Network Security Engineer
Koch · Wichita, Kansas Metropolitan Area · 1 wk ago
On-siteInformation TechnologyFull-time
About the role
The Sr. Network Security Engineer (Zscaler Specialist) will be part of a global infrastructure organization responsible for designing, implementing, and delivering enterprise-grade secure access solution using cloud-delivered security, particularly Zscaler platform.
Responsibilities
- Design, implement, and manage Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX) solutions in alignment with Zero Trust Architecture (ZTA) principles.
- Define and enforce Zero Trust policies based on user identity, device posture, application context, and risk signals.
- Arcitect least-privileged access models ensuring users are granted access only to specific applications—not entire networks.
- Implement and optimize application segmentation and user-to-app access policies using ZPA.
- Continuously evaluate and improve trust evaluation mechanisms, including device compliance, user behavior, and session context.
- Deploy and optimize SSL/TLS inspection, secure web gateway policies, CASB controls, and DLP frameworks within ZIA as part of Zero Trust data protection strategy.
- Monitor user experience and performance using ZDX and troubleshoot connectivity or latency issues.
- Collaborate with network, security, and vendor teams to ensure seamless and secure connectivity.
- Perform log analysis, incident response, and threat mitigation using Zscaler logs and SIEM tools.
- Ensure compliance with security standards and best practices.
- Stay updated with evolving Zero Trust frameworks and industry best practices.
- Document architecture, configurations, and operational procedures.
- Contribute to automation and standardization efforts (Ansible, Terraform, APIs).
- Identify inefficiencies and drive process, quality, and documentation improvements.
- Participate in design reviews, quality checks, and peer mentoring.
- Coordinate with OEMs, and system integrators for implementation and issue resolution.
- Provide clear communication on project status, risks, and dependencies.
- Participate in on-call rotations as part of a global team, including availability for planned weekend or off hours work during major implementations or migrations.
Requirements
- Demonstrated experience in an enterprise network security field.
- Hands-on experience with Zscaler ZIA and ZPA, proxy technologies, VPN alternatives and secure remote access.
- Strong understanding of Zero Trust Network Access (ZTNA).
- Experience with TCP/IP, DNS HTTP/HTTPS, SSL/TLS inspection.
- Experience with Firewall and routing concepts.
- Exposure to cloud platforms such as AWS, Microsoft Azure, or Google Cloud Platform (GCP).
- Understanding of cloud security principles and secure workload access.
- Familiarity with SIEM/Observability tools (e.g., Splunk, Grafana, LogicMonitor).
Qualifications
- Exposure to network automation (Python, Ansible, DevNet concepts).
- Experience with Branch/Cloud Connector deployments.
- Experience with other security platforms (CASB, SWG, EDR/XDR).
- Knowledge of cloud platforms such as AWS, Azure, or GCP.
- An open-minded individual who embraces challenges positively, KOCH Fit.
- Experience working in global delivery or follow-the-sun models.
- Experience in traffic forwarding methods (GRE/IPSec tunnels, PAC files, Client Connector).
- Experience integrating Zscaler with PingID, Azure AD, or similar IdPs.
- Familiarity with APIs for integrating and automating Zscaler workflows.