CybersecurityJobs.io
← Back to all jobs

Job Description

The Cyber Zscaler Network Security Engineer / Senior Consultant contributes to Deloitte's Cyber practice by advancing clients' network security posture through cloud-based zero trust architectures. This role focuses on the design, deployment, and optimization of Zscaler capabilities across complex enterprise environments.

Location

Cleveland, OH (onsite)

Compensation

Salary: USD 105,400 - 207,800 per year

Responsibilities

  • Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments
  • Support zero trust network access transformations, including replacing legacy VPN infrastructure and modernizing access controls
  • Configure and optimize Zscaler security features such as policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
  • Architect branch, cloud, and application connectors across on‑premises and cloud environments (AWS, Microsoft Azure, and Google Cloud Platform)

Requirements

  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)
  • Zscaler Digital Transformation Engineer (ZDTE) certification is required
  • 5+ years of progressively responsible experience in network security engineering
  • 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
  • 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust network access architectures replacing legacy VPN infrastructure
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing configurations and network segmentation to replace traditional SD-WAN platforms
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including cloud deployments (AWS, Azure, and/or GCP), workload-to-internet and workload-to-workload inspection, and integration with cloud-native networking constructs (VPCs, VNets, Transit Gateways)
  • 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, ATP, IPS, CBI, and DLP policies
  • 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling certificate-pinned applications
  • 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging AI/ML-based threat intelligence for automated threat response
  • 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and RBAC within the Zscaler Admin Portal
  • Experience implementing ZIdentity for centralized identity management
  • 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
  • 3+ years of experience deploying Zscaler Cloud Connector
  • Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog
  • Experience with Zscaler APIs and automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements and communicating effectively with executive and non-technical stakeholders
  • Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
  • Ability to travel up to 50 percent on average, depending on client needs
  • Limited immigration sponsorship may be available

Technologies

  • Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Branch Connector, Zscaler Cloud Connector
  • Zscaler AI-powered capabilities, ZDX, Cloud Sandboxing, ATP, IPS, CBI, DLP
  • SSL/TLS inspection, Zscaler APIs, Terraform, Ansible, Python
  • SIEM/SOAR integrations (Splunk, Microsoft Sentinel, Palo Alto XSOAR)
  • Okta, Azure AD, Ping Identity, ZIdentity
  • AWS, GCP, Azure; SAML, SCIM

Benefits

  • Discretionary annual incentive program eligibility

Preferred Qualifications

  • Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (e.g., GPEN, GCSA)
  • Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on use cases and requirements (for example Zscaler vs Palo Alto Prisma vs Netskope)
  • Capability to perform Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities with NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks
  • Previous consulting or Big 4 experience with a track record delivering enterprise network security or SASE transformation engagements

Similar Jobs