L3 NOC Engineer – Cisco ISE Support

Location: Specify Mumbai

Experience: 7 10 years (with minimum 3 years in Cisco ISE support and troubleshooting)

Job Type - Ongoing Contract/ FTC

Role Overview

The L3 NOC Engineer Cisco ISE Support will be responsible for troubleshooting maintaining and optimizing Cisco Identity Services Engine (ISE) deployments in live production environments. The role involves deep technical engagement across authentication authorization network access control device profiling posture assessment guest access threat containment and TACACS-based device administration.

The ideal candidate will possess strong analytical and protocol-level troubleshooting skills ensuring secure reliable and compliant network access across wired wireless and VPN infrastructures.

Key Responsibilities

Operational Support

• Provide L3-level technical support for Cisco ISE infrastructure in a live enterprise network environment.

• Monitor and troubleshoot issues related to authentication (802.1X MAB EAP) and authorization failures.

• Support and maintain Network Access Control (NAC) policies including pre-admission and post-admission controls.

• Perform end-to-end RADIUS TACACS and CoA troubleshooting across access switches WLCs and firewalls.

• Manage device profiling and posture assessments ensuring endpoint compliance and policy enforcement.

• Support guest access workflows including captive portal redirection guest account provisioning and portal customization.

• Configure and troubleshoot BYOD onboarding device registration and certificate-based access.

• Handle threat containment and network quarantine activities via Cisco ISE integrations (pxGrid AMP Firepower etc.).

• Administer device access control via TACACS for routers switches and firewalls.

• Maintain system health redundancy and policy synchronization across ISE nodes in distributed deployment.

Troubleshooting & Analysis

• Perform root cause analysis of recurring authentication/authorization failures and NAC-related incidents.

• Analyze RADIUS / TACACS packet captures debug logs and ISE live logs for problem isolation.

• Collaborate with L2 NOC field teams and vendor TAC to drive resolution of complex issues.

• Conduct protocol-level debugging (EAP GTP RADIUS Diameter etc.) for identifying faults and policy misalignments.

• Support policy optimization and performance tuning for ISE services (Policy Service Nodes Monitoring Nodes).

Process & Documentation

• Maintain documentation of configurations troubleshooting steps and standard operating procedures (SOPs).

• Contribute to Knowledge Base (KB) creation for common ISE and NAC issues.

• Participate in change management reviews ensuring risk mitigation during ISE upgrades or policy changes.

• Assist in ISE patching certificate renewals and high availability (HA) validation activities.

Technical Skills Required

Core Competencies

• Strong understanding of Cisco ISE architecture (PAN PSN MnT) and operational workflows.

• In-depth knowledge of AAA protocols (RADIUS TACACS) EAP methods and 802.1X authentication.

• Experience with Active Directory LDAP PKI and Certificate-based authentication.

• Expertise in CoA DACLs VLAN assignments and authorization profiles.

• Experience in Device Profiling (DHCP SNMP HTTP probes) and Posture Assessment using Cisco AnyConnect.

• Proficiency in Guest Access Portals BYOD workflows and Device Onboarding.

• Working knowledge of pxGrid integrations ANC policies and threat containment workflows.

• Familiarity with Cisco TrustSec (SGTs SGACLs) and network segmentation concepts.

• Hands-on experience with ISE logs debug commands and Wireshark packet captures.

• Understanding of network devices (Switches WLCs Firewalls) integrated with ISE.

Preferred Tools & Technologies

• Cisco ISE (2.x and 3.x versions)

• Cisco Prime / DNA Center

• Cisco WLC (AireOS/Catalyst)

• Wireshark / Syslog / SNMP / NetFlow tools

• Cisco Secure ACS (legacy)

• Microsoft AD / Azure AD integration

Soft Skills

• Strong analytical and problem-solving mindset.

• Ability to work in a high-pressure 24x7 NOC environment.

• Excellent written and verbal communication for cross-functional coordination.

• Self-motivated process-oriented and customer-focused approach.

• Capable of handling escalations and mentoring L1/L2 teams.

Educational Qualifications

• Bachelors degree in Electronics Telecommunications Computer Science or related field.

• Certifications preferred:

• Cisco Certified Network Professional (CCNP Security / Enterprise)

• Cisco Certified Specialist Identity Services Engine

• CCIE (Security / Enterprise) added advantage

Work Environment

• 24x7 support with rotational shifts.

• On-call availability for critical escalations.

• Coordination with customer SOC/NOC OEM TAC and internal field teams.

Interview Scenarios