Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Cloud Architecture
Cloud Platforms
Consultant
Cybersecurity Tools
Engineer
Identity and Access Management
Information Security
Information Technology (IT)
InfoSec
Palo Alto Networks
Sase/ztna
Security
Solution Architecture
Splunk
Strategic Advisory
Strategic Planning
Zscaler
Zscaler Digital Experience
Job Description
Senior Consultant role in Deloitte's Cyber Enterprise Security team focused on modernizing network security with cloud-delivered zero trust architectures using Zscaler across on-premises and cloud environments.
Responsibilities
- Design, deploy, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise client environments
- Support zero trust network access transformations, including replacement of legacy VPN infrastructure and modernization of access controls
- Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, Advanced Threat Protection, Data Loss Prevention, and cloud-based traffic inspection
- Implement branch, cloud, and application connector architectures across on-premises and cloud environments, including AWS, Azure, and GCP
- Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements
Requirements
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience
- Zscaler Digital Transformation Engineer (ZDTE) certification required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
- 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero trust network access (ZTNA) architectures replacing legacy VPN infrastructure
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector in cloud environments (AWS, Azure, and/or GCP), including workload-to-internet and workload-to-workload traffic inspection and integration with cloud-native networking constructs (VPCs, VNets, Transit Gateways)
- 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), and DLP policies
- 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling of certificate-pinned applications
- 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging AI/ML threat intelligence for automated threat response
- 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and RBAC within the Zscaler Admin Portal
- Experience implementing ZIdentity for centralized identity management
- 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures
- 3+ years of experience deploying Zscaler Cloud Connector
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows
- Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
- Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
- Ability to travel up to 50% on average, based on client needs
- Limited immigration sponsorship may be available
Technologies
- Zscaler Internet Access (ZIA)
- Zscaler Private Access (ZPA)
- Zscaler Branch Connector
- Zscaler Cloud Connector
- ZDX
- AWS
- Microsoft Azure
- Google Cloud Platform (GCP)
- Terraform
- Ansible
- Python
- Splunk
- Microsoft Sentinel
- Palo Alto XSOAR
- Okta
- Azure AD
- Ping Identity
- ZIdentity
Benefits
- Discretionary annual incentive program
The Team
Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client's technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.
Preferred Qualifications
- Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (GPEN, GCSA)
- Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on specific use cases and requirements (for example Zscaler vs Palo Alto Prisma vs Netskope)
- Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks
- Previous consulting or Big 4 experience, with a track record of delivering enterprise network security or SASE transformation engagements