Zero Trust Security Analyst

Job Description

The Zero Trust Security Analyst is responsible for analyzing existing network, identity, and access configurations to determine what can be reused, refined, or newly created to support Zero Trust security policies. This role focuses on investigation, discovery, assessment, and design input rather than direct rule implementation.

The analyst partners closely with Zero Trust Engineers, application owners, IAM teams, and network/security teams to ensure Zero Trust policies are aligned with the current enterprise environment while minimizing duplication, reducing overly permissive access, and supporting least-privilege security principles.

Key Responsibilities

Discovery & Analysis

• Analyze existing network security rules, firewall policies, address groups, and user/group-based access controls to determine applicability and reuse within a Zero Trust framework. 
• Review identity sources such as Active Directory (AD), Microsoft Entra ID, Identity Governance & Administration (IGA), and RBAC structures to identify reusable groupings and role models. 
• Assess application access patterns including: 
• Web applications 
• Administrative consoles 
• Databases 
• APIs 
• Internal services 
• Identify required network paths, dependencies, and trust boundaries. 
• Detect gaps, overlaps, legacy dependencies, and overly permissive controls that require remediation to align with Zero Trust principles. 

Zero Trust Readiness Assessment

• Evaluate whether existing firewall rules, address objects, and identity groups can be leveraged or must be redesigned for Zero Trust enforcement. 
• Define required new security objects, including: 
• User groups 
• Address groups 
• Application definitions 
• Metadata dependencies 
• Support application onboarding initiatives by validating that proposed Zero Trust controls enforce least-privilege access requirements. 

Documentation & Handoff

• Produce detailed analysis artifacts documenting: 
• Existing configurations and controls 
• Reusable security objects and policies 
• Required new configurations and dependencies 
• Provide structured implementation inputs and onboarding documentation to Zero Trust Engineering and firewall administration teams. 
• Maintain traceability between: 
• Applications 
• Security objects 
• Identity groups 
• Zero Trust policies 
• Support audit, compliance, and governance requirements through accurate documentation and evidence tracking. 

Required Skills & Experience

• Strong understanding of network security fundamentals including: 
• Firewalls 
• Security zones 
• Layer 4 / Layer 7 security policies 
• Experience analyzing enterprise firewall rule bases such as: 
• Palo Alto Networks
• Similar enterprise firewall platforms 
• Familiarity with identity and access management concepts including: 
• Active Directory (AD) 
• Microsoft Entra ID 
• RBAC models 
• Identity-based policy enforcement 
• Ability to interpret complex security configurations and translate findings into actionable Zero Trust requirements. 
• Strong analytical, documentation, and communication skills. 

Preferred Qualifications

• Experience with Zero Trust Network Access (ZTNA) solutions and user-based firewall policies. 
• Exposure to IAM, IGA, and identity governance platforms. 
• Familiarity with: 
• CMDB environments 
• Application/service onboarding workflows 
• Application identifiers and metadata mapping 
• Prior experience supporting: 
• Security assessments 
• Compliance reviews 
• Audit readiness initiatives 

Success Metrics

Successful candidates in this role will demonstrate:

• Accurate upfront analysis resulting in minimal engineering rework. 
• Effective reuse of existing security controls where appropriate. 
• Clear, actionable, and least-privilege Zero Trust requirements delivered to engineering teams. 
• Strong traceability and documentation supporting compliance and operational efficiency. 
• Improved alignment between identity, network, and application security controls within the Zero Trust model.