Network Security Engineer (Cisco ISE/NAC | Network Access Control)

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role The Network Security Engineer will join the US Solutions Delivery team, specializing in Cisco Identity Services Engine (ISE) and Network Access Control (NAC) deployments across enterprise customer environments. This is a hands-on, delivery-focused role centered on designing, implementing, and troubleshooting Cisco ISE-based NAC solutions including 802.1X, MAB, posture assessment, profiling, and guest services. The engineer also supports Cisco firewall platforms (ASA and FTD/NGFW) as a secondary discipline. The role owns assigned workstreams end-to-end — from lab validation through production cutovers — and works closely with architects, project managers, and customer stakeholders.  Key Responsibilities Cisco ISE / NAC Deployment & Operations   Design, deploy, and configure Cisco ISE for 802.1X wired/wireless, MAB, and CWA; manage policy sets, authentication/authorization, profiling, posture, and guest workflows end-to-end  Integrate ISE with Active Directory, LDAP, PKI/CA, and MFA; manage distributed ISE deployments (PAN, PSN, MnT) with HA and scalability; deploy RADIUS/TACACS+ for network device administration  Configure endpoint compliance/posture modules (AV, patch, OS); manage guest, sponsor portals, and BYOD onboarding; support TrustSec (SGT/SXP) segmentation  Troubleshoot RADIUS failures, authentication timeouts, profiling inconsistencies, and policy mismatches with root cause analysis  Cisco Firewall Deployment & Operations:  Design, implement, and configure Cisco FTD and ASA firewalls, including HA setups and scalable architectures  Manage and optimize access control rules, NAT, security zones, and NGFW features IPS/IDS, URL filtering, Malware Policy, SSL decryption, and VPN (SSL/IPSec)  Troubleshoot firewall and VPN connectivity issues including NAT, routing, SSL/IPSec VPN failures, and policy-related problems  Execution & Coordination  Collaborate with architects, senior engineers, and project managers to ensure accurate, timely solution delivery, while actively participating in project discussions to understand requirements, scope, and deployment sequencing  Take end-to-end ownership of assigned tasks, including escalation, root cause analysis (RCA), and issue resolution   Documentation & Continuous Improvement  Create and maintain comprehensive documentation including ISE policy matrices, network access diagrams, RADIUS/TACACS inventories, and operational runbooks  Document firewall rules, VPN inventories, NAT tables, and change records for audit and compliance purposes  Stay current on Cisco ISE releases, NAC trends, Zero Trust Network Access (ZTNA), and SASE architectures, applying new learnings to delivery work  Basic Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field  3–5 years of cybersecurity experience with a strong focus on NAC and identity-based access control; 3+ years hands-on with Cisco ISE or similar NAC solutions (e.g., FortiNAC, Aruba ClearPass)  Strong knowledge of 802.1X (EAP-TLS, PEAP, TEAP), certificate-based authentication, and integrations with AD, LDAP, PKI, and RADIUS/TACACS+  3+ years of hands-on experience with Cisco ASA/FTD firewalls (NGFW, VPN, NAT) or equivalent experience with third-party firewalls (Palo Alto, Fortinet, Check Point)  Solid understanding of networking fundamentals: TCP/IP, DNS, DHCP, VLANs, trunking, and routing/switching  Experience with Cisco Catalyst/Nexus switches for NAC enforcement (802.1X, MAB)  Willingness to travel across the U.S. to support deployments  Preferred Qualifications CCNP Security or equivalent certification (ISE/NAC specialization preferred); CISSP, GIAC, or other security certifications a plus  Experience with TrustSec/SGT/SXP, DUO MFA/ZTNA integration, Cisco Umbrella, and Cisco XDR  Familiarity with SASE/Zero Trust architectures and security automation (Python, Ansible, APIs)  Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, NIST); prior consulting or professional services experience preferred.  Salary Range  $65,000 - $110,000 USD + Benefits    This is a full-time position with Gruve and is based onsite at our Edison, New Jersey office & Plano, Dallas Office. Please note that Gruve does not provide visa sponsorship for this role; candidates must be U.S. citizens.   ‍ Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted. Offices: Dallas, Texas, United States (Dallas); Edison, New Jersey, United States (Edison);