Network Security Engineer

About the Company: The Level 2 Network Security Engineer plays a key operational role in safeguarding the organization's network infrastructure. This position focuses on the configuration, monitoring, and maintenance of network security systems such as firewalls, VPNs, IPS/IDS, and secure gateways. The engineer is responsible for identifying and responding to security incidents, managing rule changes, and supporting secure network design in coordination with Level 3 engineers and security architects.About the Role: A short paragraph summarizing the key role responsibilities.Responsibilities:Access Control & VPNs: Manage remote access and site-to-site VPNs, including configurations, troubleshooting, and usage auditing. Support NAC and segmentation policies within LAN/WAN environments.Design and Implementation: Develop and implement Cisco ISE solutions, including Authentication, Authorization, and Accounting (AAA) policies, configuring policy sets, network access policies, and integrating ISE with other systems like Active Directory, LDAP, and Certificate Authorities.Troubleshooting and Support: Serve as a subject matter expert for all Cisco ISE-related issues. This includes advanced troubleshooting of authentication failures, network access problems, and endpoint misclassifications and analyze logs and packet captures to identify root causes and provide solutions.Policy Management: Create and enforce detailed network access policies (e.g., 802.1X, MAC Authentication Bypass, Guest and BYOD policies) to ensure a secure network posture. This also involves defining and managing endpoint profiling and posture assessment rules.System Maintenance and Optimization: Regularly monitor the performance of the ISE infrastructure, applying patches and software upgrades as needed along with capacity planning and tuning to ensure the system is scalable and reliable.Integration and Automation: Integrate Cisco ISE with other security solutions such as firewalls and Security Information and Event Management (SIEM) systems to provide a comprehensive security overview.Compliance & Best Practices: Ensure alignment with internal security policies and regulatory standards (e.g., ISO 27001, SAMA, NCA). Assist in compliance reporting and periodic auditsQualifications:Typically, 3+ years of relevant work experience in industry, with a minimum of 2 years in a similar role.Solid understanding of network protocols (TCP/IP, DNS, NAT, VPN, SSL/TLS).Proficiency in AAA methodologies and protocols like RADIUS and TACACS+ is mandatory.Experience with network access control (NAC) solutions and technologies such as 802.1X, MAB, and device profiling.Familiarity with log analysis, SIEM tools, and incident handling procedures.Basic scripting or automation skills (Python, Bash) are a plus.Strong analytical and problem-solving abilities.Clear communication skills, particularly when interacting with cross-functional teams.Required Skills:Education & Certifications:Bachelor's Degree in Network Engineering, Computer Engineering, or a related field.Preferred certifications:Cisco CCNA (required), CCNP (preferred).SD-WAN or Wireless certifications (Cisco, Aruba, etc.) are a plus.Experience with firewalls (Palo Alto, Fortinet, Cisco ASA/FTD), IPS/IDS, and secure web gateways are a plus.Preferred Skills:On-call responsibilities for after-hours security events may be required.Occasional work with external vendors, audits, or compliance teams.Participation in periodic vulnerability assessments and penetration test reviews.Pay range and compensation package: Pay range or salary or compensation.Equal Opportunity Statement: Include a statement on commitment to diversity and inclusivity.