Network Security Engineer (Cisco ISE/NAC | Network Access Control)

About Gruve

Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.

About the Role

The Network Security Engineer will join the US Solutions Delivery team, specializing in Cisco Identity Services Engine (ISE) and Network Access Control (NAC) deployments across enterprise customer environments. This is a hands-on, delivery-focused role centered on designing, implementing, and troubleshooting Cisco ISE-based NAC solutions including 802.1X, MAB, posture assessment, profiling, and guest services. The engineer also supports Cisco firewall platforms (ASA and FTD/NGFW) as a secondary discipline. The role owns assigned workstreams end-to-end — from lab validation through production cutovers — and works closely with architects, project managers, and customer stakeholders. 

Key Responsibilities

Cisco ISE / NAC Deployment & Operations  

• Design, deploy, and configure Cisco ISE for 802.1X wired/wireless, MAB, and CWA; manage policy sets, authentication/authorization, profiling, posture, and guest workflows end-to-end 


• Integrate ISE with Active Directory, LDAP, PKI/CA, and MFA; manage distributed ISE deployments (PAN, PSN, MnT) with HA and scalability; deploy RADIUS/TACACS+ for network device administration 


• Configure endpoint compliance/posture modules (AV, patch, OS); manage guest, sponsor portals, and BYOD onboarding; support TrustSec (SGT/SXP) segmentation 


• Troubleshoot RADIUS failures, authentication timeouts, profiling inconsistencies, and policy mismatches with root cause analysis 

Cisco Firewall Deployment & Operations: 

• Design, implement, and configure Cisco FTD and ASA firewalls, including HA setups and scalable architectures 


• Manage and optimize access control rules, NAT, security zones, and NGFW features IPS/IDS, URL filtering, Malware Policy, SSL decryption, and VPN (SSL/IPSec) 


• Troubleshoot firewall and VPN connectivity issues including NAT, routing, SSL/IPSec VPN failures, and policy-related problems 

Execution & Coordination 

• Collaborate with architects, senior engineers, and project managers to ensure accurate, timely solution delivery, while actively participating in project discussions to understand requirements, scope, and deployment sequencing 


• Take end-to-end ownership of assigned tasks, including escalation, root cause analysis (RCA), and issue resolution  

Documentation & Continuous Improvement 

• Create and maintain comprehensive documentation including ISE policy matrices, network access diagrams, RADIUS/TACACS inventories, and operational runbooks 


• Document firewall rules, VPN inventories, NAT tables, and change records for audit and compliance purposes 


• Stay current on Cisco ISE releases, NAC trends, Zero Trust Network Access (ZTNA), and SASE architectures, applying new learnings to delivery work 

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field 


• 3–5 years of cybersecurity experience with a strong focus on NAC and identity-based access control; 3+ years hands-on with Cisco ISE or similar NAC solutions (e.g., FortiNAC, Aruba ClearPass) 


• Strong knowledge of 802.1X (EAP-TLS, PEAP, TEAP), certificate-based authentication, and integrations with AD, LDAP, PKI, and RADIUS/TACACS+ 


• 3+ years of hands-on experience with Cisco ASA/FTD firewalls (NGFW, VPN, NAT) or equivalent experience with third-party firewalls (Palo Alto, Fortinet, Check Point) 


• Solid understanding of networking fundamentals: TCP/IP, DNS, DHCP, VLANs, trunking, and routing/switching 


• Experience with Cisco Catalyst/Nexus switches for NAC enforcement (802.1X, MAB) 


• Willingness to travel across the U.S. to support deployments 

Preferred Qualifications

• CCNP Security or equivalent certification (ISE/NAC specialization preferred); CISSP, GIAC, or other security certifications a plus 


• Experience with TrustSec/SGT/SXP, DUO MFA/ZTNA integration, Cisco Umbrella, and Cisco XDR 


• Familiarity with SASE/Zero Trust architectures and security automation (Python, Ansible, APIs) 


• Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, NIST); prior consulting or professional services experience preferred. 

Salary Range 

$65,000 - $110,000 USD + Benefits 

This is a full-time position with Gruve and is based onsite at our Edison, New Jersey office & Plano, Dallas Office. Please note that Gruve does not provide visa sponsorship for this role; candidates must be U.S. citizens.

‍

Why Gruve

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.