Senior Network Administrator NAC ARP Guard

Job Title

Senior Network Administrator Network Access Control (ARP Guard)

Experience Required

Minimum 6+ years in enterprise network administration with strong hands‑on NAC exposure using ARP Guard tools.

Location

Onsite / Hybrid (as per organization policy)

Employment Type

Full‑time, Senior Technical Role

Role Summary

The Senior Network Administrator (NAC ARP Guard) is responsible for end‑to‑end ownership of Network Access Control built on ARP Guard tooling, including greenfield installs, configuration baselining, policy design, production administration, high availability/clustering, incident response, troubleshooting, periodic audits, and secure decommissioning.

The role interfaces closely with security, endpoint, server, and service desk teams to ensure only compliant, identified, and authorized devices connect to the network while maintaining user experience and uptime SLAs.

Key Responsibilities

• 1) NAC Installation & Core Configuration (ARP Guard)

Plan and perform fresh installations/upgrades of ARP Guard servers, sensors, and collectors across campus/branch environments.

Integrate ARP Guard with network infrastructure (switches, WLAN controllers, firewalls) and directory/IdM (e.g., AD/LDAP) as required.

Define discovery scopes for subnets/VLANs, asset identification, profiling, and rogue device detection.

Configure authorized device lists (allow/deny), MAC/OUI recognition, and exception handling workflows.

• 2) Policy, Enforcement & Segmentation

Design and maintain NAC enforcement policies leveraging ARP inspection, DHCP snooping inputs, switch port controls, and quarantine/VLAN assignment.

Implement network admission, remediation flows, and guest/contractor onboarding aligned to security standards.

Coordinate with network/security teams to map enforcement to segmentation (access, user, device, IoT, printer).

• 3) High Availability, Clustering & Scalability

Deploy and administer ARP Guard in HA/clustered topologies (active/standby or loadshared) with appropriate failover testing and runbooks.

Plan capacity for endpoints, events per second, and growth; tune polling intervals and database retention windows.

• 4) Operations, Monitoring & Maintenance

Operate ARP Guard daily: dashboard reviews, alarms triage, endpoint posture exceptions, and change requests.

Maintain integrations with SIEM/Log platforms (syslog) and ITSM for incident/ticket automation.

Perform platform patching, signature/OUI updates, backup/restore tests, and configuration version control.

Maintain accurate documentation: HLD/LLD, SOPs/MoPs/EOPs, asset lists, IP/VLAN maps, and enforcement matrices.

• 5) Troubleshooting & Incident Response

Lead L2/L3 troubleshooting for endpoint onboarding failures, unauthorized device blocks, false positives, and network reachability issues.

Analyze ARP tables, CAM/MAC address tables, switchport counters, and ARP Guard logs to identify root causes.

Coordinate with switching, wireless, and endpoint teams to validate remediation; create RCA with preventive actions.

• 6) Security & Compliance

Enforce least‑privilege administration, credential vaulting, and audit logging for ARP Guard and integrated systems.

Support internal/external audits: access reviews, policy evidence, and control effectiveness reporting.

Ensure data retention, privacy considerations, and legal/contractual compliance for device tracking metadata.

• 7) Network Administration (Core Complementary Skills)

Administer access‑layer switching (port security, DHCP snooping, dynamic ARP inspection where applicable).

Support wireless access onboarding (802.1X/portal) in coordination with WLAN teams; basic RADIUS/PKI familiarity is a plus.

Assist firewall teams with zoning and rule reviews for NAC services and quarantine networks.

• 8) Decommissioning & Lifecycle Management

Plan and execute decommission of ARP Guard or legacy NAC stacks: policy migration, device reclassification, and rollback plans.

Archive logs and reports; sanitize configurations; remove network dependencies (SPAN, SNMP, syslog, API keys).

Update CMDB, runbooks, and handover artifacts; obtain formal change closure.

Required Skills & Qualifications

• 6+ years overall network administration with at least 3+ years focused on NAC/ARP Guard in production.
• Hands‑on with ARP Guard components, policy creation, enforcement modes, and HA setups.
• Strong understanding of L2/L3 networking: VLANs, STP, trunking, ARP, DHCP, routing basics, multicast/IGMP.
• Working knowledge of switch OS (Cisco/Aruba/Juniper or equivalent), WLAN controllers, and Windows/Linux endpoints.
• Experience integrating with identity stores (AD/LDAP), SIEM, and ITSM tools (ServiceNow, Remedy, Jira).
• Proficiency in change/incident/problem (ITIL) and disciplined documentation.

Preferred Skills

• Experience with 802.1X/EAPTLS, RADIUS, and certificate lifecycle.
• Scripting/automation (Python, PowerShell, Bash) for bulk operations and reporting.
• Exposure to zero‑trust segmentation approaches and NAC alternatives.

Certifications (Preferred)

• Network: CCNA/CCNP, JNCIA/JNCIS, Aruba ACNSA/ACSP, or equivalent.
• Security/ITIL: Security+/CySA+/ITIL Foundation.

Apply Link –

https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-240944

Behavioral Competencies

• Customer‑first mindset, strong ownership and urgency.
• Excellent written and verbal communication across technical and non‑technical stakeholders.
• Analytical, detail‑oriented, and calm under pressure.

Shift & Availability

• Business hours with on‑call rotation for critical incidents.
• Availability for planned change windows, DR/HA tests, and audits.