Senior Technical Consultant – Cisco Security

We’re seeking a client-facing Senior Technical Consultant with deep, hands-on expertise in Cisco Identity Services Engine (ISE) and Cisco Firepower Threat Defense/Firepower Management Center (FTD/FMC). You will design, implement, migrate, and optimize secure network access and perimeter/segmentation controls for enterprise customers. This role blends technical leadership, delivery ownership, and trusted-advisor consulting—across discovery, architecture, build, testing, knowledge transfer, and post-deployment support What You’ll Do (Key Responsibilities)

Client Delivery & Consulting

Lead end-to-end delivery of Cisco ISE and Firepower projects: discovery, High-level Design (HLD), Low-level Design (LLD), build, cutover, validation, documentation, and knowledge transfer.

Facilitate workshops to gather requirements, assess current state, and map outcomes to best practices and security frameworks (e.g., Zero Trust, NIST).

Create SOW inputs (scope, assumptions, milestones) and delivery artifacts (migration plans, rollback plans, test plans, runbooks).

Architect and deploy ISE in standalone and distributed personas (PAN/MnT/PSN), including HA and scale considerations.

Design 802.1X and MAB policies for wired/wireless, RADIUS/TACACS+ services, device profiling, posture assessment, and Guest/BYOD onboarding flows.

Build authorization policies using security group tags (SGT/TrustSec), dACLs, and dynamic VLANs; integrate with Active Directory/LDAP, PKI, Duo, and AnyConnect posture modules.

Implement pxGrid integrations with ecosystem tools (e.g., SIEM, EDR, NAC partners) and guide segmentation strategies.

Design and implement FTD (physical and virtual appliances) managed by FMC (HA, clustering, multi-context where applicable).

Build Access Control Policies, SSL decryption, Intrusion Policies, Malware, Security Intelligence, URL Filtering, and NAT; tune policies for efficacy/performance.

Understanding of IPsec (remote-access and site-to-site) IKEv1/IKEv2 and SSLVPN Secure Client/AnyConnect

Migrate from legacy ASA to FTD with structured policy rationalization and cutover/runbook planning.

Integrate FMC with external tools (e.g., ISE/pxGrid SGT, SIEM) and enable flow telemetry/Health/Correlation where appropriate.

Collaborate across switching/routing (OSPF/BGP, EVPN/VXLAN), Cisco WLC/Catalyst wireless for 802.1X/WPA2‑Enterprise/PSK transitions, and SD‑WAN/VPN contexts.

Tie-in with other Cisco security solutions (e.g., AnyConnect/Secure Client, Duo, Secure Endpoint (AMP), Umbrella, SecureX). Experience with other vendors’ firewalls/NAC is a bonus.

Produce high-quality HLD/LLD, as-built documents, security policy maps, and operational runbooks.

Conduct formal knowledge transfer (KT) and admin training; mentor junior consultants and collaborate with PMs on timeline/risk management.

Contribute to internal accelerators (validated designs, automation snippets, migration checklists).

Provide hypercare, root cause analysis, and optimization recommendations.

Identify follow-on opportunities and feed delivery insights into presales, solution architecture, and packaged offerings.

What You’ll Bring (Qualifications)

7+ years in network/security engineering with 3–5+ years delivering Cisco ISE and Cisco FTD/FMC in enterprise environments.

Proven delivery of multi‑site ISE and FTD projects (design through cutover), including HA, scale, and production operations.

Hands-on with:

ISE: 802.1X/MAB, RADIUS, TACACS+,Guest/BYOD, posture, profiling, SGT/TrustSec, dACLs, AD/LDAP, certificates/PKI, pxGrid, AnyConnect posture.

FTD/FMC: access control, SSL decryption, intrusion policies (Snort 3), NAT, VPNs, HA/clustering, policy tuning, logging/SIEM integration.

Solid L2/L3 networking fundamentals (VLANs, STP, routing protocols, VRF, QoS fundamentals); Wi-Fi 802.1X concepts.

Strong consulting skills: discovery, requirements mapping, documentation, risk management, customer communication, and executive level updates.

Experience with change management (ITIL), production cutovers, and rollback plans.

Excellent written/verbal communication; ability to lead workshops and train admins.

Relevant certifications (one or more highly desired): CCNP Security, Cisco Certified Specialist – ISE/Firepower, CCIE Security (written or lab), CISSP, GIAC (e.g., GPCS, GCIA, GSEC).

Experience with Duo, Secure Client/AnyConnect posture, Secure Endpoint (AMP), Umbrella, ISE SGT integration with FMC, and SecureX.

Cross vendor exposure (Palo Alto, Fortinet, Aruba ClearPass, Check Point, Juniper) and migration experience.

Scripting/automation for repeatability (e.g., Python, Ansible, REST APIs for FMC/ISE), Git basics, and templating mindset.

Exposure to Zero Trust segmentation, identity centric access, and compliance frameworks (NIST, CIS Controls, ISO 27001).

SIEM/EDR/SOAR integrations and incident response collaboration experience.

Success Metrics (KPIs)

On‑time, on budget delivery across assigned SOWs.

Adoption & Stability: Post-go-live incident rate, mean time to resolution, and policy efficacy (e.g., reduced false positives).

Quality: Artifact completeness (HLD/LLD/as-built/runbooks), peer reviews passed, and customer satisfaction (CSAT/NPS).

Knowledge Transfer: Customer admin readiness and KT scoring.

Practice Enablement: Reusable assets contributed; mentorship feedback.

Utilization: Billable utilization targets met while maintaining quality.

Sample Project Types You’ll Lead

Enterprise 802.1X rollout with ISE (wired/wireless), posture assessment, guest/BYOD, and SGT-based segmentation.

ASA-to-FTD migration including policy rationalization, NAT redesign, SSL decryption strategy, and high availability.

ISE pxGrid integration with FMC/SIEM/EDR for adaptive policy and threat response.

Zero Trust network access initiative mapping identities to SGTs and enforcing via TrustSec and FMC policies.

Education

Bachelors in computer science, Information Systems, Cybersecurity, or equivalent experience.