CybersecurityJobs.io
← Back to all jobs

Job Description

Deloitte’s Cyber practice is looking for a Zscaler Network Security Engineer / Senior Consultant to help clients modernize their network security with cloud-delivered zero-trust architectures (ZIA and ZPA) across both on-prem and cloud environments. This onsite role in Cincinnati, OH carries a competitive salary range of USD 105,400 to 207,800 per year and requires a BA/BS degree with several years of hands-on experience.

Responsibilities

  • Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments.
  • Support zero trust network access (ZTNA) transformations, replacing legacy VPN infrastructures and modernizing access controls.
  • Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection.
  • Implement branch, cloud, and application connector architectures across on-premises and cloud environments (AWS, Azure, GCP).
  • Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operations.

Requirements

  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience.
  • Zscaler Digital Transformation Engineer (ZDTE) certification is required.
  • 5+ years of progressively responsible experience in network security engineering.
  • 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and ATP policies in enterprise-scale environments.
  • 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust architectures replacing legacy VPNs.
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing and network segmentation to replace traditional SD-WAN.
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector in cloud environments (AWS, Azure, GCP), including workload-to-internet and workload-to-workload inspection and integration with VPCs/VNets/Transit Gateways.
  • 3+ years of experience configuring and tuning Zscaler advanced security features (Cloud Sandboxing, ATP, IPS, CBI, DLP policies).
  • 3+ years of experience implementing and troubleshooting SSL/TLS inspection in ZIA, including certificate management and decryption policy design.
  • 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations and ZDX, plus leveraging AI/ML threat intelligence for automated threat response.
  • 3+ years of experience defining, managing, and reviewing Zscaler security policies, including rule-base optimization, policy lifecycle, and RBAC in the Zscaler Admin Portal.
  • Experience implementing ZIdentity for centralized identity management.
  • 3+ years of experience with one or more major cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures.
  • 3+ years of experience deploying Zscaler Cloud Connector.
  • Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog.
  • Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning and policy management.
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements and communicating with executive and non-technical stakeholders.
  • Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments.
  • Ability to travel up to 50% on average, depending on client work and engagements.
  • Limited immigration sponsorship may be available.
  • Ability to work independently and as part of a team, with strong communication, attention to detail, and relationship-building skills.
  • Capability to lead projects or workstreams and manage multiple tasks in a fast-paced environment.

Technologies

  • Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Branch Connector, Zscaler Cloud Connector, Zscaler Digital Experience (ZDX), Zscaler AI-powered capabilities
  • AWS, Microsoft Azure, Google Cloud Platform (GCP)
  • Zscaler APIs, Terraform, Ansible, Python
  • SIEM/SOAR: Splunk, Microsoft Sentinel, Palo Alto XSOAR
  • Identity and access: Okta, Azure AD, Ping Identity, SAML/SCIM-based authentication
  • Networking: VPCs, VNets, Transit Gateways, SSL/TLS inspection
  • Security features: Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), Data Loss Prevention (DLP)
  • ZIdentity for centralized identity management

The Team

Our Enterprise Security offering weaves security into every phase of digital transformation, securing a client’s technical backbone while enabling secure evolution. The practice covers security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and protection for emerging technologies and connected products.

Similar Jobs