Our client, a fast-growing Service-Disabled Veteran Owned Small Business providing full-service IT solutions to both federal and commercial clients is seeking a Comply to Connect Architect to lead architecture and design of Cisco ISE 3.x solutions (multi-node personas, PSN scaling, redundancy, PKI integration, backup/DR).

This architect will help design and develop an end-to-end C2C framework that aligns with DoD Zero Trust principles and security compliance requirements.

RESPONSIBILITIES:

- Map ISE capabilities (802.1X/EAP-TLS, MAB, profiling, posture, SGT/TrustSec, pxGrid, TACACS+) to DoD C2C controls and Zero Trust policies.
- Design and document high-level (HLD) and low-level (LLD) architectures, test plans, cutover/runbooks, and operational documentation.
- Work jointly with another architect to ensure consistent design standards and interoperability across the client's network segments.
- Support configuration, testing, and deployment of ISE-based NAC solutions across campus, data center, and wireless infrastructures.

Integrate ISE with adjacent tools and platforms, including:
a. SIEMs (Splunk/Elastic)
b. Next-Generation Firewalls
c. Endpoint Protection/EDR, MDM/UEM (Intune, JAMF)
d. Vulnerability Management (Tenable/ACAS)
e. ITSM platforms

- Support RMF/ATO documentation (SSP inputs, POA&Ms, control traceability).
- Act as the technical SME and primary liaison for client stakeholders, security teams, and third-party vendors.
- Participate in joint architecture reviews and cross-domain integration testing with USCG engineering teams.

Required Skills

- Must be US Citizen due to government clearance
- Active DoD Secret Clearance is required
- CCIE Security, CCNP Security, or Cisco ISE Specialist (preferred - not required)
- IAT Level III required (CCNP, CASP CE, CISA, CISSP).
- Minimum 7+ years of ISE design and deployment experience in DoD environments.
- Proven experience implementing DoD C2C solutions, including endpoint identification, compliance enforcement, and automated remediation workflows.

Technical Skills:
- 802.1X/EAP-TLS, supplicant configuration (Windows/macOS/Linux), MAB fallback, guest/BYOD posture and profiling.
- TrustSec/SGT design.
- pxGrid, ERS/REST APIs, Python automation.
- Enterprise PKI (DoD PKI/CAC, AD CS, SCEP/EST).
- Core routing/switching, TACACS+, wireless integration.
- Familiarity with DISA STIGs, RMF, ACAS/Tenable, and audit documentation.
- Scripting experience (Python, REST APIs), version control (Git), and Infrastructure-as-Code familiarity.