Demo

Senior Security Engineer

Tria Federal
Hillcrest Heights, MD Full Time
POSTED ON 4/25/2026
AVAILABLE BEFORE 5/25/2026

Senior Network Security Engineer

Tria Federal is seeking a Senior Network Security Engineer to support the agency as it moves away from its legacy ForeScout CounterACT NAC/NAM system and adopts Cisco Identity Services Engine (ISE) as the new access‑control platform. The engineer will help configure and manage Cisco ISE across the environment, handling AAA services, wired and wireless 802.1X authentication, device administration, and posture checks for users and devices.

This role also supports the agency’s modernization work by improving authentication processes, updating ISE policies, and strengthening identity-based access controls. The engineer will troubleshoot access issues, refine policy designs, and help ensure users and devices can connect securely and reliably as the organization completes its transition from ForeScout to Cisco ISE.

Basic Requirements

  • Senior Network Security Engineer responsible for designing, configuring, monitoring, and troubleshooting Cisco ISE as a NAC/NAM platform, including TACACS /RADIUS services, device administration policies, and wired/wireless 802.1X authentication.
  • Experience working with Cisco ISE deployed on Cisco SNS‑3715 appliances, preferably in a two‑node clustered, high‑availability setup.
  • Understanding of ForeScout CounterACT, including legacy NAC/NAM policies, device classification, and access workflows, to support the migration to Cisco ISE.
  • Experience providing general wireless network support, including basic troubleshooting, controller interactions, and wireless access workflows.
  • Hands‑on experience integrating Cisco ISE with Active Directory (AD) and LDAP, including identity lookups, group‑based policy decisions, and directory‑based authentication.
  • Eight (8) years of experience in a large government organization with five (5) years in technical leadership, including four (4) years implementing and troubleshooting Cisco ISE with expertise in:
  • Authentication and authorization policies (RADITACACS )
  • 1X/EAP methods for wireless and wired access
  • Device profiling, posture checks, and endpoint compliance
  • Certificate‑based authentication (EAP‑TLS) and PKI integration
  • AAA integrations for switches, appliances, firewalls, and wireless controllers
  • Experience supporting Cisco ISE integrations with Cisco 9800 Wireless LAN Controllers, including guest/registration page redirection and wireless onboarding.
  • Experience migrating legacy NAC, RADIUS, or device authentication systems into Cisco ISE while aligning with Zero Trust principles.
  • Four (4) years of experience supporting identity‑centric or Zero Trust architectures with strong knowledge of segmentation, certificate management, and endpoint posture controls.
  • Solid understanding of telecommunications, network security, and Zero Trust best practices.
  • Strong communication skills with the ability to explain Cisco ISE, NAC/NAM, and AAA concepts to both technical and non‑technical audiences.
  • Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
  • Preferred certifications: Cisco CCNP Security, Cisco ISE Specialist, or similar identity/security certifications.

Responsibilities                              

  • Troubleshoot and resolve Cisco ISE issues across RADIUS, TACACS , 802.1X, device administration, and endpoint authentication.
  • Deploy, configure, and maintain Cisco ISE running on two clustered Cisco SNS‑3715 appliances, ensuring high availability and consistent policy enforcement.
  • Support the agency’s migration from ForeScout CounterACT to Cisco ISE, including reviewing legacy ForeScout policies, device groups, and access rules and mapping them into ISE policy sets.
  • Provide general wireless support, including basic troubleshooting, wireless access workflows, and coordination with wireless infrastructure teams.
  • Configure and support Cisco ISE integrations with Cisco 9800 WLCs, including guest/registration portals, wireless onboarding, and policy‑driven access control.
  • Integrate and maintain Cisco ISE with Active Directory (AD) and LDAP, including identity lookups, group‑based authorization, and directory‑based authentication workflows.
  • Deploy, configure, and maintain Cisco ISE components, including:
  • Policy Sets, Authorization Profiles, and Authentication Rules
  • TACACS device administration
  • 1X for wired and wireless networks
  • Profiling, posture, and compliance policies
  • Certificate‑based authentication and PKI integrations
  • Monitor security events using ISE logs, syslog, and performing root cause analysis for authentication and access issues.
  • Manage identity integrations, enforce security policies, and tune configurations to support Zero Trust and improve user experience.
  • Perform routine health checks, upgrades, migrations, and document changes through SOPs, engineering designs, and implementation procedures.
  • Work closely with engineering, operations, and compliance teams while mentoring junior staff and contributing to knowledge sharing efforts.

 

5 years  

Work Location: 100% ON-SITE SUPPORT in Suitland, MD 

Salary : $110,000 - $123,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Senior Security Engineer?

Sign up to receive alerts about other jobs on the Senior Security Engineer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$220,784 - $286,649
Income Estimation: 
$270,069 - $359,305
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Tria Federal

Senior Network Security Engineer
Apply
  • Tria Federal Suitland, MD
  • Who We Are Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. F... more
  • 2 Days Ago
Graphic Designer
Apply
  • Tria Federal Tampa, FL
  • Who We Are Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. F... more
  • 2 Days Ago
Director, Cyber Security Practice
Apply
  • Tria Federal Washington, DC
  • Who We Are Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. F... more
  • 3 Days Ago
Senior Salesforce Administrator
Apply
  • Tria Federal Woodlawn, MD
  • Who We Are Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members and civilians. F... more
  • 3 Days Ago
View More Jobs at Tria Federal

Not the job you're looking for? Here are some other Senior Security Engineer jobs in the Hillcrest Heights, MD area that may be a better fit.

Senior Security Engineer
Apply
  • Earthling Security Bethesda, MD
  • Job Summary The Senior Security Engineer will serve as an architect-level security professional responsible for designing, engineering, and operationalizin... more
  • 23 Days Ago
Senior Security Engineer (Firewall) - Mid-Atlantic region
Apply
  • GuidePoint Security Herndon, VA
  • GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By ta... more
  • 14 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!