Senior Network Security Engineer with Security Clearance

About Tria Federal

Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. For two decades, federal agencies have relied on Tria companies to advance their critical missions and modernize their systems, so that they can uphold their commitment to the American people. Today, we are pushing the boundaries of possibility through partnerships and investments in artificial intelligence and emerging technologies, developing solutions for the biggest challenges that government will face tomorrow.

We are proud to employ and support military veterans who bring mission-first mindset, technical expertise, and leadership qualities that strengthen our work. Veterans, transitioning service members, and military spouses are strongly encouraged to apply.

Senior Network Security Engineer

Tria Federal is seeking a Senior Network Security Engineer to support the agency as it moves away from its legacy Fore Scout Counter ACT NAC/NAM system and adopts Cisco Identity Services Engine (ISE) as the new access‑control platform. The engineer will help configure and manage Cisco ISE across the environment, handling AAA services, wired and wireless 802.1X authentication, device administration, and posture checks for users and devices. This role also supports the agency's modernization work by improving authentication processes, updating ISE policies, and strengthening identity-based access controls.

The engineer will troubleshoot access issues, refine policy designs, and help ensure users and devices can connect securely and reliably as the organization completes its transition from Fore Scout to Cisco ISE.

Basic Requirements

• Senior Network Security Engineer responsible for designing, configuring, monitoring, and troubleshooting Cisco ISE as a NAC/NAM platform, including TACACS+/RADIUS services, device administration policies, and wired/wireless 802.1X authentication.
• Experience working with Cisco ISE deployed on Cisco SNS‑3715 appliances, preferably in a two‑node clustered, high‑availability setup.
• Understanding of Fore Scout Counter ACT, including legacy NAC/NAM policies, device classification, and access workflows, to support the migration to Cisco ISE.
• Experience providing general wireless network support, including basic troubleshooting, controller interactions, and wireless access workflows.
• Hands‑on experience integrating Cisco ISE with Active Directory (AD) and LDAP, including identity lookups, group‑based policy decisions, and directory‑based authentication.
• Eight (8) years of experience in a large government organization with five (5) years in technical leadership, including four (4) years implementing and troubleshooting Cisco ISE with expertise in:
  • Authentication and authorization policies (RADIUS/TACACS+)
  • 1X/EAP methods for wireless and wired access
  • Device profiling, posture checks, and endpoint compliance
  • Certificate‑based authentication (EAP‑TLS) and PKI integration
  • AAA integrations for switches, appliances, firewalls, and wireless controllers
• Experience supporting Cisco ISE integrations with Cisco 9800 Wireless LAN Controllers, including guest/registration page redirection and wireless onboarding.
• Experience migrating legacy NAC, RADIUS, or device authentication systems into Cisco ISE while aligning with Zero Trust principles.
• Four (4) years of experience supporting identity‑centric or Zero Trust architectures with strong knowledge of segmentation, certificate management, and endpoint posture controls.
• Solid understanding of telecommunications, network security, and Zero Trust best practices.
• Strong communication skills with the ability to explain Cisco ISE, NAC/NAM, and AAA concepts to both technical and non‑technical audiences.
• Bachelor's degree in Information Technology, Cybersecurity, or a related field.
• Preferred certifications: Cisco CCNP Security, Cisco ISE Specialist, or similar identity/security certifications.

Responsibilities

• Troubleshoot and resolve Cisco ISE issues across RADIUS, TACACS+, 802.1X, device administration, and endpoint authentication.
• Deploy, configure, and…