Senior Network Security Architect (Cisco ISE & TrustSec)- 10670642

Job Opportunity: Senior Network Security Architect (Cisco ISE & TrustSec)

Location: Eindhoven, Netherlands (TNDL)

Experience Level: 6–8 Years

Start Date: ASAP

Duration: 6 Months (Contract/Project-based)

Role Overview

We are seeking a highly skilled Senior Network Security Architect with a deep specialization in Cisco Identity Services Engine (ISE) and Cisco TrustSec. This role is pivotal in driving our transition toward a Zero Trust architecture across the enterprise LAN. You will lead the design and implementation of sophisticated sub-segmentation strategies, utilizing SGTs and SXP to ensure granular security and optimized traffic engineering.

Key Responsibilities

• Zero Trust Design: Architect and lead the sub-segmentation strategy for the enterprise LAN, focusing on achieving a robust Zero Trust security posture.
• ISE Deployment: Deploy and manage complex ISE Policy Sets, Profiling, and Posturing to enforce strict identity-based access control.
• Segmentation & Enforcement: Implement and manage Scalable Group Tags (SGTs) and SGACLs to enforce granular security policies across the global campus network.
• Traffic Engineering: Design and implement SGT-aware Policy Based Routing (PBR) for intelligent traffic steering and role-based path selection (e.g., isolating IoT, Guest, and Corporate traffic).
• Hybrid Integration: Utilize SGT Exchange Protocol (SXP) to extend TrustSec policies to legacy or non-capable hardware, maintaining a consistent SGT-to-IP mapping database.
• Legacy & Multi-Tier Support: Configure Inline Tagging and ensure seamless SGT propagation across multi-tier LAN environments.
• Tier-3 Escalation: Serve as the final technical authority for complex authentication, authorization, and SGT propagation issues.
• Documentation & Compliance: Author Standard Operating Procedures (SOPs) and Work Instructions. Ensure all network access policies meet corporate audit and regulatory compliance standards.

Technical Requirements

Must-Have Qualifications

• Certification: CCNP Enterprise (or higher) with proven hands-on experience in Cisco ISE.
• Core Security Expertise: Deep understanding of Identity-Based Networking, including 802.1X, Profiling, and Posturing.
• TrustSec Mastery: Proven experience in TrustSec deployment, including SGT-based PBR for traffic steering and role-based path selection.
• Network Integration: Hands-on experience configuring Inline Tagging and SGT propagation across multi-tier LAN environments.
• Routing & Switching: Advanced Layer 3 routing skills (OSPF and BGP) and Layer 2 switching expertise (STP, VTP, and StackWise).

Good-to-Have Skills

• Specialized Certification: Cisco Certified Specialist – Security Identity Management (SISE).
• Next-Gen Networking: Experience with Cisco DNA Center / Catalyst Center (SD-Access) for automated segmentation.
• Automation: Knowledge of Python or Ansible for automating SGT policy updates.
• Encryption: Familiarity with MACsec (802.1AE) encryption within a TrustSec domain.

Candidate Profile

• Experience: 6–8 years of hands-on experience in large-scale network security environments, specifically focusing on Cisco's security portfolio.
• Expertise: Proven track record of deploying TrustSec in complex, multi-tier architectures.
• Analytical Skills: Strong ability to troubleshoot deep-seated protocol issues within identity-based networking.
• Communication: Fluent in English; capable of leading technical discussions and mentoring junior engineers.

Work Environment

Based in the technology hub of Eindhoven, you will work within a high-performance team dedicated to securing enterprise infrastructure through cutting-edge Cisco technologies. This role offers the opportunity to be the primary architect of a modern, segmented network environment.