Cyber Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Analytics
Cloud
Cloud Architecture
Cloud Platforms
Cloud Technology
Consultant
Cybersecurity Tools
Data Security
Engineer
Identity and Access Management
Information Security
Information Technology (IT)
InfoSec
Infrastructure As Code
Palo Alto Networks
Sase/ztna
Security
Security Automation
Solution Architecture
Splunk
Splunk Enterprise Security
Strategic Advisory
Zero Trust Architecture
Zscaler
Zscaler Digital Experience
Job Description
Deloitte seeks a Zscaler Network Security Engineer / Senior Consultant to modernize enterprise networks using Zscaler cloud-delivered zero-trust architectures.
Responsibilities
- Designing, deploying, and managing Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) capabilities across enterprise client environments
- Supporting zero trust network access (ZTNA) transformations, including replacement of legacy virtual private network (VPN) infrastructure and modernization of access controls
- Configuring and optimizing Zscaler security features, including policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
- Implementing branch, cloud, and application connector architectures across on-premises and cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
- Developing technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)
- Zscaler Digital Transformation Engineer (ZDTE) certification required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years of hands-on experience designing, deploying, and managing Zscaler Internet Access (ZIA), including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
- 5+ years of hands-on experience designing, deploying, and managing Zscaler Private Access (ZPA), including application segment configuration, access policies, connector deployment, and zero trust network access (ZTNA) architectures replacing legacy VPN infrastructure
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, and configuring BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms (e.g., Cisco, VMware, Aruba)
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including deployment within cloud environments (AWS, Azure, and/or GCP), workload-to-internet and workload-to-workload traffic inspection, and integration with cloud-native networking constructs (e.g., VPCs, VNets, Transit Gateways)
- 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), and Data Loss Prevention (DLP) policies
- 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling of certificate-pinned applications
- 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging Zscaler's AI/ML-based threat intelligence for automated threat response
- 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and role-based access controls within the Zscaler Admin Portal
- Experience implementing ZIdentity for centralized identity management
- 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
- 3+ years of experience deploying Zscaler Cloud Connector
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows
- Experience with Zscaler APIs and automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
- Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders
- Familiarity with identity provider integrations (e.g., Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
- Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve
- Limited immigration sponsorship may be available
Technologies
- Zscaler Internet Access (ZIA)
- Zscaler Private Access (ZPA)
- Zscaler Branch Connector
- Zscaler Cloud Connector
- Zscaler AI-powered capabilities
- ZDX (Zscaler Digital Experience Monitoring)
- ZIdentity
- AWS
- Microsoft Azure
- Google Cloud Platform (GCP)
- Splunk
- Microsoft Sentinel
- Palo Alto XSOAR
- Terraform
- Ansible
- Python
- Okta
- Azure AD
- Ping Identity
Benefits
- Discretionary annual incentive program eligibility
The Team
Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client's technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.