Skip to main content
Posted 12 June, 2026

Lead Systems Engineer - Cisco ISE

Societe Generale
India-Bangalore Full Time
Reference: 396_132173_26000559

Role Summary

We are seeking a Lead Network Engineer (NAC) to design, build, implement, and support enterprise Network Access Control (NAC) solutions using Cisco Identity Services Engine (ISE) and HPE Aruba ClearPass. The ideal candidate is a hands-on technical leader who can independently partner with stakeholders (Security, Network, Endpoint, Identity, and Business teams) to gather requirements, produce technical architecture and detailed designs, lead deployment and migration activities, and provide expert-level operational support.

Key Responsibilities

1) Stakeholder Engagement & Requirements Discovery

  • Independently drive discovery with Security, Network, Identity/IAM, Endpoint/Workplace, and Application stakeholders to capture:
    • NAC use cases (wired, wireless, VPN, guest/BYOD, IoT/OT)
    • Authentication/authorization models and business access needs
    • Compliance, privacy, audit, and operational constraints
  • Translate business and security requirements into clear technical outcomes, scope, and delivery plan.
  • Lead technical workshops and communicate design options, tradeoffs, and risks to technical and non-technical audiences.

2) Architecture, Design & Standards (HLD/LLD)

  • Own end-to-end NAC architecture and design for Cisco ISE and/or ClearPass including:
    • 802.1X and MAB strategies for endpoint identity
    • RADIUS/TACACS integration and policy structure
    • Identity sources (AD/LDAP, Entra ID where applicable), certificate-based auth (EAPTLS), posture checks
    • Guest access, BYOD onboarding, device profiling, and segmentation/role-based access
  • Define segmentation and enforcement models:
    • VLAN assignment, ACLs/dACLs, SGT/TrustSec (if applicable), dynamic roles, and quarantine workflows
  • Produce High-Level Designs (HLD), Low-Level Designs (LLD), network diagrams, test plans, cutover plans, and operational runbooks.
  • Establish NAC standards: policy taxonomy, naming conventions, exception handling, and onboarding processes.

3) Implementation, Migration & Delivery

  • Implement Cisco ISE and/or ClearPass end-to-end, including:
    • Policy sets/rules, authorization profiles, profiling, posture (if in scope)
    • Certificate services integration (PKI), EAP methods, supplicant strategies
    • Device onboarding flows (guest/BYOD), captive portal configuration
  • Integrate NAC with network infrastructure:
    • Switches and wireless controllers (Cisco/Aruba and multi-vendor environments)
    • RADIUS configurations, CoA (Change of Authorization), failover, redundancy
  • Plan and execute migrations:
    • Legacy AAA/NAC ISE/ClearPass
    • ClearPass ISE coexistence, phased rollouts, pilot-to-production scaling
  • Drive automation and repeatability for deployments (templates, APIs, scripting) where appropriate.

4) Operations, Support & Expert Troubleshooting (Run)

  • Provide L3/L4 operational support for production NAC services:
    • Authentication failures (EAPTLS/PEAP), RADIUS issues, certificate chain problems
    • Profiling inaccuracies, posture mismatches, VLAN/role assignment issues
    • Guest portal/onboarding failures and user experience problems
  • Lead incident management, change management, and problem management; perform root cause analysis (RCA) and drive permanent fixes.
  • Monitor health and performance of NAC infrastructure (nodes/cluster, services, latency, licensing).
  • Maintain and continuously improve documentation, dashboards, alerts, and SOPs.

5) Security, Compliance & Governance

  • Ensure NAC deployments align with security policies and regulatory requirements.
  • Support audits by providing evidence, architecture rationale, and control mappings.
  • Apply least-privilege access, robust authentication methods, and secure operational practices.

6) Technical Leadership & Mentoring

  • Act as the NAC SME for the organization.
  • Mentor and guide junior engineers; review designs and configurations.
  • Coordinate with vendors (Cisco/HPE) and internal stakeholders for escalations and roadmap enhancements.

Required Qualifications

  • 10 years of enterprise network/security engineering experience. Hands-on implementation/support experience with Cisco ISE and/or HPE Aruba ClearPass (both preferred).
  • Proven experience independently leading projects from requirements gathering through production rollout and support.
  • Strong expertise in:
    • 802.1X, EAP (EAPTLS/PEAP), RADIUS, TACACS
    • PKI/certificates (issuance, chain validation, revocation, renewal), supplicant behavior and deployment considerations
    • Wired/wireless access architectures, AAA integrations, NAC enforcement methods (VLAN/ACL/roles/SGT)
  • Advanced troubleshooting skills across:
    • Network (switching/wireless), identity (AD/LDAP), endpoint (Windows/macOS), certificates and authentication flows
  • Strong documentation and communication skills (HLD/LLD, runbooks, stakeholder updates).

Preferred / Nice-to-Have Skills

  • Experience with posture assessment and remediation workflows.
  • Experience with guest/BYOD portal branding and captive portal customization.
  • Experience with device profiling at scale (IoT/OT visibility and classification).
  • Multi-vendor NAC integrations (Cisco/Aruba/Juniper/FortiSwitch, etc.).
  • Automation using REST APIs, Python/PowerShell, Ansible/Terraform (where applicable).
  • Familiarity with Zero Trust and micro-segmentation approaches.

Education & Certifications (Preferred)

  • Bachelor's degree in CS/IT/Engineering or equivalent experience.
  • Preferred certifications (any):
    • Cisco: CCNP (Enterprise/Security), ISE-focused credentials (where applicable)
    • Aruba: ClearPass certification track
    • Security fundamentals: Security , CISSP (optional)
Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.