TrustSec Senior Network Engineer
Share
Job Location:
Los Angeles, CA - USA
Monthly Salary:
Not Disclosed
Posted on:
3 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: TrustSec Senior Network Engineer
Location: Los Angeles or Orange County CA (Locals only)
Work Type: Onsite (5 days a week)
Job Type: Contract (12 Months)
Rate: $65-70/hr on W2
Updated LinkedIn needed
Notes:
Only accepting US Citizens and Green Card holders
5 Openings
Candidates must live in Los Angeles or Orange County CA
Interview Mode: 2 rounds of Video interviews
(1) ONLY accepting US Citizens and Green Card holders who live in either Los Angeles or Orange County (California). Candidates must have or get a Flu shoot.
(2) On-Site Engineer (preparation /on-site during changes) I would say 5 days a week for now
MUST HAVES:
- Strong communication skills are mandatory must be able to explain TrustSec architecture segmentation strategy and troubleshooting steps clearly.
- This is not a learning role and not conceptual exposure. Candidates must have real production experience with Cisco TrustSec.
- Candidates must have personally done most of the following:
- Designed and implemented Cisco TrustSec architecture in enterprise environments
- Deployed Security Group Tags (SGTs) to replace VLAN-based segmentation
- Integrated Cisco ISE for:
- 802.1X
- MAB
- RADIUS authentication
- Dynamic SGT assignment
- Built and maintained TrustSec policy matrices
- Configured CTS enforcement on Catalyst and/or Nexus platforms
- Implemented SGT propagation using:
- Inline tagging
- SXP (multi-domain environments)
- Integrated TrustSec with Cisco Firepower / FMC for SGT-based firewall enforcement
- Supported Zero Trust / micro-segmentation initiatives
- Troubleshot:
- SGT assignment failures
- Policy mismatches
- Authentication and enforcement issues
- Analyzed logs and debugs from:
- ISE
- Switches
- Firepower
- Performed ISE upgrades patching and certificate management
- Documented designs policies and operational standards
QUESTIONS THAT NEED TO BE ANSWERED BY CANDIDATE: Submission summaries need to address the Must Haves and Nice To Have
JOB DESCRIPTION:
- Designed and implemented Cisco TrustSec architecture to deliver identity-based network segmentation across enterprise environments
- Deployed Security Group Tags (SGTs) to replace legacy VLAN-based segmentation and enforce least-privilege access
- Integrated Cisco ISE for 802.1X MAB and RADIUS authentication with dynamic SGT assignment
- Built and maintained TrustSec policy matrices defining permitted communications between users devices and applications
- Configured CTS enforcement on Catalyst and Nexus platforms for inline tagging and policy enforcement
- Implemented SGT propagation using inline tagging and SXP for multi-domain environments
- Integrated TrustSec with Cisco Firepower / FMC to enforce SGT-based firewall policies
- Supported Zero Trust initiatives by implementing micro-segmentation and identity-driven access controls
- Troubleshot TrustSec ISE and authentication issues including SGT assignment policy mismatches and enforcement failures
- Analyzed logs and debugs from ISE switches and Firepower to resolve complex access and segmentation issues
- Performed upgrades patching and certificate management for ISE and TrustSec-enabled network devices
- Collaborated with security network and application teams to align segmentation policies with business requirements
- Documented TrustSec designs operational procedures and policy standards for audit and compliance purposes
Key Skills
- EIGRP
- Load Balancing
- Routing Protocols
- Network Engineering
- BGP
- LAN
- Computer Networking
- IPsec
- OSPF
- Cisco ASA
- Juniper
- MPLS
