Zscaler L3 Engineer

RESPONSIBILITIES:
Kforce has a client seeking a hybrid ZScaler L3 Engineer to join their team in NYC.

Summary:
We are looking for a Zscaler L3 Engineer to provide advanced operational support, troubleshooting, and optimization for Zscaler technologies across a large enterprise environment. The candidate will act as the highest technical escalation point for ZIA, ZPA, and ZDX issues, ensuring seamless operations and strong alignment with Zero Trust security principles. This role is hands-on, technical, and execution-focused ideal for someone who thrives on solving complex problems independently and working directly with vendors and customers to drive resolution.

Key Responsibilities:
* Resolve complex issues in ZIA, ZPA, and ZDX environments as the final point of escalation
* Perform root cause analysis (RCA) using logs, PCAPs, and advanced debugging
* Directly engage with Zscaler TAC for unresolved incidents and feature defects
* Manage and optimize ZIA policies
* Configure, troubleshoot, and maintain ZPA
* Ensure tenant health, policy syncs, connector availability, and certificate renewals.
* Implement and maintain Zscaler configurations aligned with Zero Trust and security best practices
* Support identity integrations with SAML, SCIM, and IdPs
* Handle SSL inspection rules and PKI/certificate operations
* Work on SIEM/SOAR integrations
* Use Zscaler APIs for operational automation, reporting, and monitoring
* Maintain operational scripts or workflows to improve efficiency
* Produce detailed RCA reports for major incidents
* Maintain technical documentation and update configuration baselines
* Provide direct input into continuous improvement for monitoring and alerting

REQUIREMENTS:
* Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
* Preferred Certifications: Zscaler Certified Cloud Professional (Edu-200,EDU202)
* 6-8 years of experience in IT Security/Network Security roles
* 4+ years of direct Zscaler hands-on experience administration in enterprise or MSSP environments
* Hands-on experience with ZIA, ZPA, and ZDX at enterprise scale
* Deep knowledge of ZIA features: SWG, FWaaS, sandboxing, CASB, DLP, SSL inspection
* Proficiency in ZPA components: App Segments, Connectors, Cloud Connector, Private Service Edge
* Solid knowledge of TCP/IP, DNS, HTTP/HTTPS, SSL/TLS, VPNs
* Experience with certificate management and PKI
* Understanding of SD-WAN integrations and hybrid network models
* Familiarity with SIEM/SOAR tools (Splunk, Sentinel, QRadar)
* Experience with endpoint management (ZCC deployment via MDM/Intune)
* Ability to analyze traffic flows, logs, and user experience metrics
* Strong analytical and problem-solving ability
* Clear technical communication for incident updates and RCA reports
* Ability to work independently with minimal supervision in high-pressure environments

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.