Cyber Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Job Description
The Cyber Zscaler Network Security Engineer / Senior Consultant contributes to Deloitte's Cyber practice by advancing clients' network security posture through cloud-based zero trust architectures. This role focuses on the design, deployment, and optimization of Zscaler capabilities across complex enterprise environments.
Location
Cleveland, OH (onsite)
Compensation
Salary: USD 105,400 - 207,800 per year
Responsibilities
- Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments
- Support zero trust network access transformations, including replacing legacy VPN infrastructure and modernizing access controls
- Configure and optimize Zscaler security features such as policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
- Architect branch, cloud, and application connectors across on‑premises and cloud environments (AWS, Microsoft Azure, and Google Cloud Platform)
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)
- Zscaler Digital Transformation Engineer (ZDTE) certification is required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
- 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust network access architectures replacing legacy VPN infrastructure
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing configurations and network segmentation to replace traditional SD-WAN platforms
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including cloud deployments (AWS, Azure, and/or GCP), workload-to-internet and workload-to-workload inspection, and integration with cloud-native networking constructs (VPCs, VNets, Transit Gateways)
- 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, ATP, IPS, CBI, and DLP policies
- 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling certificate-pinned applications
- 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging AI/ML-based threat intelligence for automated threat response
- 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and RBAC within the Zscaler Admin Portal
- Experience implementing ZIdentity for centralized identity management
- 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
- 3+ years of experience deploying Zscaler Cloud Connector
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog
- Experience with Zscaler APIs and automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
- Experience designing and presenting Zscaler solution architectures tailored to client requirements and communicating effectively with executive and non-technical stakeholders
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
- Ability to travel up to 50 percent on average, depending on client needs
- Limited immigration sponsorship may be available
Technologies
- Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Branch Connector, Zscaler Cloud Connector
- Zscaler AI-powered capabilities, ZDX, Cloud Sandboxing, ATP, IPS, CBI, DLP
- SSL/TLS inspection, Zscaler APIs, Terraform, Ansible, Python
- SIEM/SOAR integrations (Splunk, Microsoft Sentinel, Palo Alto XSOAR)
- Okta, Azure AD, Ping Identity, ZIdentity
- AWS, GCP, Azure; SAML, SCIM
Benefits
- Discretionary annual incentive program eligibility
Preferred Qualifications
- Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (e.g., GPEN, GCSA)
- Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on use cases and requirements (for example Zscaler vs Palo Alto Prisma vs Netskope)
- Capability to perform Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities with NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks
- Previous consulting or Big 4 experience with a track record delivering enterprise network security or SASE transformation engagements