L3 NOC Engineer

• The L3 NOC Engineer Cisco ISE Support will serve as the highest escalation point for Identity Services Enginerelated issues across enterprise environments.
• The engineer will be responsible for handling advanced troubleshooting, policy optimization, NAC operations, device profiling, posture assessment, TACACS administration, and integration with security ecosystems.
• The role demands protocol-level analysis, strong cross-functional coordination, and steady handling of mission-critical network access issues.

Key Responsibilities:

Operational Support-

• Provide L3 support for Cisco ISE (PAN/PSN/ MnT ) across production environments.
• Handle authentication issues involving 802.1X, MAB, EAP, certificate-based access.
• Manage RADIUS/TACACS+ operations, CoA events, VLAN assignments, and dACL enforcement.
• Maintain and optimize NAC policies (pre-admission & post-admission).
• Troubleshoot WLC, access switches, firewalls, and VPN integrations with ISE.
• Manage guest access, captive portals, BYOD onboarding, and device registration flows.
• Oversee device profiling (DHCP, RADIUS, SNMP, HTTP probes) and posture compliance.
• Conduct threat containment actions using pxGrid , ANC, AMP, Firepower, etc.
• Support TACACS-based device administration for routers, switches & firewalls.
• Maintain distributed ISE node health, redundancy, synchronization, and certificates.

Troubleshooting & Deep Analysis:

• Perform RCA for recurring authentication / authorization / NAC failures.
• Analyze RADIUS/TACACS packets, ISE live logs, debugs, and Wireshark captures.
• Conduct protocol-level debugging for EAP, RADIUS, Diameter, GTP.
• Work closely with L2 teams, field engineers, and OEM TAC to resolve escalations.
• Tune and optimize authorization policies and ISE performance parameters.

Process & Documentation:

• Document ISE configurations, workflows, policies, and SOPs.
• Build and maintain KB articles for recurring issues.
• Participate in change reviews for upgrades, policy changes, and patch rollouts.
• Support HA checks, certificate renewals, backup verification, and lifecycle maintenance.

Mandatory Technical Skills

• Cisco ISE & NAC Expertise
• Strong understanding of Cisco ISE architecture (PAN/PSN/ MnT ).
• Hands-on experience in 802.1X, MAB, EAP-TLS/PEAP/EAP-FAST.
• Deep knowledge of RADIUS, TACACS+, CoA, dACLs , VLAN assignments.
• Strong understanding of Active Directory, LDAP, PKI, certificates, CRL/OCSP.
• Experience with Device Profiling, Posture Assessment, AnyConnect posture agent.
• Understanding of Guest portals, BYOD onboarding, DRP workflows.
• Experience with pxGrid , ANC, TrustSec (SGT/SGACL), segmentation.
• Proficiency with ISE debugs, monitoring tools, and distributed deployments.
• Hands-on troubleshooting with WLCs ( AireOS /Catalyst), switches, firewalls.

Preferred Tools/Tech Stack

• Cisco ISE 2.x / 3.x
• Cisco Prime / DNAC
• Cisco WLC platforms
• Wireshark, Syslog, SNMP, NetFlow
• Cisco ACS (legacy)
• Microsoft AD / Azure AD integrations

Soft Skills

• Strong analytical and protocol-level troubleshooting approach.
• Ability to operate in high-pressure 24x7 NOC environments.
• Excellent communication for cross-team coordination.
• Ability to lead escalations and mentor L1/L2 teams.
• Process-oriented and customer-focused mindset.

Educational Qualifications

• Bachelors degree in Electronics, Telecommunication, Computer Science, or related fields.

Preferred certifications

• CCNP Security / Enterprise
• Cisco Specialist ISE
• CCIE Security / Enterprise (added advantage)

Work Environment

• 24x7 rotational support operations.
• On-call availability for critical major incidents.
• Coordination with customer SOC/NOC teams, OEM TAC, and field teams.

-MAB (MAC Authentication Bypass), RADIUS, TACACS+, Change of Authorization (CoA).

-NAC (Network Access Control), dACL (Downloadable ACL), VLAN Assignment.

-Device Profiling, Posture Assessment, AnyConnect Posture.

-BYOD Onboarding, Guest Access / Captive Portal.

-pxGrid, ANC (Adaptive Network Control), TrustSec, SGT / SGACL.

-Wireshark, RADIUS Live Logs, ISE Debugs.

-Cisco WLC (AireOS/Catalyst), Cisco Switches, Firewalls Integration.

-Active Directory, LDAP, PKI, Certificates.

-L3 NOC Support, Enterprise Network Troubleshooting.

-Prior experience in Airtel Network, Jio Network.