Network Engineer

Hello Network!

I hope you're well,

We are looking for a Network Engineer with Aruba ClearPass Expertise:

• Proficiency in configuring and managing Aruba ClearPass Policy Manager (CPPM) for network access control (NAC).
• Experience with ClearPass features like RADIUS, TACACS+, Guest Access, BYOD onboarding, and device profiling.
• Knowledge of ClearPass integrations with third-party systems (e.g., Intune and MDM)
• Ability to design and implement role-based access policies based on user identity, device type, location, and security posture.
• Familiarity with ClearPass Device Insight or Aruba Central Client Insights for AI-powered device discovery and profiling.
• Proficiency in building ClearPass clusters, new server installation and Disaster recovery.

802.1X Authentication:

• Deep understanding of IEEE 802.1X port-based authentication protocols (e.g., EAP-PEAP, EAP-TLS, EAP-TEAP, MSCHAPv2).
• Experience configuring 802.1X on wired and wireless networks, including switches, wireless controllers, and access points.
• Knowledge of certificate-based authentication (e.g., EAP-TLS) and managing certificate authorities (CAs) for secure onboarding.
• Ability to troubleshoot 802.1X authentication failures using tools like ClearPass Access Tracker, packet captures, and logs and Cisco ISE.

MAC Authentication Bypass (MAB):

• Expertise in implementing MAB for devices that do not support 802.1X (e.g., IoT devices, printers, building automation systems).
• Knowledge of MAB configuration on network devices (e.g., Cisco, Aruba switches) and ClearPass enforcement policies and Cisco ISE.
• Understanding of MAB security limitations and best practices, such as placing MAB clients in isolated VLANs or VRFs for enhanced security.
• Ability to combine MAB with device profiling (e.g., MAC vendor, known device status) for granular policy enforcement.

Cisco Identity Services Engine (ISE) Expertise:

• Proficiency in configuring and managing Cisco ISE for network access control and policy enforcement.
• Experience with Cisco ISE features, including Profiling, Guest Services, Radius and TACACS+
• Knowledge of ISE policy creation for authentication, authorization, and accounting (AAA) using attributes like user groups, device types, and compliance status.
• Familiarity with Cisco ISE High Availability (HA) deployment, clustering, and backup/restore procedures.
• RADIUS and AAA:
• In-depth understanding of RADIUS protocols and AAA (Authentication, Authorization, Accounting) frameworks.
• Experience configuring RADIUS servers (ClearPass, Cisco ISE) and Network Access Devices (NADs) like switches and wireless controllers.
• Familiarity with RADIUS Change of Authorization (CoA) and dynamic authorization for real-time policy updates.

Certifications (Good to have):

• Aruba Certified ClearPass Associate (ACCA)
• Aruba Certified ClearPass Professional (ACCP)

Experience in Python Language and Ansible Automation tool in order to automate in NAC and Network area.

If interested, or you know someone that could be please reach out and we can arrange a time to speak?