Sr Zscaler Network Engineer

Role Summary:
We are seeking a Senior Zscaler Network Engineer (Contractor) to enhance our current Zscaler rollout capacity and strengthen day-to-day operational support. This role will focus on Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and their integration with Palo Alto firewalls, Cisco networking, and Okta.

The engineer will work closely with an existing Principal Network Engineer (FTE) and the broader network/security teams to:
Scale and optimize our ZIA and ZPA deployments
Troubleshoot complex, day-to-day Zscaler and network issues
Own technical intake and assessment for new Zscaler-related projects from internal organizations
Mentor and upskill other team members on Zscaler and related network and identity technologies. The ideal candidate is Zscaler-certified, highly hands-on, and comfortable in a fast-paced enterprise environment. The position is hybrid, with approximately half of the time spent onsite at our Pleasanton, CA HQ and half working remotely.
Key Responsibilities:
Zscaler Rollout & Implementation (ZIA / ZPA)
Execute and enhance the rollout of ZIA and ZPA for users, sites, and applications in partnership with the Principal Network Engineer (FTE).
Implement and refine Zscaler policies, traffic forwarding methods (including Client files, GRE/IPsec tunnels, and Zscaler Client Connector), and configurations to support new locations, user groups, and applications.
Contribute to implementation plans, change requests, and repeatable runbooks to ensure consistent, high-quality deployments. Integration with Palo Alto, Cisco, and Okta
Integrate and optimize Zscaler with Palo Alto firewalls and Cisco network infrastructure (routing, switching, SD-WAN/VPN) for secure internet egress and private access.
Implement and maintain Okta integration for authentication, SSO, and user/group-based policy enforcement in Zscaler.
Work with security and identity teams to align policies across Zscaler, Palo Alto, Cisco, and Okta.
Day-to-Day Operations & Troubleshooting:
Serve as a senior escalation point for Zscaler-related incidents and requests.
Perform detailed troubleshooting across endpoints, Cisco network paths, Palo Alto firewalls, Zscaler (ZIA/ZPA), and applications to resolve connectivity, performance, and policy issues.
Collaborate with internal teams and vendors to drive issues to root cause and permanent remediation.
Improve monitoring, logging, and alerting for ZIA and ZPA, leveraging existing tools and SIEM integrations.
Project Intake & Delivery:
Act as a technical contact for new project intake where Zscaler is a dependency (e.g., onboarding new applications to ZPA, new sites or user groups to ZIA, or new security requirements).
Assess requirements from internal teams, identify Zscaler, Palo Alto, Cisco, and Okta impacts, and propose appropriate technical designs and implementation approaches.
Provide effort estimates, dependencies, and clear technical tasks to support project planning and execution.
Mentoring & Team Enablement:
Mentor and coach other network and security engineers on ZIA, ZPA, Palo Alto, Cisco, and Okta integrations.
Share best practices through documentation, knowledge-transfer sessions, and active participation in design and review discussions.
Help standardize operational procedures, troubleshooting playbooks, and checklists for the broader team.
Documentation & Standards:
Maintain and improve technical documentation for Zscaler deployments, policies, integrations, and operational workflows.
Contribute to standards for Zscaler configuration, change management, and overall security posture across Zscaler, Palo Alto, Cisco, and Okta.

Required Qualifications:
5+ years of experience in network engineering in medium-to-large enterprise environments.
Strong, hands-on experience deploying and supporting Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) in production.
Current Zscaler certification (e.g., Zscaler Certified Associate / Professional / Architect or equivalent).
Practical experience integrating Zscaler with:
Palo Alto firewalls
Cisco networking (routing, switching, VPN/SD-WAN)
Okta for identity, SSO, and group-based access
Solid understanding of:
TCP/IP, DNS, HTTP/HTTPS, SSL/TLS
Routing, switching, VPNs, and SD-WAN
Zero Trust Network Access (ZTNA) principles and secure remote access patterns
Proven ability to troubleshoot complex network and security issues using logs, packet captures, and systematic analysis across multiple platforms (Zscaler, Palo Alto, Cisco, Okta).
Strong communication skills, with the ability to interact effectively with engineers, project managers, and non-technical stakeholders.
Demonstrated experience mentoring or supporting less-experienced engineers.
Preferred Qualifications:
Experience working alongside Principal/Lead Network Engineers or Architects on large-scale network/security rollouts.
Familiarity with automation and scripting (e.g., Python, Terraform, Ansible or similar) to support network and security operations.
Experience in hybrid or multi-cloud environments and remote-first user populations.
Background in regulated or security-sensitive industries.