Senior Network Security Engineer - Cisco ISE

How to ApplySend your resume to crush@rushitllc.com with "Cisco ISE — Suitland" in the subject line.Our Hiring ProcessWe take technical screening seriously. Every candidate goes through a live lab assessment to verify hands-on Cisco ISE skills before an offer is made. If you know your stuff, this is your chance to prove it — and stand out from the crowd.About RUSHIT LLCRUSHIT LLC is a Managed IT Services and Cybersecurity firm serving federal government clients. We build lean, highly capable teams and put skilled engineers directly into mission-critical environments. We move fast, cut through bureaucracy, and get the right people in the right seats.About the RoleRUSHIT is looking for a senior-level Cisco ISE engineer to step into an active federal engagement in Suitland, MD — immediately. This is a hands-on, on-site role supporting a federal agency's migration from ForeScout CounterACT to Cisco Identity Services Engine (ISE) as its primary network access control platform. You'll own the ISE environment end-to-end: policy design, AAA configuration, 802.1X, identity integrations, and Zero Trust alignment.This role is not remote. It is not a desk job for someone who has only read about ISE. We will verify your skills through a live technical lab screening before an offer is extended.What You'll Do• Design, configure, and manage Cisco ISE across the federal environment, including RADIUS/TACACS+, 802.1X wired and wireless authentication, device administration, and posture policies.• Lead the migration from ForeScout CounterACT to Cisco ISE — reviewing legacy policies, device groups, and access rules and mapping them into ISE policy sets.• Integrate and maintain Cisco ISE with Active Directory and LDAP for identity lookups, group-based authorization, and directory-based authentication.• Configure and support ISE integrations with Cisco 9800 Wireless LAN Controllers, including guest portals, wireless onboarding, and policy-driven access control.• Manage certificate-based authentication (EAP-TLS) and PKI integrations.• Troubleshoot authentication and access issues across RADIUS, TACACS+, 802.1X, and endpoint posture — including root cause analysis using ISE logs and syslog.• Navigate firewall policies and switch configurations to diagnose and resolve network access issues independently.• Perform health checks, upgrades, and migrations; document changes through SOPs, engineering designs, and implementation procedures.• Support Zero Trust alignment through identity-centric segmentation, certificate management, and endpoint compliance controls.What You BringThis is not a one-tool role. Cisco ISE expertise must be backed by real, broad IT and networking depth. If basic networking questions trip you up, this isn't the right fit.• 8+ years of experience in network security, with at least 4 years implementing, troubleshooting, and managing Cisco ISE in enterprise or government environments.• Deep hands-on expertise in Cisco ISE: policy sets, authorization profiles, authentication rules, device profiling, posture checks, and certificate-based authentication.• Experience with Cisco ISE deployed on Cisco SNS-3715 appliances, preferably in a clustered high-availability setup.• Solid understanding of ForeScout CounterACT NAC/NAM — enough to map legacy policies and workflows into Cisco ISE.• Strong networking fundamentals — VLANs, trunking, spanning tree, routing protocols, and ACLs. You can read a switch config and know what you're looking at.• Hands-on experience navigating firewalls (Cisco, Palo Alto, Fortinet, or similar) — reading rules, tracing traffic flows, and collaborating on policy changes.• Strong experience integrating ISE with Active Directory and LDAP for group-based policy and directory authentication.• Experience supporting Cisco ISE with Cisco 9800 WLCs for wireless onboarding and guest access.• 4+ years supporting identity-centric or Zero Trust architectures, including segmentation, certificate management, and endpoint posture controls.• Strong communication skills — you can explain AAA, NAC, and Zero Trust to both technical peers and non-technical stakeholders.• Bachelor's degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).• Must be eligible to obtain a U.S. government Public Trust suitability determination — U.S. citizenship or Lawful Permanent Resident status required.Preferred Qualifications• Cisco CCNP Security, Cisco ISE Specialist, or equivalent identity/security certifications.• Experience supporting PKI infrastructure and managing certificates in a federal environment.• Prior experience in U.S. federal government IT environments.Position Details• Location: On-site — Suitland, Maryland (free parking provided)• Compensation: Competitive hourly rate, commensurate with experience• Start Date: ImmediateTo apply, send your resume to crush@rushitllc.com with "Cisco ISE — Suitland" in the subject line.