Zscaler Network Security Engineer

Job Title: Network Security Engineer

• MUST have Zscaler experience - Required - manage and operate Zero Trust security infrastructure, with a strong focus on Zscaler technologies (ZIA, ZPA, and ZDX)
• Location: Onsite 3 days a week in Plano, TX
• Pay Rate: $50 - $60 per hour | Long-term W2 or 1099

Please Note - (We are not partnering with the third parties at this time)
Overview
We are seeking an experienced Network Security Engineer to manage and operate Zero Trust security infrastructure, with a strong focus on Zscaler technologies (ZIA, ZPA, and ZDX). This role involves complex deployment, policy management, advanced troubleshooting, and acting as a high-level escalation point for critical connectivity and performance issues.
Key Responsibilities
Zero Trust Architecture & Deployment (ZIA/ZPA)

• Support and orchestrate ongoing deployments utilizing Workspace ONE and Zscaler tenants.
• Design and manage ZIA, ZPA, and ZDX policies, including SSL Inspection, URL Filtering, and Sandbox policies.
• Perform operational duties involving ZPA Access Policies, Timeout Policies, and Client Forwarding Policies.
• Deploy and maintain ZPA App Connectors within data centers and cloud environments, specifically AWS.

Endpoint Integration & Engineering (Zscaler Client Connector)

• Manage configurations, rolling updates, settings, and policies for the Zscaler Client Connector (ZCC) profiles.
• Ensure interoperability by maintaining SSL Inspection Exemption lists for applications with certificate pinning (e.g., Dropbox, Developer Tools) to prevent connectivity failures.
• Collaborate with the broader team on Data Loss Prevention (DLP) policy creation and monitoring.

Network Security Operations & Troubleshooting

• Provide advanced Level 3 escalation support for all service desk issues related to ZIA, ZPA, and ZDX, managing relevant ticket queues in Service Now.
• Serve as the Level 3 escalation point for P1/P2 critical connectivity incidents.
• Perform Layer 3-7 troubleshooting utilizing tools such as Wireshark, MTR (My Traceroute), and Zscaler Analyzer.
• Analyze ZSATunnel and ZSATray logs to diagnose "Driver Errors" or "Filter Driver" conflicts.
• Conduct performance optimization by diagnosing latency issues using ZDX (Digital Experience) or Zscaler Cloud Performance Test tools and accurately identifying if latency is introduced by the Service Edge, ISP, or local network.
• Interface directly with Zscaler Technical Account Managers (TAMs) and Support, providing necessary data such as HAR files and packet captures for root cause analysis.

Performance Expectations (KPIs)

• Achievement of defined SLAs and KPIs.
• High percentage of deliverables and roadmap items completed on time and on budget.
• Maintaining high quality with near-zero Defect Leakage/Code Violations (max 0.5% defects detected after sprint closure).
• No introduction of new security flaws or performance degradation due to new code.
• Adherence to high Code Coverage targets (95% for New Code; >95% for Enhancements).