ZPA Network Engineer

ZPA Network Engineer

Hybrid (Harrisburg PA )

Key Responsibilities

·         Collaborate with Enterprise ZTNA network and security teams, as well as identity and application stakeholders, to design and support ZPA-based access to internal applications.

·         Design, implement, and maintain Zscaler Private Access connectivity, including App Connectors, Server Groups, Application Segments, and access policy configurations.

·         Analyze and assess legacy network and VPN-based access requirements, agency-specific application needs, and connectivity dependencies, and translate them into ZPA application-level access models.

·         Support the onboarding of applications to ZPA by validating network paths, ports, protocols, and dependency requirements, and coordinating testing and validation activities.

·         Configure and support ZPA access policies that enforce least-privileged access while minimizing disruption to mission-critical operations.

·         Troubleshoot ZPA-related access and connectivity issues, including user access failures, application reachability concerns, and connector health or routing issues.

·         Participate in migration activities to transition users and applications from legacy access models to ZPA in coordination with enterprise and agency stakeholders.

·         Ensure ZPA configurations and access models are documented, auditable, and aligned with  security, governance, and compliance requirements.

·         Develop and maintain technical documentation, including configuration standards, procedures, diagrams, and operational runbooks.

·         Engage with vendors and Zscaler support to resolve complex issues and support platform stability and optimization.

Required Skills and Experience

·         Strong background in enterprise networking, including routing, firewalling, DNS, and traffic flow analysis.

·         Experience implementing and supporting secure application access technologies such as Zscaler Private Access or similar Zero Trust access platforms.

·         In-depth understanding of Zero Trust Network Access concepts and application-level segmentation.

·         Ability to analyze complex, legacy network environments and translate them into scalable, enforceable access models.

·         Experience working in regulated or compliance-driven environments, ensuring adherence to security and governance standards.

·         Strong documentation, communication, and collaboration skills for cross-functional engagement.

Preferred Qualifications

·         Zscaler certifications such as Zscaler Digital Transformation Administrator or Zscaler Digital Transformation Engineer.

·         Completion of Zscaler administrator or engineer training courses relevant to ZPA.

·         Industry-recognized certifications such as CCNP, Security+, CySA+, or equivalent.

·         Experience supporting large, multi-agency, or public-sector enterprise environments.

·         Familiarity with regulatory and security frameworks such as CJIS, NIST 800-53, or similar standards.

·         Hands-on experience supporting access modernization initiatives in complex enterprise environments.