CybersecurityJobs.io
← Back to all jobs

Job Description

Deloitte seeks a Zscaler Network Security Engineer / Senior Consultant to modernize enterprise networks using Zscaler cloud-delivered zero-trust architectures.

Responsibilities

  • Designing, deploying, and managing Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) capabilities across enterprise client environments
  • Supporting zero trust network access (ZTNA) transformations, including replacement of legacy virtual private network (VPN) infrastructure and modernization of access controls
  • Configuring and optimizing Zscaler security features, including policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
  • Implementing branch, cloud, and application connector architectures across on-premises and cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
  • Developing technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements

Requirements

  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)
  • Zscaler Digital Transformation Engineer (ZDTE) certification required
  • 5+ years of progressively responsible experience in network security engineering
  • 5+ years of hands-on experience designing, deploying, and managing Zscaler Internet Access (ZIA), including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
  • 5+ years of hands-on experience designing, deploying, and managing Zscaler Private Access (ZPA), including application segment configuration, access policies, connector deployment, and zero trust network access (ZTNA) architectures replacing legacy VPN infrastructure
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, and configuring BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms (e.g., Cisco, VMware, Aruba)
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including deployment within cloud environments (AWS, Azure, and/or GCP), workload-to-internet and workload-to-workload traffic inspection, and integration with cloud-native networking constructs (e.g., VPCs, VNets, Transit Gateways)
  • 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), and Data Loss Prevention (DLP) policies
  • 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling of certificate-pinned applications
  • 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging Zscaler's AI/ML-based threat intelligence for automated threat response
  • 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and role-based access controls within the Zscaler Admin Portal
  • Experience implementing ZIdentity for centralized identity management
  • 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
  • 3+ years of experience deploying Zscaler Cloud Connector
  • Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows
  • Experience with Zscaler APIs and automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders
  • Familiarity with identity provider integrations (e.g., Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
  • Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve
  • Limited immigration sponsorship may be available

Technologies

  • Zscaler Internet Access (ZIA)
  • Zscaler Private Access (ZPA)
  • Zscaler Branch Connector
  • Zscaler Cloud Connector
  • Zscaler AI-powered capabilities
  • ZDX (Zscaler Digital Experience Monitoring)
  • ZIdentity
  • AWS
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Splunk
  • Microsoft Sentinel
  • Palo Alto XSOAR
  • Terraform
  • Ansible
  • Python
  • Okta
  • Azure AD
  • Ping Identity

Benefits

  • Discretionary annual incentive program eligibility

The Team

Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client's technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.

Similar Jobs