Network Engineer - Cisco Ise (Senior Level/Pr

Betis Group is looking for a Network Engineer – Cisco ISE (Senior Level/Project Manager) to successfully complete the migration from two (2) pair of Cisco (high availability) ASA firewalls to Cisco Firepower Threat Defense (FTD) image, combining Cisco ASA and Firepower features into one hardware and software inclusive system.

Project management includes regular project meetings if required to provide status on the project and to review issues and actions related to the project.

This is a short-term (4-6 months) CONTRACT engagement with the potential for long-term engagement after project completion.

Project Scope

During Configuration Planning, Firewall rules, security zones, Interface groups, NAT policies, VPNs, ACLs, Objects, filters, policy-based routing (BPR) will be examined and discussed for architectural decision making. Knowledge transfer around differences between ASA and FTD, file transfer and management will be explained with the Firewall Migration Tool (FMT) that can assist in pre-migration reporting and migrating workflows. The Vendor will provide the following tasks:

• Client Kick-off call for introductions and set timelines, deliverables, and project expectations.
• Off-site documentation review of existing network documentation and firewall rules for migration.
• Main location (on-site) project planning and assessment to include:
  1. Engineering review of physical cabling, cross connects and peer connections.
  2. Verify Layer-3 and Layer-2 ports, SVI and routed ports, IGP, EGB protocols.
  3. Verify security zones and policies for enforcement.
  4. Verify VPN Access and Remote connectivity.
  5. Verify and discuss HA failover and migration path.
  6. Verify L2 and L3 internal switching design, spanning–tree and VLAN architecture as it relates to firewall VRF handling and routing architecture.
  7. Verify IP Address management, schema and address allocations for DNS, DHCP, and Gateways.
  8. Verify firewall software licensing, security certificates and encryption.
  9. On-site migration plus next day on-site support.

• Configuration Design, Testing Plan and Migration Plan development and documentation will occur after discovering all business requirements and the current state of security architecture. The Vendor will document the findings and prepare the target design and system design for analysis. The following activities will occur during the planning process:

1. Off-site Engineering analysis of existing on-site findings and documentation of existing topology detailing protocol stack for HA routing and switching.
2. Documentation and policy review of existing firewall and security services (Threat prevention, URL filtering, VPN, etc.)
3. Documentation and policy review of existing sub-interface (networks) for internal route filtering using any existing VRF mapping and access control list.
4. Documentation and export of existing certificates used for software and client access.
5. Documentation of existing firewall access control list denoting each security zone mapping and privilege for access.
6. Documentation of new Cisco FirePOWER firewall software upgrade using latest firmware release for General Deployment.
7. Document Method of Procedure (MoP) for Client Change Control and Migration.
8. Document Disaster Recovery failover testing between sites and measure recovery time objectives (RTOs)

Skills and Qualifications

• Bachelor's degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Telecommunications, Engineering or related technical discipline, or equivalent experience/training
• 8+ years of experience as a systems or infrastructure engineer, working directly with wireless network technologies at an enterprise scale
• 5+ years of experience as a Cisco ISE Engineer creating design documentation, building ISE rules, implementing ISE solutions across a variety of environments, and serve as a subject matter expert on the ISE tool
• Experience troubleshooting Network layer 2 and layer 3
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, load balancing, QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, Cisco firewalls and network protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking)
• Ability to analyze complex problems and implement solutions and/or workarounds
• Demonstrated initiative, flexibility and ability to adapt to changing priorities and work environments
• Attention to detail and an ability to organize and prioritize workload
• Solid problem management skills related to working network related issues
• Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
• Ability to work well within a team environment, as well as independently

About Betis Group

Betis Group, Inc. is an experienced provider of comprehensive information technology products, solutions, and services. Since 1995, we have supplied expert end-to-end support to our public and private sector clients worldwide. We offer services in the areas of systems engineering, enterprise solutions, software engineering, technology deployments, staff augmentation, infrastructure installation and upgrades, and hardware/software sales.

Betis characteristics an Equal Opportunity Employer and does not discriminate against any applicant for employment or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic prohibited under Federal, State, or local laws.