NAC Engineer

Contract Network Security Engineer (NAC Specialist) - Location: City of London (3–4 days per week on-site) - Contract Length: Initial 3 months - Rate: £500–£600 per day (Inside IR35)

We are working with a leading global IT services provider on a contract engagement supporting a large, highly regulated financial services organisation in the City of London. The engagement focuses on a Network Access Control (NAC) policy cleanup and remediation programme, aligning access controls to least privilege, zero trust, and vendor best practices.

This role requires a senior, hands-on Network Security Engineer with deep NAC expertise who can operate confidently across security engineering and network operations teams.

• Review and remediate existing NAC exception policies to ensure alignment with organisational standards and vendor best practices
• Identify and remove overly permissive or misaligned access exceptions, including inappropriate MAC-based policies
• Enforce deny-by-default, allow-list access models using identity, device type, and posture
• Implement and refine device profiling and posture validation rules
• Improve role-based access control and dynamic policy enforcement (e.g. VLAN assignment)
• Perform gap analysis against NAC vendor best practices
• Collaborate closely with Security Engineering and Network Operations teams during remediation
• Ensure changes follow formal change control processes
• Produce clear documentation including:
  • NAC exception audit reports (pre- and post-remediation)
  • Updated access control matrices
  • Final remediation and validation summaries
  • Executive-level summaries for stakeholders

• Strong hands-on experience with enterprise Network Access Control (NAC) solutions, such as:
  • Cisco ISE
  • Aruba ClearPass
  • Forescout
  • FortiNAC
• Deep knowledge of:
  • 802.1X, RADIUS / TACACS
  • Device profiling and posture assessment
  • Identity-based access control (user device)
  • Least privilege and Zero Trust principles
• Experience remediating NAC environments with large numbers of legacy or overly permissive exceptions
• Strong enterprise networking background (switching, VLANs, campus networks)
• Ability to work effectively in regulated, security-conscious environments
• Comfortable producing technical documentation and engaging with senior stakeholders

• Financial services or other highly regulated industries
• Certificate-based authentication / PKI
• Integration with directory services (e.g. AD / Azure AD)
• Logging, alerting, and SIEM integration
• Previous NAC redesign or cleanup engagements

• 3–4 days per week on-site in the City of London
• Initial 3-month contract with potential extension
• £500–£600 per day, Inside IR35