senior-level Cisco ISE engineer

About RUSHIT LLC

RUSHIT LLC is a Managed IT Services and Cybersecurity firm serving federal government clients. We build lean, highly capable teams and put skilled engineers directly into mission-critical environments. We move fast, cut through bureaucracy, and get the right people in the right seats.

About the Role

RUSHIT is looking for a senior-level Cisco ISE engineer to step into an active federal engagement in Suitland, MD — immediately. This is a hands-on, on-site role supporting a federal agency's migration from ForeScout CounterACT to Cisco Identity Services Engine (ISE) as its primary network access control platform. You'll own the ISE environment end-to-end: policy design, AAA configuration, 802.1X, identity integrations, and Zero Trust alignment.

This role is not remote. It is not a desk job for someone who has only read about ISE. We will verify your skills through a live technical lab screening before an offer is extended.

What You'll Do

• Design, configure, and manage Cisco ISE across the federal environment, including RADIUS/TACACS+, 802.1X wired and wireless authentication, device administration, and posture policies.
• Lead the migration from ForeScout CounterACT to Cisco ISE — reviewing legacy policies, device groups, and access rules and mapping them into ISE policy sets.
• Integrate and maintain Cisco ISE with Active Directory and LDAP for identity lookups, group-based authorization, and directory-based authentication.
• Configure and support ISE integrations with Cisco 9800 Wireless LAN Controllers, including guest portals, wireless onboarding, and policy-driven access control.
• Manage certificate-based authentication (EAP-TLS) and PKI integrations.
• Troubleshoot authentication and access issues across RADIUS, TACACS+, 802.1X, and endpoint posture — including root cause analysis using ISE logs and syslog.
• Navigate firewall policies and switch configurations to diagnose and resolve network access issues independently.
• Perform health checks, upgrades, and migrations; document changes through SOPs, engineering designs, and implementation procedures.
• Support Zero Trust alignment through identity-centric segmentation, certificate management, and endpoint compliance controls.

What You Bring

This is not a one-tool role. Cisco ISE expertise must be backed by real, broad IT and networking depth. If basic networking questions trip you up, this isn't the right fit.

• 8+ years of experience in network security, with at least 4 years implementing, troubleshooting, and managing Cisco ISE in enterprise or government environments.
• Deep hands-on expertise in Cisco ISE: policy sets, authorization profiles, authentication rules, device profiling, posture checks, and certificate-based authentication.
• Experience with Cisco ISE deployed on Cisco SNS-3715 appliances, preferably in a clustered high-availability setup.
• Solid understanding of ForeScout CounterACT NAC/NAM — enough to map legacy policies and workflows into Cisco ISE.
• Strong networking fundamentals — VLANs, trunking, spanning tree, routing protocols, and ACLs. You can read a switch config and know what you're looking at.
• Hands-on experience navigating firewalls (Cisco, Palo Alto, Fortinet, or similar) — reading rules, tracing traffic flows, and collaborating on policy changes.
• Strong experience integrating ISE with Active Directory and LDAP for group-based policy and directory authentication.
• Experience supporting Cisco ISE with Cisco 9800 WLCs for wireless onboarding and guest access.
• 4+ years supporting identity-centric or Zero Trust architectures, including segmentation, certificate management, and endpoint posture controls.
• Strong communication skills — you can explain AAA, NAC, and Zero Trust to both technical peers and non-technical stakeholders.
• Bachelor's degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).
• Must be eligible to obtain a U.S. government Public Trust suitability determination — U.S. citizenship or Lawful Permanent Resident status required.

Preferred Qualifications

• Cisco CCNP Security, Cisco ISE Specialist, or equivalent identity/security certifications.
• Experience supporting PKI infrastructure and managing certificates in a federal environment.
• Prior experience in U.S. federal government IT environments.

Position Details

• Location: On-site — Suitland, Maryland (free parking provided)
• Compensation: Competitive hourly rate, commensurate with experience
• Start Date: Immediate

To apply, send your resume to crush@rushitllc.com with "Cisco ISE — Suitland" in the subject line.