L3 Network Operations Center Engineer

Description
Job Title :
L3 NOC Engineer Cisco ISE Support

Location :
Mumbai

Department :
Network Operations Center (NOC) / Enterprise Security Operations

Experience :
710 years (with a minimum 3 years in Cisco ISE support and troubleshooting)

Reports To :
NOC Manager / Network Operations Lead

Role Overview
The L3 NOC Engineer Cisco ISE Support will be responsible for troubleshooting, maintaining, and optimizing Cisco Identity Services Engine (ISE) deployments in live production environments. The role involves deep technical engagement across authentication, authorization, network access control, device profiling, posture assessment, guest access, threat containment, and TACACS-based device administration.

The ideal candidate will possess strong analytical and protocol-level troubleshooting skills, ensuring secure, reliable, and compliant network access across wired, wireless, and VPN infrastructures.

Key Responsibilities
Operational Support :

• Provide L3-level technical support for Cisco ISE infrastructure in a live enterprise network environment.
• Monitor and troubleshoot issues related to authentication (802.1X, MAB, EAP) and authorization failures.
• Support and maintain Network Access Control (NAC) policies, including pre-admission and post-admission controls.
• Perform end-to-end RADIUS, TACACS+, and CoA troubleshooting across access switches, WLCs, and firewalls.
• Manage device profiling and posture assessments, ensuring endpoint compliance and policy enforcement.
• Support guest access workflows including captive portal redirection, guest account provisioning, and portal customization.
• Configure and troubleshoot BYOD onboarding, device registration, and certificate-based access.
• Handle threat containment and network quarantine activities via Cisco ISE integrations (pxGrid, AMP, Firepower, etc.).
• Administer device access control via TACACS+ for routers, switches, and firewalls.
• Maintain system health, redundancy, and policy synchronization across ISE nodes in distributed & Analysis :
• Perform root cause analysis of recurring authentication/authorization failures and NAC-related incidents.
• Analyze RADIUS / TACACS packet captures, debug logs, and ISE live logs for problem isolation.
• Collaborate with L2 NOC, field teams, and vendor TAC to drive resolution of complex issues.
• Conduct protocol-level debugging (EAP, GTP, RADIUS, Diameter, etc.) for identifying faults and policy misalignments.
• Support policy optimization and performance tuning for ISE services (Policy Service Nodes, Monitoring Nodes).

Process & Documentation

• Maintain documentation of configurations, troubleshooting steps, and standard operating procedures (SOPs).
• Contribute to Knowledge Base (KB) creation for common ISE and NAC issues.
• Participate in change management reviews, ensuring risk mitigation during ISE upgrades or policy changes.
• Assist in ISE patching, certificate renewals, and high availability (HA) validation activities.

Technical Skills Required
Core Competencies :

• Strong understanding of Cisco ISE architecture (PAN, PSN, MnT) and operational workflows.
• In-depth knowledge of AAA protocols (RADIUS, TACACS+), EAP methods, and 802.1X authentication.
• Experience with Active Directory, LDAP, PKI, and Certificate-based authentication.
• Expertise in CoA, DACLs, VLAN assignments, and authorization profiles.
• Experience in Device Profiling (DHCP, SNMP, HTTP probes) and Posture Assessment using Cisco AnyConnect.
• Proficiency in Guest Access Portals, BYOD workflows, and Device Onboarding.
• Working knowledge of pxGrid integrations, ANC policies, and threat containment workflows.
• Familiarity with Cisco TrustSec (SGTs, SGACLs) and network segmentation concepts.
• Hands-on experience with ISE logs, debug commands, and Wireshark packet captures.
• Understanding of network devices (Switches, WLCs, Firewalls) integrated with ISE.

Preferred Tools & Technologies

• Cisco ISE (2.x and 3.x versions)
• Cisco Prime / DNA Center
• Cisco WLC (AireOS/Catalyst)
• Wireshark / Syslog / SNMP / NetFlow tools
• Cisco Secure ACS (legacy)
• Microsoft AD / Azure AD integration

Soft Skills

• Strong analytical and problem-solving mindset.
• Ability to work in a high-pressure 24x7 NOC environment.
• Excellent written and verbal communication for cross-functional coordination.
• Self-motivated, process-oriented, and customer-focused approach.
• Capable of handling escalations and mentoring L1/L2 teams.

Educational Qualifications

• Bachelors degree in Electronics, Telecommunications, Computer Science, or related field.
• Certifications preferred :
• Cisco Certified Network Professional (CCNP Security / Enterprise)
• Cisco Certified Specialist Identity Services Engine
• CCIE (Security / Enterprise) added advantage

Work Environment

• 24x7 support with rotational shifts.
• On-call availability for critical escalations.
• Coordination with customer SOC/NOC, OEM TAC, and internal field teams

)