Cisco ISE / NAC Engineer

We are part of hiberus - one of the leading technology companies in Spain with a presence in over 14 countries, employing over 3,000 specialists and serving Clients all over the world.

We are professionals who have many years of experience in areas such as: IT, BI, project and enterprise management. We are characterized by high quality and efficiency of implemented projects by properly matching the candidate to the profile of the sought position and the organizational culture prevailing in the company. We currently cooperate with prestigious institutions in the areas of banking, finance, insurance, pharmacy, health care and tourism, both in Poland and abroad.

Partnership, reliability and transparency - these are the values that guide us in all our activities.

Must-have skills:

• Strong hands-on Cisco ISE (2.x/3.x): Policy Sets, authorization profiles, CoA, profiling; posture familiarity (AnyConnect)
• Strong in 802.1X/EAP (EAP-TLS, PEAP), RADIUS, MAB, certificate troubleshooting
• Experience integrating ISE with AD/LDAP and PKI/CA; ability to manage cert lifecycle safely
• Proven ability to integrate NAC with non-Cisco switching — specifically Arista (802.1X/MAB implementation patterns, edge cases)
• Comfortable working in environments using Check Point firewalls and understanding how segmentation intents translate to enforcement boundaries
• Practical automation experience: ISE REST API + scripting (Python) and/or Ansible; Git workflows

Nice to have:

• Experience designing identity-driven segmentation in heterogeneous networks (non-Cisco campus/core)
• Experience with compliance/regulatory environments and audit-ready documentation
• Familiarity with Zero Trust frameworks and operating models (exception governance, SoD, least privilege)

Responsibilities:

• Build a working Zero Trust segmentation model in ISE
• Define roles/attributes (users, devices, posture where applicable) and map them to clear access outcomes (e.g., VLAN/ACL/dACL assignments, enforcement hooks)
• Produce a policy matrix and standards that are easy to operate and audit
• Implement NAC on Arista (wired) with enterprise-grade stability
• Deploy/configure 802.1X + MAB patterns, NAD onboarding templates, CoA, profiling basics
• Ensure high availability/scaling of ISE and validate end-to-end flows (client ↔ Arista ↔ ISE ↔ AD/PKI)
• Integrate AnyConnect/VPN authentication and leverage posture signals where in scope
• Configure VPN AAA (RADIUS) and incorporate AnyConnect context (posture/attributes if used) into authorization
• Align remote access outcomes with the same segmentation intent as on-prem
• Align segmentation intent with Check Point enforcement and operational processes
• Define how NAC outcomes relate to enforcement boundaries and how exceptions are handled
• Establish governance: request/approval workflow, temporary exceptions with expiry, reporting
• Automate and operationalize the service
• Automate repetitive tasks (NAD onboarding, bulk policy object updates, reporting) using ISE REST APIs and scripting/Ansible; use Git where possible
• Deliver runbooks (operations + troubleshooting + certificate renewal), monitoring/alerting, backup/restore, upgrade plan