Cisco ISE Engineer

We are seeking an expert-level Cisco ISE Subject Matter Expert to support the U.S. Africa Command (AFRICOM) mission. This role serves as the primary technical authority for a large-scale, distributed Cisco ISE deployment. The focus is on securing the DoD enterprise network through advanced Identity and Access Management, Zero Trust architecture, and endpoint compliance. The successful candidate will ensure secure, policy-driven access across a highly classified, globally dispersed infrastructure, serving as the cornerstone for the command's Zero Trust transformation.

Key Duties & Responsibilities

• Zero Trust Architecture (ZTA) Execution: Architect and deploy Zero Trust Network Access (ZTNA) principles using Cisco ISE to strictly enforce least-privilege access across the enterprise network.
• Continuous Trust Verification: Develop and maintain dynamic, context-aware access policies that continuously evaluate user identity, device posture, location, and telemetry before granting or maintaining network access.
• Micro-Segmentation for ZTA: Engineer and maintain Cisco TrustSec, Security Group Tags (SGTs), and Security Group Access Control Lists (SGACLs) to contain lateral movement and enforce granular network segmentation.
• DoD ZT Alignment: Ensure all ISE integrations directly support the "Identity" and "Device" pillars of the DoD Zero Trust Reference Architecture.
• ISE Architecture: Design, deploy, and manage multi-node, distributed Cisco ISE deployments including Policy Administration (PAN), Monitoring (MnT), Policy Service (PSN), and pxGrid nodes.
• Network Access Control: Implement and troubleshoot 802.1X, MAC Authentication Bypass (MAB), and WebAuth across enterprise wired, wireless, and VPN infrastructures.
• Device Administration: Manage TACACS+ for centralized network device administration and strict role-based access control (RBAC).
• Endpoint Profiling & Posture: Configure advanced endpoint profiling and deep posture assessments to ensure only compliant DoD devices can connect to mission-critical enclaves.
• Integrations: Integrate ISE with external identity stores (Active Directory, LDAP), Public Key Infrastructure (PKI), Mobile Device Management (MDM), and SIEM platforms.
• Mission Support: Perform complex packet-level troubleshooting (RADIUS, EAP-TLS, EAP-TEAP) to resolve authentication failures and ensure continuous AFRICOM mission readiness.

Required Qualifications (TESA Standards)

To satisfy the Technical Expert criteria, candidates must meet one of the following education/experience paths:

• Bachelor's Degree in a technical discipline plus 3+ years of relevant technical experience.
• Associate's Degree in a technical discipline plus 7+ years of relevant technical experience.
• A minimum of 11+ years of specialized, relevant technical experience in lieu of a degree.

Additional Core Requirements:

• Clearance: Must possess an active Top Secret security clearance.
• Compliance: Must meet DoD 8570/8140 IAT Level II baseline certification (e.g., Security+ CE).
• Specialized Expertise: Minimum of 5 years of hands-on engineering experience dedicated to Cisco ISE, NAC, and AAA protocols.
• Protocol Mastery: Deep understanding of RADIUS, TACACS+, EAP protocols (specifically EAP-TLS and TEAP), and PKI certificate lifecycles.

Preferred Qualifications

• Specific Cisco Certifications such as CCNP Security (specifically the SISE 300-715 exam) or CCIE Security.
• Familiarity with the DoD Zero Trust Strategy and related architecture pillars.
• Experience with Cisco DNA Center (Catalyst Center) and Software-Defined Access (SDA) integrations.
• Scripting experience using Python or REST APIs for automating ISE policy deployments and endpoint management.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

Original Posting:

June 2, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $87,100.00 - $157,450.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.