CybersecurityJobs.io
← Back to all jobs

Job Description

This onsite Senior Consultant role in San Diego, CA supports Deloitte clients in modernizing network security with cloud-delivered zero-trust using Zscaler ZIA and ZPA across on-premises and cloud environments.

Responsibilities

  • Design, deploy, and operate Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) across enterprise environments.
  • Support zero trust network access transformations, including replacing legacy VPN infrastructure and modernizing access controls.
  • Configure and optimize Zscaler security features, including policy administration, SSL/TLS inspection, Advanced Threat Protection, Data Loss Prevention, and cloud-based traffic inspection.
  • Implement branch, cloud, and application connectors across on‑premises and cloud environments (AWS, Microsoft Azure, GCP).
  • Develop technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational needs.

Requirements

  • Ability to work independently and as part of a team.
  • Effective written and verbal communication skills.
  • Meticulous attention to detail and high-quality work product.
  • Ability to build and sustain professional relationships.
  • Experience leading projects or workstreams.
  • Skill in managing and prioritizing multiple tasks in a fast-paced environment.
  • Strong interpersonal skills and professional demeanor.
  • BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology) or equivalent work experience.
  • Zscaler Digital Transformation Engineer (ZDTE) certification is required.
  • 5+ years of progressively responsible experience in network security engineering.
  • 5+ years of hands-on experience designing, deploying, and managing ZIA, including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments.
  • 5+ years of hands-on experience designing, deploying, and managing ZPA, including application segment configuration, access policies, connector deployment, and zero-trust network access architectures replacing legacy VPN infrastructure.
  • 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, with BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms.
  • 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector within cloud environments (AWS, Azure, and/or GCP) including workload-to-internet and workload-to-workload traffic inspection and integration with cloud-native networking constructs.
  • 3+ years of experience configuring and tuning Zscaler advanced security features (Cloud Sandboxing, ATP, IPS, CBI, DLP policies).
  • 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management and decryption policy design.
  • 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations and Digital Experience Monitoring (ZDX).
  • 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including policy lifecycle, rule base optimization, access reviews, and RBAC within the Zscaler Admin Portal.
  • Experience implementing ZIdentity for centralized identity management.
  • 3+ years of experience with one or more major cloud providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures.
  • <3+ years of experience deploying Zscaler Cloud Connector.
  • Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows.
  • Experience with Zscaler APIs and automation tooling (Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows.
  • Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders.
  • Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments.
  • Ability to travel up to 50 percent, depending on client and project requirements.
  • Limited immigration sponsorship may be available.

Technologies

  • Zscaler Internet Access (ZIA)
  • Zscaler Private Access (ZPA)
  • ZTNA, SSL/TLS inspection, Advanced Threat Protection (ATP)
  • Cloud Sandboxing, Intrusion Prevention (IPS), Cloud Browser Isolation (CBI)
  • Data Loss Prevention (DLP), Zscaler Branch Connector, Zscaler Cloud Connector
  • AI-powered capabilities (AI/ML-based threat intelligence, policy recommendations), Digital Experience Monitoring (ZDX)
  • ZIdentity, Terraform, Ansible, Python
  • SIEM/SOAR integrations (Splunk, Microsoft Sentinel, Palo Alto XSOAR)
  • Okta, Azure AD, Ping Identity
  • AWS, Azure, Google Cloud Platform (GCP)

Benefits

Discretionary annual incentive program.

The Team

Our Enterprise Security practice integrates security across digital transformation efforts, securing the technical backbone while enabling secure modernization. The team encompasses security architecture, secure development and deployment, end-to-end cloud security capabilities, application security, and protections for emerging technologies and connected products.

Similar Jobs