Zscaler Engineer

Role: SASE/Zscaler Engineer/Architect
Location: NYC NY
Setting: Hybrid - 4 onsite / 1 Day Remote

Who are we looking for

We are seeking a highly skilled SASE/Zscaler Engineer/Architect with extensive experience in secure access service edge (SASE) solutions cloud security and Zscaler platform implementation. The ideal candidate will have a strong background in network security cloud architectures and WAN transformation with hands-on experience in designing deploying and managing SASE frameworks for medium to large enterprise environments preferably in financial or mission-critical organizations. This role involves both hands-on engineering and solution architecture including design implementation automation and ongoing optimization of cloud-delivered security solutions..

Indicative Activities:

• Design implement and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for enterprise-wide secure connectivity.
• Define and deploy SASE architectures integrating SD-WAN cloud security and zero trust network access (ZTNA).
• Implement policy configurations traffic steering and segmentation for secure and optimized access.
• Lead SASE adoption migration and transformation initiatives replacing traditional VPN and firewall infrastructures.
• Integrate Zscaler with identity providers (Azure AD Okta Ping) for authentication and access control.
• Develop automation scripts and workflows to streamline Zscaler configuration reporting and monitoring.
• Work with network security and cloud teams to ensure seamless integration of SASE solutions into the enterprise environment.
• Monitor troubleshoot and optimize performance availability and security policies for cloud-delivered services.
• Conduct security reviews vulnerability assessments and compliance audits related to cloud access and data protection.
• Document SASE architecture standard operating procedures and best practices.

Technical Skills:

Must Have

• Hands-on experience with Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA).
• Strong knowledge of SASE concepts zero trust network access (ZTNA) cloud security and SD-WAN integration.
• Experience in network security firewall policies VPNs and secure connectivity.
• Ability to configure policy-based routing access controls and segmentation in cloud-delivered security platforms.
• Familiarity with cloud identity and authentication systems (SAML SSO MFA).
• Experience with automation and scripting for deployment and reporting (Python Ansible API integrations).
• Understanding of networking fundamentals: TCP/IP BGP OSPF DNS routing VLANs.
• Knowledge of monitoring logging and incident response for cloud security platforms.

Good To Have

• Hands-on experience with other SASE vendors (Cisco Umbrella Palo Alto Prisma Access Netskope).
• Exposure to cloud platforms (Azure AWS GCP) and hybrid connectivity.
• Knowledge of security frameworks and compliance standards (ISO 27001 SOC2 GDPR).
• Familiarity with F5 Palo Alto firewalls or load balancers in enterprise environments.
• Experience with advanced automation frameworks or orchestration tools.

Process Skills:

• Working knowledge of ITIL processes (Change Incident Problem Management).
• Experience in project planning deployment and migration of cloud security solutions.
• Ability to follow structured change control and risk management processes.
• Capability to produce architecture designs configuration guides and operational SOPs.

Behavioral Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and collaboration with cross-functional teams.
• Proactive and detail-oriented able to manage multiple projects simultaneously.
• Ability to mentor and guide junior engineers.
• Adaptable to fast-evolving cloud security technologies and enterprise environments.

Qualification:

• Bachelors or Masters degree in Computer Science Information Technology or related field.
• 7 10 years of experience in network security cloud security or SASE implementation.
• Relevant certifications preferred:
• Zscaler Certified Administrator / Engineer / Architect
• CCNP Security / CCIE Security (Cisco)
• CISSP / CCSP / Cloud Security Certifications
• SD-WAN or cloud networking certifications (optional)
• Experience in financial or large-scale enterprise networks is highly desirable.