies for efficacy/performance.
Understanding of IPsec (remote-access and site-to-site) IKEv1/IKEv2 and SSLVPN Secure Client/AnyConnect
Migrate from legacy ASA to FTD with structured policy rationalization and cutover/runbook planning.
Integrate FMC with external tools (e.g., ISE/pxGrid SGT, SIEM) and enable flow telemetry/Health/Correlation where appropriate.
Networking & Ecosystem (Plus)
Collaborate across switching/routing (OSPF/BGP, EVPN/VXLAN), Cisco WLC/Catalyst wireless for 802.1X/WPA2‑Enterprise/PSK transitions, and SD‑WAN/VPN contexts.
Tie-in with other Cisco security solutions (e.g., AnyConnect/Secure Client, Duo, Secure Endpoint (AMP), Umbrella, SecureX). Experience with other vendors’ firewalls/NAC is a bonus.
Quality, Documentation & Enablement
Produce high-quality HLD/LLD, as-built documents, security policy maps, and operational runbooks.
Conduct formal knowledge transfer (KT) and admin training; mentor junior consultants and collaborate with PMs on timeline/risk management.
Contribute to internal accelerators (validated designs, automation snippets, migration checklists).
Post‑Delivery & Continuous Improvement
Provide hypercare, root cause analysis, and optimization recommendations.
Identify follow-on opportunities and feed delivery insights into presales, solution architecture, and packaged offerings.
What You’ll Bring (Qualifications)
7+ years in network/security engineering with 3–5+ years delivering Cisco ISE and Cisco FTD/FMC in enterprise environments.
Proven delivery of multi‑site ISE and FTD projects (design through cutover), including HA, scale, and production operations.
