Zscaler Private Access (ZPA) Network Engineer // Local to PA

Engagement Type

Contract

Short Description

OA/ETSO - ZPA Network Engineer



*Full-time position, 37.5 hours per week.

*Hybrid schedule required - 2 days on-site at CTC in Harrisburg

*Local candidates only

*Reposting of 795368 - Open to Full Network

Complete Description

Role Summary





The Commonwealth is seeking a Zscaler Private Access (ZPA)

Network Engineer to support the secure deployment and operationalization of

Zscaler Private Access as a key component of the Commonwealth s Zero Trust

Network Access (ZTNA) strategy.





This role will focus on designing, implementing, and

supporting network connectivity and access paths for private applications using

ZPA, while translating existing network access models and legacy VPN-based

connectivity into scalable, policy-driven access patterns aligned with Zero

Trust principles.





The position is network-focused and hands-on, supporting

application access enablement while ensuring solutions are secure, auditable,

and operationally sustainable across the Commonwealth. The role works in close

coordination with the Enterprise ZTNA program, including enterprise network and

security teams.





Key Responsibilities





Collaborate with Enterprise ZTNA network and security teams,

as well as identity and application stakeholders, to design and support

ZPA-based access to internal applications.





Design, implement, and maintain Zscaler Private Access

connectivity, including App Connectors, Server Groups, Application Segments,

and access policy configurations.





Analyze and assess legacy network and VPN-based access

requirements, agency-specific application needs, and connectivity dependencies,

and translate them into ZPA application-level access models.





Support the onboarding of applications to ZPA by validating

network paths, ports, protocols, and dependency requirements, and coordinating

testing and validation activities.





Configure and support ZPA access policies that enforce

least-privileged access while minimizing disruption to mission-critical

operations.





Troubleshoot ZPA-related access and connectivity issues,

including user access failures, application reachability concerns, and

connector health or routing issues.





Participate in migration activities to transition users and

applications from legacy access models to ZPA in coordination with enterprise

and agency stakeholders.





Ensure ZPA configurations and access models are documented,

auditable, and aligned with Commonwealth security, governance, and compliance

requirements.





Develop and maintain technical documentation, including

configuration standards, procedures, diagrams, and operational runbooks.





Engage with vendors and Zscaler support to resolve complex

issues and support platform stability and optimization.





Required Skills and Experience





Strong background in enterprise networking, including

routing, firewalling, DNS, and traffic flow analysis.





Experience implementing and supporting secure application

access technologies such as Zscaler Private Access or similar Zero Trust access

platforms.





In-depth understanding of Zero Trust Network Access concepts

and application-level segmentation.





Ability to analyze complex, legacy network environments and

translate them into scalable, enforceable access models.





Experience working in regulated or compliance-driven

environments, ensuring adherence to security and governance standards.





Strong documentation, communication, and collaboration

skills for cross-functional engagement.





Preferred Qualifications





Zscaler certifications such as Zscaler Digital

Transformation Administrator or Zscaler Digital Transformation Engineer.





Completion of Zscaler administrator or engineer training

courses relevant to ZPA.





Industry-recognized certifications such as CCNP, Security+,

CySA+, or equivalent.





Experience supporting large, multi-agency, or public-sector

enterprise environments.





Familiarity with regulatory and security frameworks such as

CJIS, NIST 800-53, or similar standards.





Hands-on experience supporting access modernization

initiatives in complex enterprise environments.

Position Characteristics





This role supports the Enterprise ZTNA program and works

closely with enterprise network and enterprise security teams.





The position balances strong security controls with

operational requirements, focusing on reliable and secure private application

access.





The ZPA Network Engineer is responsible for ensuring

ZPA-based access is implemented consistently and operates effectively within

the Commonwealth s Zero Trust architecture.

Required/Desired Skills

Skill	Required/Desired	Amount	of Experience
Strong background in enterprise networking, including routing, firewalling, DNS, and traffic flow analysis.	Required	8.0	Years
Experience implementing and supporting secure application access technologies such as Zscaler Private Access or similar Zero Trust access platforms.	Required
In-depth understanding of Zero Trust Network Access concepts and application-level segmentation.	Required
Ability to analyze complex, legacy network environments and translate them into scalable, enforceable access models.	Required
Experience working in regulated or compliance-driven environments, ensuring adherence to security and governance standards.	Required
Zscaler certifications such as Zscaler Digital Transformation Administrator or Zscaler Digital Transformation Engineer.	Highly desired
Completion of Zscaler administrator or engineer training courses relevant to ZPA.	Highly desired
Industry-recognized certifications such as CCNP, Security+, CySA+, or equivalent.	Highly desired
Familiarity with regulatory and security frameworks such as CJIS, NIST 800-53, or similar standards.	Highly desired