Senior Technical Consultant – Cisco Security

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.   At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.    We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.    We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.  We’re seeking a client-facing Senior Technical Consultant with deep, hands-on expertise in Cisco Identity Services Engine (ISE) and Cisco Firepower Threat Defense/Firepower Management Center (FTD/FMC). You will design, implement, migrate, and optimize secure network access and perimeter/segmentation controls for enterprise customers. This role blends technical leadership, delivery ownership, and trusted-advisor consulting—across discovery, architecture, build, testing, knowledge transfer, and post-deployment support Why AHEAD:   Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.   We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.   India Employment Benefits include:  Comprehensive health insurance coverage for employees, with options to extend coverage to dependents Paid time off and company holidays, along with additional leave benefits as per policy Flexible work arrangements, supporting work-life balance Learning and development opportunities to support continuous growth and upskilling Employee wellness initiatives and programs focused on physical and mental well-being Retirement and statutory benefits in line with India regulations Inclusive and people-first culture, with a strong focus on collaboration and ownership   country: IN all locations: [India Gurugram, Haryana Hyderabad] commitment: Full Time department: ( Network ) location: India team: Network Delivery What You’ll Do (Key Responsibilities): Client Delivery & Consulting   Lead end-to-end delivery of Cisco ISE and Firepower projects: discovery, High-level Design (HLD), Low-level Design (LLD), build, cutover, validation, documentation, and knowledge transfer. Facilitate workshops to gather requirements, assess current state, and map outcomes to best practices and security frameworks (e.g., Zero Trust, NIST). Create SOW inputs (scope, assumptions, milestones) and delivery artifacts (migration plans, rollback plans, test plans, runbooks).   Cisco ISE (Core Focus)   Architect and deploy ISE in standalone and distributed personas (PAN/MnT/PSN), including HA and scale considerations. Design 802.1X and MAB policies for wired/wireless, RADIUS/TACACS+ services, device profiling, posture assessment, and Guest/BYOD onboarding flows. Build authorization policies using security group tags (SGT/TrustSec), dACLs, and dynamic VLANs; integrate with Active Directory/LDAP, PKI, Duo, and AnyConnect posture modules. Implement pxGrid integrations with ecosystem tools (e.g., SIEM, EDR, NAC partners) and guide segmentation strategies.   Cisco Firepower – FTD/FMC (Core Focus)   Design and implement FTD (physical and virtual appliances) managed by FMC (HA, clustering, multi-context where applicable). Build Access Control Policies, SSL decryption, Intrusion Policies, Malware, Security Intelligence, URL Filtering, and NAT; tune policies for efficacy/performance. Understanding of IPsec (remote-access and site-to-site) IKEv1/IKEv2 and SSLVPN Secure Client/AnyConnect Migrate from legacy ASA to FTD with structured policy rationalization and cutover/runbook planning. Integrate FMC with external tools (e.g., ISE/pxGrid SGT, SIEM) and enable flow telemetry/Health/Correlation where appropriate.   Networking & Ecosystem (Plus)   Collaborate across switching/routing (OSPF/BGP, EVPN/VXLAN), Cisco WLC/Catalyst wireless for 802.1X/WPA2‑Enterprise/PSK transitions, and SD‑WAN/VPN contexts. Tie-in with other Cisco security solutions (e.g., AnyConnect/Secure Client, Duo, Secure Endpoint (AMP), Umbrella, SecureX). Experience with other vendors’ firewalls/NAC is a bonus.   Quality, Documentation & Enablement   Produce high-quality HLD/LLD, as-built documents, security policy maps, and operational runbooks. Conduct formal knowledge transfer (KT) and admin training; mentor junior consultants and collaborate with PMs on timeline/risk management. Contribute to internal accelerators (validated designs, automation snippets, migration checklists).   Post‑Delivery & Continuous Improvement   Provide hypercare, root cause analysis, and optimization recommendations. Identify follow-on opportunities and feed delivery insights into presales, solution architecture, and packaged offerings. What You’ll Bring (Qualifications): 7+ years in network/security engineering with 3–5+ years delivering Cisco ISE and Cisco FTD/FMC in enterprise environments. Proven delivery of multi‑site ISE and FTD projects (design through cutover), including HA, scale, and production operations. Hands-on with: ISE: 802.1X/MAB, RADIUS, TACACS+,Guest/BYOD, posture, profiling, SGT/TrustSec, dACLs, AD/LDAP, certificates/PKI, pxGrid, AnyConnect posture. FTD/FMC: access control, SSL decryption, intrusion policies (Snort 3), NAT, VPNs, HA/clustering, policy tuning, logging/SIEM integration. Solid L2/L3 networking fundamentals (VLANs, STP, routing protocols, VRF, QoS fundamentals); Wi-Fi 802.1X concepts. Strong consulting skills: discovery, requirements mapping, documentation, risk management, customer communication, and executive level updates. Experience with change management (ITIL), production cutovers, and rollback plans. Excellent written/verbal communication; ability to lead workshops and train admins.   Preferred/Bonus Relevant certifications (one or more highly desired): CCNP Security, Cisco Certified Specialist – ISE/Firepower, CCIE Security (written or lab), CISSP, GIAC (e.g., GPCS, GCIA, GSEC). Experience with Duo, Secure Client/AnyConnect posture, Secure Endpoint (AMP), Umbrella, ISE SGT integration with FMC, and SecureX. Cross vendor exposure (Palo Alto, Fortinet, Aruba ClearPass, Check Point, Juniper) and migration experience. Scripting/automation for repeatability (e.g., Python, Ansible, REST APIs for FMC/ISE), Git basics, and templating mindset. Exposure to Zero Trust segmentation, identity centric access, and compliance frameworks (NIST, CIS Controls, ISO 27001). SIEM/EDR/SOAR integrations and incident response collaboration experience.   Success Metrics (KPIs): On‑time, on budget delivery across assigned SOWs. Adoption & Stability: Post-go-live incident rate, mean time to resolution, and policy efficacy (e.g., reduced false positives). Quality: Artifact completeness (HLD/LLD/as-built/runbooks), peer reviews passed, and customer satisfaction (CSAT/NPS). Knowledge Transfer: Customer admin readiness and KT scoring. Practice Enablement: Reusable assets contributed; mentorship feedback. Utilization: Billable utilization targets met while maintaining quality. Sample Project Types You’ll Lead: Enterprise 802.1X rollout with ISE (wired/wireless), posture assessment, guest/BYOD, and SGT-based segmentation. ASA-to-FTD migration including policy rationalization, NAT redesign, SSL decryption strategy, and high availability. ISE pxGrid integration with FMC/SIEM/EDR for adaptive policy and threat response. Zero Trust network access initiative mapping identities to SGTs and enforcing via TrustSec and FMC policies. Education: Bachelors in computer science, Information Systems, Cybersecurity, or equivalent experience.