Cyber Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Job Description
Deloitte’s Washington, DC based Enterprise Security practice offers a compelling path for professionals who want to shape secure transformations through Zscaler driven zero trust. This onsite role focuses on designing, deploying, and optimizing ZIA and ZPA to secure clients across on premise and cloud environments. The position carries a salary range of USD 105,400 to 207,800 per year and includes a discretionary annual incentive program within a collaborative, client-focused culture that values deep technical expertise and practical problem solving.
Benefits
- Discretionary annual incentive program
Responsibilities
- Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments
- Support zero trust network access transformations, including replacing legacy VPNs and modernizing access controls
- Configure and optimize Zscaler security features such as policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
- Implement branch, cloud, and application connectors across on premises and cloud environments (AWS, Azure, GCP)
- Create technical deliverables, solution designs, and client-facing recommendations aligned to security, network transformation, and operational requirements
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent experience
- Zscaler Digital Transformation Engineer (ZDTE) certification required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and ATP/DLP policies in enterprise environments
- 5+ years hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connectors, and ZTNA architectures replacing legacy VPNs
- 1+ years designing, deploying, and managing Zscaler Branch Connector with BGP/static routing and network segmentation, replacing traditional SD-WAN platforms
- 1+ years designing, deploying, and managing Zscaler Cloud Connector in cloud environments (AWS, Azure, GCP) with workload-to-internet and workload-to-workload traffic inspection
- 3+ years configuring and tuning Cloud Sandboxing, ATP, IPS, CBI, and DLP policies
- 3+ years implementing and troubleshooting SSL/TLS inspection within ZIA, including certificates, decryption policies, bypass rules, and pinned applications
- 1+ years working with Zscaler AI capabilities, including AI-driven policy recommendations and ZDX
- 3+ years defining, managing, and reviewing Zscaler security policies, including rule base optimization and RBAC in the Zscaler Admin Portal
- Experience implementing ZIdentity for centralized identity management
- 3+ years with one or more cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors in cloud-native architectures
- 3+ years deploying Zscaler Cloud Connector
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) for threat detection and incident response
- Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning and configuration-as-code workflows
- Ability to translate Zscaler architectures for executive and non-technical audiences
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM in ZIA and ZPA
- Willingness to travel up to 50% on average depending on client engagements
- Limited immigration sponsorship may be available
Technologies
- Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Branch Connector, Zscaler Cloud Connector
- Zscaler AI capabilities, ZDX, SSL/TLS inspection, Cloud Sandboxing, ATP, IPS, CBI, DLP
- ZIdentity, AWS, Azure, GCP
- SIEM/SOAR: Splunk, Microsoft Sentinel, Palo Alto XSOAR
- Terraform, Ansible, Python
- Okta, Azure AD, Ping Identity
The Team
Our Enterprise Security offering embeds security across digital transformation initiatives, securing a client’s technical backbone while enabling secure innovation. The team spans security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.
Preferred Qualifications
- Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents
- Ability to conduct SASE vendor competitive analyses and advise on solution selection (eg, Zscaler vs Palo Alto Prisma vs Netskope)
- Experience performing Zero Trust Architecture assessments and roadmaps aligned to NIST SP 800-207 or CISA Zero Trust Maturity Model
- Previous consulting or Big Four experience with a track record of enterprise network security or SASE transformation engagements