Solutions Architect , AI Infrastructure & Cybersecurity

About GruveGruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.About The RoleThe Solutions Architect will be a part of the US Solutions Delivery team and is responsible for leading planning, deployment, and validation of Cisco ISE-based segmentation across enterprise campus environments of our customer, on-site at the customer location. This role is delivery-focused and security-first - combining deep expertise in identity-based access control with hands-on policy engineering and enforcement validation. The architect ensures segmentation architectures are operationally sound, scalable, and Day-2 ready, while coordinating closely with customer network, security, and endpoint teams. The ideal candidate holds CCIE Security-level expertise and brings 8–10 years of hands-on experience in Cisco security and network segmentation.Key ResponsibilitiesSegmentation Design & DeploymentDrive rollout of ISE-based segmentation across the campus environmentDeploy and operationalize TrustSec / Security Group Tag (SGT) policy architectureDefine, validate, and troubleshoot SGACLs, authorization policies, profiling rules, and enforcement workflowsIntegration & TroubleshootingIntegrate Cisco ISE with switches, wireless controllers, VPN concentrators, and security platformsOptimize and troubleshoot 802.1X, MAB, profiling, posture, TrustSec, and pxGrid.Validate endpoint classification, policy assignment, and segmentation enforcement across user, device, and application traffic flowsExecution & CoordinationCoordinate testing, pilot execution, phased migration, and production cutover activitiesIdentify and resolve deployment issues, policy conflicts, authentication failures, and enforcement gaps in partnership with customer stakeholdersSupport Cisco Catalyst Center integration and automation workflowsHandover & DocumentationExecute change implementation following customer change management processesDeliver operational handover documentation, runbooks, and knowledge transfer sessionsBasic Qualifications8–10 years in Cisco security engineering, network segmentation, or architecture rolesExpert-level knowledge of Cisco ISE — deployment, policy design, TrustSec/SGT, and administrationCCIE Security certification or equivalent demonstrated expertise (CCNP Security + deep ISE specialization considered)Hands-on with 802.1X, MAB, profiling, posture, pxGrid, and Catalyst Center for wired and wireless environmentsProven experience in customer-facing architecture, consulting, or delivery leadershipGood understanding of networking basics — routing, switching, VLANs, TCP/IP, along with general knowledge of campus networkingPreferred QualificationsKnowledge of Cisco Secure Firewall / Next-Generation Firewall (NGFW)Cisco Catalyst Center — network device management, zero-touch provisioning, software image management (SWIM), automation workflows, network assurance, and ISE integrationCISSP, GIAC, or other industry-recognized security certificationsExperience with security automation and scripting (Python, Ansible, APIs)Knowledge of Cisco Secure Access, Umbrella, or XDR platforms; familiarity with compliance frameworks (PCI-DSS, HIPAA, SOC 2, GDPR)Salary Range$‍150,000 - $175,000 USDWhy GruveAt Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.