Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Cloud Platform
Cloud Platforms
Cloud Solutions
Consultant
Cybersecurity Tools
Digital Transformation
Engineer
Identity and Access Management
Information Security
Sase/ztna
Security
Security Automation
Solution Architecture
Splunk
Splunk Enterprise Security
Zero Trust Architecture
Zscaler
Zscaler Digital Experience
Job Description
Deloitte’s Cyber practice is looking for a Zscaler Network Security Engineer / Senior Consultant to help clients modernize their network security with cloud-delivered zero-trust architectures (ZIA and ZPA) across both on-prem and cloud environments. This onsite role in Cincinnati, OH carries a competitive salary range of USD 105,400 to 207,800 per year and requires a BA/BS degree with several years of hands-on experience.
Responsibilities
- Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments.
- Support zero trust network access (ZTNA) transformations, replacing legacy VPN infrastructures and modernizing access controls.
- Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection.
- Implement branch, cloud, and application connector architectures across on-premises and cloud environments (AWS, Azure, GCP).
- Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operations.
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience.
- Zscaler Digital Transformation Engineer (ZDTE) certification is required.
- 5+ years of progressively responsible experience in network security engineering.
- 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and ATP policies in enterprise-scale environments.
- 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust architectures replacing legacy VPNs.
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing and network segmentation to replace traditional SD-WAN.
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector in cloud environments (AWS, Azure, GCP), including workload-to-internet and workload-to-workload inspection and integration with VPCs/VNets/Transit Gateways.
- 3+ years of experience configuring and tuning Zscaler advanced security features (Cloud Sandboxing, ATP, IPS, CBI, DLP policies).
- 3+ years of experience implementing and troubleshooting SSL/TLS inspection in ZIA, including certificate management and decryption policy design.
- 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations and ZDX, plus leveraging AI/ML threat intelligence for automated threat response.
- 3+ years of experience defining, managing, and reviewing Zscaler security policies, including rule-base optimization, policy lifecycle, and RBAC in the Zscaler Admin Portal.
- Experience implementing ZIdentity for centralized identity management.
- 3+ years of experience with one or more major cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures.
- 3+ years of experience deploying Zscaler Cloud Connector.
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog.
- Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning and policy management.
- Experience designing and presenting Zscaler solution architectures tailored to client requirements and communicating with executive and non-technical stakeholders.
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments.
- Ability to travel up to 50% on average, depending on client work and engagements.
- Limited immigration sponsorship may be available.
- Ability to work independently and as part of a team, with strong communication, attention to detail, and relationship-building skills.
- Capability to lead projects or workstreams and manage multiple tasks in a fast-paced environment.
Technologies
- Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Branch Connector, Zscaler Cloud Connector, Zscaler Digital Experience (ZDX), Zscaler AI-powered capabilities
- AWS, Microsoft Azure, Google Cloud Platform (GCP)
- Zscaler APIs, Terraform, Ansible, Python
- SIEM/SOAR: Splunk, Microsoft Sentinel, Palo Alto XSOAR
- Identity and access: Okta, Azure AD, Ping Identity, SAML/SCIM-based authentication
- Networking: VPCs, VNets, Transit Gateways, SSL/TLS inspection
- Security features: Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), Data Loss Prevention (DLP)
- ZIdentity for centralized identity management
The Team
Our Enterprise Security offering weaves security into every phase of digital transformation, securing a client’s technical backbone while enabling secure evolution. The practice covers security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and protection for emerging technologies and connected products.