CybersecurityJobs.io
← Back to all jobs

Job Description

Deloitte is seeking a Cyber Zscaler Network Security Engineer / Senior Consultant to help modernize enterprise security using Zscaler across both on-premises and cloud environments. This on-site role in Minneapolis, MN centers on delivering zero-trust architectures and secure transformations for a diverse portfolio of clients, with a compensation range of USD 105,400 to 207,800 per year.

Responsibilities

  • Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) capabilities across enterprise client environments
  • Support ZTNA transformations, including replacing legacy VPN infrastructure and modernizing access controls
  • Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, Advanced Threat Protection, Data Loss Prevention, and cloud-based traffic inspection
  • Implement branch, cloud, and application connectors across on‑prem and cloud environments (AWS, Azure, GCP)
  • Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements

Requirements

  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience
  • Zscaler Digital Transformation Engineer (ZDTE) certification required
  • 5+ years of progressively responsible experience in network security engineering
  • 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and ATP policies in enterprise-scale environments
  • 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and ZTNA architectures replacing legacy VPN infrastructure
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, including BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including deployment within AWS, Azure, and/or GCP, traffic inspection, and cloud-native networking integration
  • 3+ years configuring and tuning Zscaler advanced security features (Cloud Sandboxing, ATP, IPS, CBI, and DLP policies)
  • 3+ years implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling certificate-pinned applications
  • 1+ years with Zscaler AI-powered capabilities (AI-driven policy recommendations, ZDX, AI/ML threat intelligence for automated threat response)
  • 3+ years defining, managing, and reviewing Zscaler security policies (rule base optimization, policy lifecycle, access reviews, RBAC in the Admin Portal)
  • Experience implementing ZIdentity for centralized identity management
  • 3+ years with one or more major cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
  • <3+ years deploying Zscaler Cloud Connector
  • Experience integrating Zscaler with SIEM/SOAR platforms (Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog
  • Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning and configuration-as-code workflows
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements for executive and non-technical stakeholders
  • Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA
  • Ability to travel up to 50% on average
  • Limited immigration sponsorship may be available

Technologies

  • Zscaler: ZIA, ZPA, Branch Connector, Cloud Connector, ZDX, ZIdentity, AI-powered capabilities
  • Cloud platforms: AWS, Microsoft Azure, Google Cloud Platform (GCP)
  • Networking: VPCs, VNets, Transit Gateways, BGP, static routing
  • Automation and tooling: Terraform, Ansible, Python
  • Security and monitoring: Splunk, Microsoft Sentinel, Palo Alto XSOAR
  • Identity and access: ZIdentity, Okta, Azure AD, Ping Identity
  • APIs and administration: Zscaler APIs, Zscaler Admin Portal

The Team

Our Enterprise Security practice weaves security into every facet of digital transformation, aligning security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.

Preferred Qualifications

  • Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents
  • Ability to conduct SASE vendor competitive analyses and advise on solution selection based on use cases and requirements
  • Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model
  • Previous consulting or Big 4 experience delivering enterprise network security or SASE transformation engagements

Similar Jobs