This role focuses on identity-based network access control, leveraging technologies such as Cisco Identity Services Engine (ISE), 802.1X, and Network Access Control (NAC) to secure wired, wireless, and remote access for users, endpoints, and IoT devices. The engineer will ensure scalable, policy-driven access aligned with Zero Trust principles and enterprise security standards.
Responsibilities:
Works across the business, operations and technology to create the solution intent and architectural vision for complex solutions and prioritize functional and non-functional requirements into a technology backlog to enable the technology roadmap and functionality to support evolving capabilities and services
Contributes to the creation of the architecture roadmap of defined domains (Business, Application, Data, and Technology) in support of the product roadmap and the development of best practices including standardized templates
Clarifies the architecture, assists with system design to support implementation, and provides solution options to resolve any architectural impediments
Facilitates solution driven discussions, leads the design of complex architectures, and finds creative solutions through knowledge of domain, practical experiments, and proof of concepts while ensuring architecture is flexible, modular, and adaptable
Educates team members on the technology practices, standardization strategies, and best practices to create innovative solutions
Supports the team as needed to select the technology stack required for solutions and helps select preferred technology products
Performs design and code reviews to ensure all non-functional requirements are sufficiently met (for example, security, performance, maintainability, scalability, usability, and reliability)
Defines scalable and secure designs for AAA. Network Access Control, Remote Access (VPN), Captive Persuasive Wi-Fi, and Network Infrastructure Administration (RBAC) . The role drives the modernization of Identity-based access policies and enforcement
Acts as a design authority across programs involving network segmentation, partner access, and internal service hosting
Develops reusable frameworks to standardize policy enforcement, inspection, and observability
Partners with security, infrastructure, and application teams to embed security into network designs
10+ years of progressive infrastructure / network / security engineering experience with 5+ years in architecture or senior technical leadership roles
Must have experience taking ownership of AAA for large-scale, high-availability enterprise environments
Deep expertise in designing and implementing segmented AAA architectures including 802.1X authentication (EAP-TLS, PEAP, MAB fallback), RADIUS/TACACS+ AAA protocols
Architect scalable identity-based segmentation using Scalable Group Tags (SGT), Dynamic VLAN assignment, and Downloadable ACLs (dACL)
Hands-on experience with Cisco Identity Services Engine (ISE) (design, policy, and operations)
Strong knowledge of network protocols- TCP/IP, HTTP, HTTPS, SSL, TLS, WPA3, Kerberos/LDAP, EAP/PEAP, GRE/IPSEC etc.
Proven delivery experience in regulated industries (financial services strongly preferred) with strong understanding of audit, risk, and control expectations
Strong experience leading cross-functional initiatives involving Network, Security, App teams, IAM, SRE/Operations, and Governance/Risk/Compliance (GRC)
Experience embedding security measures.
Demonstrated ability to create and enforce reference architectures, standards, patterns, and guardrails.
Demonstrated ability to create and enforce reference architectures, standards, patterns, and guardrails.
Confirms that application and business requirements have been translated into technical definitions, reference models,
blueprints, and playbooks to guide development and integration of technology solutions
Reviews and may develop software solutions to address manual and repeatable work or inefficient processes
Mentors and assists Infrastructure resources on infrastructure service along with application integration validation methods and tools to ensure that technology solutions comply with enterprise system design and engineering standards
Promotes an inclusive and healthy working environment and helps to resolve organizational impediments/blockers
Works with Bank teams and customers to ensure solutions are aligned with support requirements and that the transition and delivery of new systems or upgrades are seamlessly transitioned to production support teams
Collaborate with other internal/external teams such as Operations, Change Implementation team, Engineering, and requestors on core design requirements/standards and impact assessment
Responsible for documentation, monitoring, troubleshooting, and evaluation of network and infrastructure systems, working towards solving and resolving network issues when necessary