Title: Senior Zscaler Engineer
Location: Washington DC (Onsite)
Length: 4 Years
Clearance: Active TS
Cybersecurity professional responsible for designing, deploying, and managing cloud-based network security solutions, specifically focusing on Secure Access Service Edge (SASE) and Zero Trust architectures
They ensure secure, high-performance application access and traffic routing for enterprise users.
Core Responsibilities:
• Platform Management, Deploy and optimize Zscaler core services—primarily ZIA (Zscaler Internet Access), ZPA (Zscaler Private Access), and ZDX (Zscaler Digital Experience).
• Policy Configuration, Define security policies for threat protection, URL filtering, SSL inspection, and data loss prevention (DLP).
• Traffic Routing, Create and maintain Proxy Auto-Configuration (PAC) files and manage application profiles for efficient routing.
• Identity Integration, Synchronize directories and manage integrations using SAML and SCIM with tools like Microsoft Azure AD.
• Troubleshooting & Support, Act as the top escalation point for connectivity, authentication, performance, and application access issues.
Essential Skills & Qualifications:
• Zscaler Expertise: Deep hands-on experience with ZIA/ZPA, often validated by certifications like Zscaler Certified Administrator (ZCA) or Zscaler Certified Security Engineer (ZCSE).
• Networking Foundations, Strong grasp of TCP/IP, DNS, HTTP/S, routing, VPNs, and firewalls.
• Cloud & SASE Concepts, Familiarity with Zero Trust principles, cloud-native security, and Secure Access Service Edge.
• Automation, Ability to write scripts (e.g., Python, PowerShell, Bash) to automate routine tasks and API integrations.
• Education, Typically requires a Bachelor’s degree in Cybersecurity or IT, or 3–5+ years of equivalent enterprise experience.
ICAMO cloud identity management:
• Lead hands-on configuration, integration, troubleshooting, and sustainment of ICAM platforms with familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, M-22-09, M-26-14 and FICAM architectures.
o Strong desire for understanding of Zero Trust principles and Microsoft Entra architecture
• Proficiency with EntraID, Microsoft Graph API, and PowerShell for identity management tasks.
• Enterprise application registrations, Conditional Access & Security: Set up Conditional Access policies, Secure Score, Compliance Score, and integrate with Microsoft Defender for Identity and Cloud Apps. Configure and integrate SAML 2.0, OIDC, OAuth 2.0, SCIM, REST APIs, PKI, CAC/PIV, SCEP, MFA, and passwordless authentication technologies.
• Support integration of ICAM services across cloud, enterprise, hybrid, and multi-domain mission environments including Cloud Service Providers (CSP), Azure, AWS, IL5/IL6, and classified systems where applicable.
• Support integration of ICAM services across SaaS services in the cloud, enterprise, hybrid, and multi-domain mission environments with focus on Zscaler integrations.
o Integrate Entra ID with SaaS apps, on-premises systems, and Azure services; automate provisioning and access reviews.