Cisco ISE / NAC Engineer

O firmie: - We are part of hiberus - one of the leading technology companies in Spain with a presence in over 14 countries, employing over 3,000 specialists and serving Clients all over the world. - We are professionals who have many years of experience in areas such as: IT, BI, project and enterprise management. We are characterized by high quality and efficiency of implemented projects by properly matching the candidate to the profile of the sought position and the organizational culture prevailing in the company. We currently cooperate with prestigious institutions in the areas of banking, finance, insurance, pharmacy, health care and tourism, both in Poland and abroad. - Partnership, reliability and transparency - these are the values that guide us in all our activities. Zakres obowiązków: - 1) Build a working Zero Trust segmentation model in ISE - • Define roles/attributes (users, devices, posture where applicable) and map them to clear access outcomes (e.g., VLAN/ACL/dACL assignments, enforcement hooks). - • Produce a policy matrix and standards that are easy to operate and audit. - 2) Implement NAC on Arista (wired) with enterprise-grade stability - • Deploy/configure 802.1X + MAB patterns, NAD onboarding templates, CoA, profiling basics. - • Ensure high availability/scaling of ISE and validate end-to-end flows (client ↔ Arista ↔ ISE ↔ AD/PKI). - 3) Integrate AnyConnect/VPN authentication and leverage posture signals where in scope - • Configure VPN AAA (RADIUS) and incorporate AnyConnect context (posture/attributes if used) into authorization. - • Align remote access outcomes with the same segmentation intent as on-prem. - 4) Align segmentation intent with Check Point enforcement and operational processes - • Define how NAC outcomes relate to enforcement boundaries and how exceptions are handled. - • Establish governance: request/approval workflow, temporary exceptions with expiry, reporting. - 5) Automate and operationalize the service - • Automate repetitive tasks (NAD onboarding, bulk policy object updates, reporting) using ISE REST APIs and scripting/Ansible; use Git where possible. - • Deliver runbooks (operations + troubleshooting + certificate renewal), monitoring/alerting, backup/restore, upgrade plan