Firmenlogo

Senior Technical Consultant – Cisco Security presso Thinkahead

Thinkahead · India, India · Remote

Python

Microsoft Excel

Candidarsi ora

Description

We’re seeking a client-facing Senior Technical Consultant with deep, hands-on expertise in Cisco Identity Services Engine (ISE) and Cisco Firepower Threat Defense/Firepower Management Center (FTD/FMC). You will design, implement, migrate, and optimize secure network access and perimeter/segmentation controls for enterprise customers. This role blends technical leadership, delivery ownership, and trusted-advisor consulting—across discovery, architecture, build, testing, knowledge transfer, and post-deployment support

What You’ll Do (Key Responsibilities)

  • Client Delivery & Consulting

  • Lead end-to-end delivery of Cisco ISE and Firepower projects: discovery, High-level Design (HLD), Low-level Design (LLD), build, cutover, validation, documentation, and knowledge transfer.
  • Facilitate workshops to gather requirements, assess current state, and map outcomes to best practices and security frameworks (e.g., Zero Trust, NIST).
  • Create SOW inputs (scope, assumptions, milestones) and delivery artifacts (migration plans, rollback plans, test plans, runbooks).

    • Cisco ISE (Core Focus)

  • Architect and deploy ISE in standalone and distributed personas (PAN/MnT/PSN), including HA and scale considerations.
  • Design 802.1X and MAB policies for wired/wireless, RADIUS/TACACS+ services, device profiling, posture assessment, and Guest/BYOD onboarding flows.
  • Build authorization policies using security group tags (SGT/TrustSec), dACLs, and dynamic VLANs; integrate with Active Directory/LDAP, PKI, Duo, and AnyConnect posture modules.
  • Implement pxGrid integrations with ecosystem tools (e.g., SIEM, EDR, NAC partners) and guide segmentation strategies.

    • Cisco Firepower – FTD/FMC (Core Focus)

  • Design and implement FTD (physical and virtual appliances) managed by FMC (HA, clustering, multi-context where applicable).
  • Build Access Control Policies, SSL decryption, Intrusion Policies, Malware, Security Intelligence, URL Filtering, and NAT; tune policies for efficacy/performance.
  • Understanding of IPsec (remote-access and site-to-site) IKEv1/IKEv2 and SSLVPN Secure Client/AnyConnect
  • Migrate from legacy ASA to FTD with structured policy rationalization and cutover/runbook planning.
  • Integrate FMC with external tools (e.g., ISE/pxGrid SGT, SIEM) and enable flow telemetry/Health/Correlation where appropriate.

    • Networking & Ecosystem (Plus)

  • Collaborate across switching/routing (OSPF/BGP, EVPN/VXLAN), Cisco WLC/Catalyst wireless for 802.1X/WPA2‑Enterprise/PSK transitions, and SD‑WAN/VPN contexts.
  • Tie-in with other Cisco security solutions (e.g., AnyConnect/Secure Client, Duo, Secure Endpoint (AMP), Umbrella, SecureX). Experience with other vendors’ firewalls/NAC is a bonus.

    • Quality, Documentation & Enablement

  • Produce high-quality HLD/LLD, as-built documents, security policy maps, and operational runbooks.
  • Conduct formal knowledge transfer (KT) and admin training; mentor junior consultants and collaborate with PMs on timeline/risk management.
  • Contribute to internal accelerators (validated designs, automation snippets, migration checklists).

    • Post‑Delivery & Continuous Improvement

  • Provide hypercare, root cause analysis, and optimization recommendations.
  • Identify follow-on opportunities and feed delivery insights into presales, solution architecture, and packaged offerings.

    • What You’ll Bring (Qualifications)

  • 7+ years in network/security engineering with 3–5+ years delivering Cisco ISE and Cisco FTD/FMC in enterprise environments.
  • Proven delivery of multi‑site ISE and FTD projects (design through cutover), including HA, scale, and production operations.
  • Hands-on with:
  • ISE: 802.1X/MAB, RADIUS, TACACS+,Guest/BYOD, posture, profiling, SGT/TrustSec, dACLs, AD/LDAP, certificates/PKI, pxGrid, AnyConnect posture.
  • FTD/FMC: access control, SSL decryption, intrusion policies (Snort 3), NAT, VPNs, HA/clustering, policy tuning, logging/SIEM integration.
  • Solid L2/L3 networking fundamentals (VLANs, STP, routing protocols, VRF, QoS fundamentals); Wi-Fi 802.1X concepts.
  • Strong consulting skills: discovery, requirements mapping, documentation, risk management, customer communication, and executive level updates.
  • Experience with change management (ITIL), production cutovers, and rollback plans.
  • Excellent written/verbal communication; ability to lead workshops and train admins.

    • Preferred/Bonus
  • Relevant certifications (one or more highly desired): CCNP Security, Cisco Certified Specialist – ISE/Firepower, CCIE Security (written or lab), CISSP, GIAC (e.g., GPCS, GCIA, GSEC).
  • Experience with Duo, Secure Client/AnyConnect posture, Secure Endpoint (AMP), Umbrella, ISE SGT integration with FMC, and SecureX.
  • Cross vendor exposure (Palo Alto, Fortinet, Aruba ClearPass, Check Point, Juniper) and migration experience.
  • Scripting/automation for repeatability (e.g., Python, Ansible, REST APIs for FMC/ISE), Git basics, and templating mindset.
  • Exposure to Zero Trust segmentation, identity centric access, and compliance frameworks (NIST, CIS Controls, ISO 27001).
  • SIEM/EDR/SOAR integrations and incident response collaboration experience.

    • Success Metrics (KPIs)

  • On‑time, on budget delivery across assigned SOWs.
  • Adoption & Stability: Post-go-live incident rate, mean time to resolution, and policy efficacy (e.g., reduced false positives).
  • Quality: Artifact completeness (HLD/LLD/as-built/runbooks), peer reviews passed, and customer satisfaction (CSAT/NPS).
  • Knowledge Transfer: Customer admin readiness and KT scoring.
  • Practice Enablement: Reusable assets contributed; mentorship feedback.
  • Utilization: Billable utilization targets met while maintaining quality.

    • Sample Project Types You’ll Lead

  • Enterprise 802.1X rollout with ISE (wired/wireless), posture assessment, guest/BYOD, and SGT-based segmentation.
  • ASA-to-FTD migration including policy rationalization, NAT redesign, SSL decryption strategy, and high availability.
  • ISE pxGrid integration with FMC/SIEM/EDR for adaptive policy and threat response.
  • Zero Trust network access initiative mapping identities to SGTs and enforcing via TrustSec and FMC policies.

    • Education

  • Bachelors in computer science, Information Systems, Cybersecurity, or equivalent experience.
    • Candidarsi ora

    Altri lavori

    Firmenlogo

    Lead Software Engineer

    Turvo · Hyderabad,

    Firmenlogo

    Value Data Analyst

    Securecodewarrior · India,

    Firmenlogo

    Associate Manager, Customer Service

    Greenlight · Bengaluru,