L3 Network Engineer/Team Leader

teleglobal

The L3 Engineer will be responsible for design, deployment, troubleshooting, and optimization of enterprise network environments focusing on Cisco SD-Access (SDA) and Cisco Identity Services Engine (ISE). The role requires deep technical ownership, architecture-level thinking, and handling complex escalations across campus networks, NAC, and segmentation.

Key Responsibilities

1. Cisco SD-Access (SDA)
   • Design and implement fabric using Cisco DNA Center
   • Deploy and manage: Control Plane Nodes, Border Nodes, Edge Nodes Fabric domains and multi-site SDA
   • Strong expertise in:
     • Underlay (OSPF/IS-IS, ECMP design)
     • Overlay (VXLAN, LISP control-plane behavior)
   • Implement segmentation: Virtual Networks (VN), Scalable Group Tags (SGT)
   • Perform: Fabric provisioning, SWIM upgrades, automation workflows
   • Troubleshoot: Fabric issues (LISP registration, VXLAN encapsulation, endpoint mobility)
2. Cisco ISE (Identity Services Engine)
   • Deploy and manage Cisco Identity Services Engine (ISE) in distributed architecture
   • Configure: 802.1X, MAB, Guest, BYOD onboarding
   • Policy Sets, Authorization Profiles, Profiling
   • Advanced experience in: EAP-TLS, PEAP authentication flows
   • PKI & certificate lifecycle management
   • Implement: TrustSec (SGT, SGACL), posture compliance
   • Integrate with: Active Directory / LDAP / MDM solutions
   • Troubleshoot: RADIUS/TACACS+, endpoint authentication & authorization failures
3. Cisco TrustSec & Segmentation
   • Design and implement: Micro-segmentation using SGT & SGACL
   • Experience in: SGT propagation across SDA & non-SDA networks
   • Integration with firewalls (e.g., Fortinet, Palo Alto)
4. Network Troubleshooting (L3 Escalation Handling)
   • Handle complex P1/P2 incidents across: SDA fabric, NAC, LAN/WLAN
   • Perform: Deep packet analysis (RADIUS, DHCP, DNS, EAP)
   • Tools: Wireshark, CLI debugs
   • Conduct: Root Cause Analysis (RCA) with preventive measures
5. Wireless & Mobility Integration
   • Integrate SDA with Cisco WLC (9800 series preferred)
   • Troubleshoot: Roaming issues, policy enforcement failures
   • Implement: Identity-based wireless access via ISE
6. Security & Zero Trust Architecture
   • Implement Zero Trust using SDA + ISE
   • Design: Identity-based access control policies
   • Handle: Threat containment and dynamic access enforcement
7. WAN & Data Center Integration
   • Integration of SDA with: MPLS WAN, Internet edge
   • Exposure to: SD-WAN (Cisco Viptela)
   • Fusion router & border node design
   • Basic understanding of: VXLAN EVPN (Data Center fabrics)
8. Operational Excellence
   • Handle: Major incidents and escalations
   • Work within: ITIL processes (Incident, Change, Problem Management)
   • Mentor: L1/L2 engineers and act as escalation point

Technical Skills Required

Core Networking

• Routing: BGP, OSPF, EIGRP
• Switching: VLANs, STP, HSRP/VRRP

Core Technologies

• Cisco SD-Access (VXLAN, LISP)
• Cisco ISE (AAA, NAC, TrustSec)
• Wireless (Cisco WLC)

Soft Skills

• Strong analytical and troubleshooting skills
• Ability to handle high-pressure L3 escalations
• Clear communication with stakeholders and clients