Cyber Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Job Description
Deloitte is seeking a Cyber Zscaler Network Security Engineer / Senior Consultant to help modernize enterprise security using Zscaler across both on-premises and cloud environments. This on-site role in Minneapolis, MN centers on delivering zero-trust architectures and secure transformations for a diverse portfolio of clients, with a compensation range of USD 105,400 to 207,800 per year.
Responsibilities
- Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) capabilities across enterprise client environments
- Support ZTNA transformations, including replacing legacy VPN infrastructure and modernizing access controls
- Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, Advanced Threat Protection, Data Loss Prevention, and cloud-based traffic inspection
- Implement branch, cloud, and application connectors across on‑prem and cloud environments (AWS, Azure, GCP)
- Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience
- Zscaler Digital Transformation Engineer (ZDTE) certification required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and ATP policies in enterprise-scale environments
- 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and ZTNA architectures replacing legacy VPN infrastructure
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, including BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including deployment within AWS, Azure, and/or GCP, traffic inspection, and cloud-native networking integration
- 3+ years configuring and tuning Zscaler advanced security features (Cloud Sandboxing, ATP, IPS, CBI, and DLP policies)
- 3+ years implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling certificate-pinned applications
- 1+ years with Zscaler AI-powered capabilities (AI-driven policy recommendations, ZDX, AI/ML threat intelligence for automated threat response)
- 3+ years defining, managing, and reviewing Zscaler security policies (rule base optimization, policy lifecycle, access reviews, RBAC in the Admin Portal)
- Experience implementing ZIdentity for centralized identity management
- 3+ years with one or more major cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures <3+ years deploying Zscaler Cloud Connector
- Experience integrating Zscaler with SIEM/SOAR platforms (Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog
- Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning and configuration-as-code workflows
- Experience designing and presenting Zscaler solution architectures tailored to client requirements for executive and non-technical stakeholders
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA
- Ability to travel up to 50% on average
- Limited immigration sponsorship may be available
Technologies
- Zscaler: ZIA, ZPA, Branch Connector, Cloud Connector, ZDX, ZIdentity, AI-powered capabilities
- Cloud platforms: AWS, Microsoft Azure, Google Cloud Platform (GCP)
- Networking: VPCs, VNets, Transit Gateways, BGP, static routing
- Automation and tooling: Terraform, Ansible, Python
- Security and monitoring: Splunk, Microsoft Sentinel, Palo Alto XSOAR
- Identity and access: ZIdentity, Okta, Azure AD, Ping Identity
- APIs and administration: Zscaler APIs, Zscaler Admin Portal
The Team
Our Enterprise Security practice weaves security into every facet of digital transformation, aligning security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.
Preferred Qualifications
- Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents
- Ability to conduct SASE vendor competitive analyses and advise on solution selection based on use cases and requirements
- Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model
- Previous consulting or Big 4 experience delivering enterprise network security or SASE transformation engagements