NAC Engineer
2 Days Old
Location:
City of London (34 days per week on-site) Contract Length:
Initial 3 months Rate:
£500£600 per day (Inside IR35)
We are working with a leading global IT services provider on a contract engagement supporting a
large, highly regulated financial services organisation
in the City of London. The engagement focuses on a
Network Access Control (NAC) policy cleanup and remediation programme , aligning access controls to
least privilege, zero trust, and vendor best practices . This role requires a
senior, hands-on Network Security Engineer
with deep NAC expertise who can operate confidently across
security engineering and network operations
teams. Key Responsibilities
Review and remediate existing
NAC exception policies
to ensure alignment with organisational standards and vendor best practices Identify and remove
overly permissive or misaligned access exceptions , including inappropriate MAC-based policies Enforce
deny-by-default, allow-list access models
using identity, device type, and posture Implement and refine
device profiling and posture validation
rules Improve
role-based access control
and dynamic policy enforcement (e.g. VLAN assignment) Perform
gap analysis
against NAC vendor best practices Collaborate closely with
Security Engineering and Network Operations
teams during remediation Ensure changes follow formal
change control
processes Produce clear documentation including: NAC exception audit reports (pre- and post-remediation) Updated access control matrices Final remediation and validation summaries Executive-level summaries for stakeholders
Required Skills & Experience
Strong hands-on experience with
enterprise Network Access Control (NAC)
solutions, such as: Cisco ISE Aruba ClearPass Forescout FortiNAC
Deep knowledge of: 802.1X , RADIUS / TACACS+ Device profiling and posture assessment Identity-based access control (user + device) Least privilege and Zero Trust principles
Experience remediating NAC environments with
large numbers of legacy or overly permissive exceptions Strong enterprise networking background (switching, VLANs, campus networks) Ability to work effectively in
regulated, security-conscious environments Comfortable producing technical documentation and engaging with senior stakeholders Desirable Experience
Financial services or other highly regulated industries Certificate-based authentication / PKI Integration with directory services (e.g. AD / Azure AD) Logging, alerting, and SIEM integration Previous NAC redesign or cleanup engagements Working Arrangements
34 days per week on-site in the
City of London Initial 3-month contract with potential extension £500£600 per day,
Inside IR35
TPBN1_UKTJ
- Location:
- United Kingdom
- Job Type:
- FullTime
- Category:
- Engineering
