Network Security Engineer (Cisco ISE/NAC Network Access Control)
GruveFull Time
Dallas, Texas, United States; Edison, New Jersey, United StatesPosted 13 days ago
Job Description
<div class="content-intro"><p><strong>About Gruve</strong></p>
<p>Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.</p></div><p><strong>About the Role</strong></p>
<p><span class="TextRun SCXW175587887 BCX8" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW175587887 BCX8">The Network Security Engineer will join the US Solutions Delivery team, </span><span class="NormalTextRun SCXW175587887 BCX8">specializing in Cisco Identity Services Engine (ISE) and Network Access Control (NAC) deployments across enterprise customer environments. This is a hands-on, delivery-focused role centered on designing, implementing, and troubleshooting Cisco ISE-based NAC solutions including 802.1X, MAB, posture assessment, profiling, and guest services. The engineer also supports Cisco firewall platforms (ASA and FTD/NGFW) as a secondary discipline. The role owns assigned workstreams end-to-end — from lab validation through production cutovers — and works closely with architects, project managers, and customer stakeholders.</span></span><span class="EOP SCXW175587887 BCX8" data-ccp-props="{"335559739":120}"> </span></p>
<p><strong>Key Responsibilities</strong></p>
<p><strong><span data-contrast="auto">Cisco ISE / NAC Deployment & Operations </span></strong><span data-ccp-props="{"335559739":60}"> </span></p>
<ul>
<li><span data-contrast="auto">Design, deploy, and configure Cisco ISE for 802.1X wired/wireless, MAB, and CWA; manage policy sets, authentication/authorization, profiling, posture, and guest workflows end-to-end</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Integrate ISE with Active Directory, LDAP, PKI/CA, and MFA; manage distributed ISE deployments (PAN, PSN, MnT) with HA and scalability; deploy RADIUS/TACACS+ for network device administration</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Configure endpoint compliance/posture modules (AV, patch, OS); manage guest, sponsor portals, and BYOD onboarding; support TrustSec (SGT/SXP) segmentation</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Troubleshoot RADIUS failures, authentication timeouts, profiling inconsistencies, and policy mismatches with root cause analysis</span><span data-ccp-props="{"335559739":60}"> </span></li>
</ul>
<p><strong><span data-contrast="auto">Cisco Firewall Deployment & Operations:</span></strong><span data-ccp-props="{"335559739":60}"> </span></p>
<ul>
<li><span data-contrast="auto">Design, implement, and configure Cisco FTD and ASA firewalls, including HA setups and scalable architectures</span><span data-ccp-props="{}"> </span></li>
<li><span data-contrast="auto">Manage and optimize access control rules, NAT, security zones, and NGFW features IPS/IDS, URL filtering, Malware Policy, SSL decryption, and VPN (SSL/IPSec)</span><span data-ccp-props="{}"> </span></li>
<li><span data-contrast="auto">Troubleshoot firewall and VPN connectivity issues including NAT, routing, SSL/IPSec VPN failures, and policy-related problems</span><span data-ccp-props="{"335559739":60}"> </span></li>
</ul>
<p><strong><span data-contrast="auto">Execution & Coordination</span></strong><span data-ccp-props="{"335559738":100,"335559739":60}"> </span></p>
<ul>
<li data-leveltext="•" data-font="" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":630,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"•","469777815":"hybridMultilevel"}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="auto">Collaborate with architects, senior engineers, and project managers to ensure accurate, timely solution delivery, while actively participating in project discussions to understand requirements, scope, and deployment sequencing</span><span data-ccp-props="{}"> </span></li>
<li data-leveltext="•" data-font="" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":630,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"•","469777815":"hybridMultilevel"}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="auto">Take end-to-end ownership of assigned tasks, including escalation, root cause analysis (RCA), and issue resolution</span> <span data-ccp-props="{}"> </span></li>
</ul>
<p><strong><span data-contrast="auto">Documentation & Continuous Improvement</span></strong><span data-ccp-props="{"335559738":100,"335559739":60}"> </span></p>
<ul>
<li><span data-contrast="auto">Create and maintain comprehensive documentation including ISE policy matrices, network access diagrams, RADIUS/TACACS inventories, and operational runbooks</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Document firewall rules, VPN inventories, NAT tables, and change records for audit and compliance purposes</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Stay current on Cisco ISE releases, NAC trends, Zero Trust Network Access (ZTNA), and SASE architectures, applying new learnings to delivery work</span><span data-ccp-props="{"335559739":60}"> </span></li>
</ul>
<p><strong>Basic Qualifications</strong></p>
<ul>
<li><span data-contrast="auto">Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">3–5 years of cybersecurity experience with a strong focus on NAC and identity-based access control; 3+ years hands-on with Cisco ISE or similar NAC solutions (e.g., FortiNAC, Aruba ClearPass)</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Strong knowledge of 802.1X (EAP-TLS, PEAP, TEAP), certificate-based authentication, and integrations with AD, LDAP, PKI, and RADIUS/TACACS+</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">3+ years of hands-on experience with Cisco ASA/FTD firewalls (NGFW, VPN, NAT) or equivalent experience with third-party firewalls (Palo Alto, Fortinet, Check Point)</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Solid understanding of networking fundamentals: TCP/IP, DNS, DHCP, VLANs, trunking, and routing/switching</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Experience with Cisco Catalyst/Nexus switches for NAC enforcement (802.1X, MAB)</span><span data-ccp-props="{"335559739":60}"> </span></li>
<li><span data-contrast="auto">Willingness to travel across the U.S. to support deployments</span><span data-ccp-props="{"335559739":60}"> </span></li>
</ul>
<p><strong>Preferred Qualifications</strong></p>
<ul>
<li><span data-contrast="auto">CCNP Security or equivalent certification (ISE/NAC specialization preferred); CISSP, GIAC, or other security certifications a plus</span><span data-ccp-props="{"335559739":60,"335572079":6,"335572080":1,"335572081":4278190080,"469789806":"single"}"> </span></li>
<li><span data-contrast="auto">Experience with TrustSec/SGT/SXP, DUO MFA/ZTNA integration, Cisco Umbrella, and Cisco XDR</span><span data-ccp-props="{"335559739":60,"335572079":6,"335572080":1,"335572081":4278190080,"469789806":"single"}"> </span></li>
<li><span data-contrast="auto">Familiarity with SASE/Zero Trust architectures and security automation (Python, Ansible, APIs)</span><span data-ccp-props="{"335559739":60,"335572079":6,"335572080":1,"335572081":4278190080,"469789806":"single"}"> </span></li>
<li><span data-contrast="auto">Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, NIST); prior consulting or </span><span data-contrast="auto">professional services experience preferred.</span><span data-ccp-props="{"335559739":60,"335572079":6,"335572080":1,"335572081":4278190080,"469789806":"single"}"> </span></li>
</ul>
<p><strong>Salary Range </strong></p>
<p>$65,000 - $110,000 USD + Benefits </p>
<p> </p>
<p><em><strong>This is a full-time position with Gruve and is based onsite at our Edison, New Jersey office & Plano, Dallas Office. Please note that Gruve does not provide visa sponsorship for this role; candidates must be U.S. citizens.</strong></em></p>
<p> </p>
<p></p><div class="content-conclusion"><p><strong>Why Gruve</strong></p>
<p>At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.</p>
<p>Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.</p></div>
About Gruve
Gruve
gruve.ai
SecurityOn-site
Want AI-powered job matching?
Upload your resume and get every job scored, your resume tailored, and hiring manager emails found - automatically.
Get Started Free