NAC Engineer

2 Days Old

Contract Network Security Engineer (NAC Specialist) Location: City of London (34 days per week on-site)
Contract Length: Initial 3 months
Rate: £500£600 per day (Inside IR35)

We are working with a leading global IT services provider on a contract engagement supporting a large, highly regulated financial services organisation in the City of London. The engagement focuses on a Network Access Control (NAC) policy cleanup and remediation programme , aligning access controls to least privilege, zero trust, and vendor best practices .
This role requires a senior, hands-on Network Security Engineer with deep NAC expertise who can operate confidently across security engineering and network operations teams.
Key Responsibilities Review and remediate existing NAC exception policies to ensure alignment with organisational standards and vendor best practices
Identify and remove overly permissive or misaligned access exceptions , including inappropriate MAC-based policies
Enforce deny-by-default, allow-list access models using identity, device type, and posture
Implement and refine device profiling and posture validation rules
Improve role-based access control and dynamic policy enforcement (e.g. VLAN assignment)
Perform gap analysis against NAC vendor best practices
Collaborate closely with Security Engineering and Network Operations teams during remediation
Ensure changes follow formal change control processes
Produce clear documentation including:
NAC exception audit reports (pre- and post-remediation)
Updated access control matrices
Final remediation and validation summaries
Executive-level summaries for stakeholders

Required Skills & Experience Strong hands-on experience with enterprise Network Access Control (NAC) solutions, such as:
Cisco ISE
Aruba ClearPass
Forescout
FortiNAC

Deep knowledge of:
802.1X , RADIUS / TACACS+
Device profiling and posture assessment
Identity-based access control (user + device)
Least privilege and Zero Trust principles

Experience remediating NAC environments with large numbers of legacy or overly permissive exceptions
Strong enterprise networking background (switching, VLANs, campus networks)
Ability to work effectively in regulated, security-conscious environments
Comfortable producing technical documentation and engaging with senior stakeholders
Desirable Experience Financial services or other highly regulated industries
Certificate-based authentication / PKI
Integration with directory services (e.g. AD / Azure AD)
Logging, alerting, and SIEM integration
Previous NAC redesign or cleanup engagements
Working Arrangements 34 days per week on-site in the City of London
Initial 3-month contract with potential extension
£500£600 per day, Inside IR35

TPBN1_UKTJ
Apply
Location:
London
Salary:
£500 - £600 per day
Job Type:
FullTime
Category:
Engineering

We found some similar jobs based on your search