CybersecurityJobs.io
← Back to all jobs

Job Description

Senior Consultant role in Deloitte's Cyber Enterprise Security team focused on modernizing network security with cloud-delivered zero trust architectures using Zscaler across on-premises and cloud environments.

Responsibilities

  • Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments
  • Support zero trust network access transformations, including replacement of legacy VPN infrastructure and modernization of access controls
  • Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, Advanced Threat Protection, Data Loss Prevention, and cloud-based traffic inspection
  • Implement branch, cloud, and application connector architectures across on-premises and cloud environments, including AWS, Azure, and GCP
  • Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements

Requirements

  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience
  • Zscaler Digital Transformation Engineer (ZDTE) certification required
  • 5+ years of progressively responsible experience in network security engineering
  • 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
  • 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust network access (ZTNA) architectures replacing legacy VPN infrastructure
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector in cloud environments (AWS, Azure, and/or GCP), including workload-to-internet and workload-to-workload traffic inspection and integration with cloud-native networking constructs (VPCs, VNets, Transit Gateways)
  • 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), and DLP policies
  • 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling of certificate-pinned applications
  • 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging AI/ML threat intelligence for automated threat response
  • 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and RBAC within the Zscaler Admin Portal
  • Experience implementing ZIdentity for centralized identity management
  • 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
  • 3+ years of experience deploying Zscaler Cloud Connector
  • Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows
  • Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders
  • Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
  • Ability to travel up to 50% on average, based on client needs
  • Limited immigration sponsorship may be available

Technologies

  • Zscaler Internet Access (ZIA)
  • Zscaler Private Access (ZPA)
  • Zscaler Branch Connector
  • Zscaler Cloud Connector
  • ZDX
  • AWS
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Terraform
  • Ansible
  • Python
  • Splunk
  • Microsoft Sentinel
  • Palo Alto XSOAR
  • Okta
  • Azure AD
  • Ping Identity
  • ZIdentity

Benefits

  • Discretionary annual incentive program

The Team

Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client's technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.

Preferred Qualifications

  • Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (GPEN, GCSA)
  • Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on specific use cases and requirements (for example Zscaler vs Palo Alto Prisma vs Netskope)
  • Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks
  • Previous consulting or Big 4 experience, with a track record of delivering enterprise network security or SASE transformation engagements

Similar Jobs