Cisco ISEACI SME

The following are required for bid submission:

• Resume
• R2R
• Cover Letter
• Meets Work Location

Scoring Method - Must equal 100%

• Resume Score - 20%
• Interview Score - 45%
• Cost Score - 35%

Summary:

• This position is responsible for the design implementation security and ongoing support of OITs enterprise data center and campus network infrastructure. The engineer will work with Cisco ACI Software Defined Access (SDA) Cisco Identity Services Engine (ISE) Cisco Catalyst platforms and observability tools including ThousandEyes Cyber Vision and DNA Spaces. The role also includes the administration of Palo Alto firewalls supporting statewide systems.

Major Responsibilities

• Cisco ACI fabric design and administration (VRF BD EPG/ESG L3Out).
• ACI integrations with OpenShift VMM and Cilium/Isovalent.
• Catalyst and SDA wired/wireless fabric deployment and support.
• Identity driven access configuration using Cisco ISE (TACACS authentication/authorization device profiling).
• ThousandEyes monitoring Cyber Vision integration and DNA Spaces analytics.
• Palo Alto next generation firewall configuration policy development and troubleshooting.
• Network documentation lifecycle planning and support of mission critical services.
• Required Knowledge/Skills
• Cisco ACI Nexus platforms multi tenant segmentation.
• SDA campus architectures.
• Cisco ISE policy sets and NAC.
• Palo Alto firewall administration and security profiles.
• Strong L2/L3 routing and switching skills.
• Ability to support high availability enterprise scale infrastructure.

Recommended Certifications

• CCNA
• CCNP Data Center
• CCNP Enterprise
• Cisco Specialist ACI SDA or ISE
• PCNSA (Palo Alto)
• PCNSE (Palo Alto)
• ThousandEyes Cyber Vision or related platform training

Position Description and Job Skill Set

• DOR - Office of Information Technology (OIT) is seeking a highly skilled and experienced Network Infrastructure Engineer to support and advance the States enterprise networking environment. This position plays a critical role in designing deploying and operating new LDC (Liquor Distribution Center) fabrics networks identity-driven access systems and observability platforms.
• The engineer will work closely with infrastructure team to ensure the States network services remain reliable scalable secure and aligned with enterprise modernization goals. This is a hands-on engineering position that requires strong technical expertise effective communication and the ability to support mission-critical systems across data centers and statewide operations.

Key Responsibilities

• Cisco ACI & Data Center Networking
• Design implement and maintain Cisco Nexus platforms running ACI mode including VRFs Bridge Domains EPGs/ESGs L3Out contracts and fabric policies.
• Integrate ACI with virtualization and container platforms including Red Hat OpenShift VMM and Isovalent/Cilium.
• Configure and optimize RoCEv2 within the ACI fabric for high-performance low-latency workloads.
• Conduct advanced troubleshooting of ACI fabric health faults endpoint learning contracts and multi-tenant segmentation.
• Develop and maintain fabric documentation standards and operational procedures. Cisco Catalyst & Software-Defined Access
• Deploy and support Cisco Catalyst platforms within campus environments.
• Design and maintain Software-Defined Access (SDA) architectures including SDA Wired Fabric and Fabric-Enabled Wireless.
• Manage fabric underlay and overlay policy mapping authentication integrations and assurance operations.
• Collaborate with wireless engineers to optimize coverage performance and policy enforcement across SDA.
• Identity-Driven Networking & Security Technologies
• Configure and administer Cisco Identity Services Engine (ISE) for TACACS device administration authentication and authorization policy sets and endpoint profiling.
• Integrate Cyber Vision intelligence into profiling segmentation and access control workflows.
• Support Zero Trust efforts through identity-centric segmentation and policy integration across ACI and SDA fabrics.
• Visibility Analytics & Observability
• Deploy and manage ThousandEyes for end-to-end visibility routing path analysis and performance monitoring.
• Implement and support Cisco Cyber Vision for OT/IoT asset visibility device classification and behavior analysis.
• Manage DNA Spaces for location analytics telemetry ingestion device behavior and wireless intelligence.
• Provide meaningful insights to leadership using data from these observability platforms. Core Network Engineering
• Troubleshoot complex L2/L3 network issues across multiple environments including VLANs OSPF BGP STP and multicast.
• Designing and implementing Palo Alto Networks security solutions across enterprise environments.
• Create and maintain documentation including architecture diagrams standards runbooks and asset inventories.
• Assist in modernization planning platform upgrades procurement processes and statewide technology initiatives.
• Other duties as assigned.

Required Skills/Experience

• The DOR SME must possess:
• Minimum of 15 years of experience working with Cisco networking.

Required Skills & Qualifications

• Hands-on experience with Cisco ACI in production environments.
• Deep knowledge of ACI constructs (VRF BD EPG ESG L3Out contracts).
• Experience integrating ACI with OpenShift VMM and Cilium/Isovalent.
• Proficiency with Cisco Catalyst platforms and SDA fabric technologies.
• Experience administering Cisco ISE including TACACS and policy-set based NAC.
• Strong understanding of ThousandEyes Cyber Vision and DNA Spaces or comparable tools.
• Solid command of core TCP/IP routing switching QoS and network security fundamentals.
• Ability to develop clear diagrams documentation and architectural artifacts.
• Strong analytical and communication skills with the ability to work in fast-paced mission-critical environments.

Preferred/Not Required

• Cisco certifications such as CCNP Data Center CCNP Enterprise CCIE or equivalent experience.
• Hands-on experience with container networking and virtualization integrations.
• Familiarity with NIST frameworks and state-level cybersecurity requirements.
• Experience with network automation tools (Python Ansible REST APIs).
• Prior work in state government or large enterprise network environments.
• PCCSA Palo Alto Networks Certified Cybersecurity Associate Foundational security NGFW basics threats App-ID and policy.
• PCNSA Palo Alto Networks Certified Network Security Administrator
• Focuses on NGFW configuration security profiles NAT App-ID URL filtering WildFire