Network Security Architect

• Proficiency in configuring and managing Aruba ClearPass Policy Manager (CPPM) for network access control (NAC).
• Experience with ClearPass features like RADIUS, TACACS+, Guest Access, BYOD onboarding, and device profiling.
• Knowledge of ClearPass integrations with third-party systems (e.g., Intune and MDM)
• Ability to design and implement role-based access policies based on user identity, device type, location, and security posture.
• Familiarity with ClearPass Device Insight or Aruba Central Client Insights for AI-powered device discovery and profiling.
• Proficiency in building ClearPass clusters, new server installation and Disaster recovery.

802.1X Authentication:

• Deep understanding of IEEE 802.1X port-based authentication protocols (e.g., EAP-PEAP, EAP-TLS, EAP-TEAP, MSCHAPv2).
• Experience configuring 802.1X on wired and wireless networks, including switches, wireless controllers, and access points.
• Knowledge of certificate-based authentication (e.g., EAP-TLS) and managing certificate authorities (CAs) for secure onboarding.
• Ability to troubleshoot 802.1X authentication failures using tools like ClearPass Access Tracker, packet captures, and logs and Cisco ISE.

MAC Authentication Bypass (MAB):

• Expertise in implementing MAB for devices that do not support 802.1X (e.g., IoT devices, printers, building automation systems).
• Knowledge of MAB configuration on network devices (e.g., Cisco, Aruba switches) and ClearPass enforcement policies and Cisco ISE.
• Understanding of MAB security limitations and best practices, such as placing MAB clients in isolated VLANs or VRFs for enhanced security.
• Ability to combine MAB with device profiling (e.g., MAC vendor, known device status) for granular policy enforcement.

Cisco Identity Services Engine (ISE) Expertise:

• Proficiency in configuring and managing Cisco ISE for network access control and policy enforcement.
• Experience with Cisco ISE features, including Profiling, Guest Services, Radius and TACACS+
• Knowledge of ISE policy creation for authentication, authorization, and accounting (AAA) using attributes like user groups, device types, and compliance status.
• Familiarity with Cisco ISE High Availability (HA) deployment, clustering, and backup/restore procedures.
• RADIUS and AAA:
• In-depth understanding of RADIUS protocols and AAA (Authentication, Authorization, Accounting) frameworks.
• Experience configuring RADIUS servers (ClearPass, Cisco ISE) and Network Access Devices (NADs) like switches and wireless controllers.
• Familiarity with RADIUS Change of Authorization (CoA) and dynamic authorization for real-time policy updates.

Certifications (Good to have)

• Aruba Certified ClearPass Associate (ACCA)
• Aruba Certified ClearPass Professional (ACCP)

Experience in Python Language and Ansible Automation tool in order to automate in NAC and Network area.