CyKor

C2C Architect – DHS

CyKor

contract

Posted on:

Location Type: Hybrid

Location: AlexandriaVirginiaWest VirginiaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

FirewallsITSMJamfLinuxMacOSNode.jsPythonSplunkSwitching

About the role

  • Lead architecture and design of Cisco ISE 3.x solutions (multi-node personas, PSN scaling, redundancy, PKI integration, backup/DR).
  • Map ISE capabilities (802.1X/EAP-TLS, MAB, profiling, posture, SGT/TrustSec, pxGrid, TACACS+) to DoD C2C controls and Zero Trust policies.
  • Design and document high-level (HLD) and low-level (LLD) architectures, test plans, cutover/runbooks, and operational documentation.
  • Work jointly with another Architect to ensure consistent design standards and interoperability across USCG network segments.
  • Support configuration, testing, and deployment of ISE-based NAC solutions across campus, data center, and wireless infrastructures.
  • Integrate ISE with adjacent tools and platforms, including: SIEMs (Splunk/Elastic), Next-Generation Firewalls, Endpoint Protection/EDR, MDM/UEM (Intune, JAMF), Vulnerability Management (Tenable/ACAS), ITSM platforms.
  • Support RMF/ATO documentation (SSP inputs, POA&Ms, control traceability).
  • Act as the technical SME and primary liaison for DHS stakeholders, security teams, and third-party vendors.
  • Participate in joint architecture reviews and cross-domain integration testing with DHS engineering teams.

Requirements

  • Active DoD Secret Clearance (or higher)
  • IAT Level III certification such as CCIE Security, CCNP Security, or Cisco ISE Specialist / DoD 8570/8140: Security+ CE, CISSP, or CASP+
  • 7+ years of ISE design and deployment experience in DoD environments
  • Proven experience implementing DoD C2C solutions, including endpoint identification, compliance enforcement, and automated remediation workflows
  • Technical Skills: 802.1X/EAP-TLS, supplicant configuration (Windows/macOS/Linux), MAB fallback, guest/BYOD posture and profiling TrustSec/SGT design pxGrid, ERS/REST APIs, Python automation
  • Enterprise PKI (DoD PKI/CAC, AD CS, SCEP/EST)
  • Core routing/switching, TACACS+, wireless integration
  • Familiarity with DISA STIGs, RMF, ACAS/Tenable, and audit documentation
  • Scripting experience (Python, REST APIs), version control (Git), and Infrastructure-as-Code familiarity.
Benefits
  • CyKor is an equal opportunity employer and values diversity in the workplace.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Cisco ISE 3.x802.1XEAP-TLSMABTrustSecpxGridPythonREST APIsscriptingInfrastructure-as-Code
Soft Skills
leadershipcommunicationcollaborationtechnical SMEinteroperability
Certifications
DoD Secret ClearanceCCIE SecurityCCNP SecurityCisco ISE SpecialistSecurity+ CECISSPCASP+