Principal ZTNA Network Engineer – Employee Remote Access
Responsibilities
- Lead design and implementation of ZTNA solutions (Zscaler ZPA/ZIA, ZVPN) to replace legacy VPN technologies
- On-call required rotation
- Define and deliver modern Zero Trust architecture patterns, including application-level segmentation and identity-based access
- Drive legacy VPN decommissioning and migration to ZTNA platforms
- Develop and execute engineering roadmaps aligned to enterprise remote access strategy
- Partner with security, infrastructure, and business units to ensure coordinated rollout and adoption
- Document architecture, operational models, and implementation standards
- Evaluate emerging ZTNA and secure access technologies and provide data-driven recommendations
- Lead pilots and phased deployments, including testing, validation, and performance benchmarking
- Lead incident response and drive resolution under pressure
- Ensure high availability and resilience of remote access infrastructure in a 24x7 global environment
- Afford risks related to latency, scale, and user experience during migrations
Requirements
6–10 years of network/security engineering experience, including 4+ years in ZTNA or remote access transformations
Bachelor’s degree in Computer Science, Information Technology, or related field
Hands-on experience with Zscaler (ZPA/ZIA) or comparable Zero Trust platforms
Proven success migrating legacy VPNs to Zero Trust, cloud-delivered access solutions
Deep expertise in ZTNA design, implementation, and Zero Trust principles (least privilege, continuous verification, no implicit trust)
Experience designing application segmentation and identity-based access policies
Strong knowledge of traffic steering, split tunneling, and secure access routing (ZVPN architectures)
Experience with load balancing, gateways, and access control layers
Advanced troubleshooting across network layers (L3–L7)
Familiarity with hybrid environments (on-prem, cloud, SaaS)
Experience with high availability, disaster recovery, and failover strategies in global, always-on environments
Experience with network automation tools (Python, Ansible, APIs)
Familiarity with endpoint management and deployment tools (Intune, SCCM)
Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access
Knowledge of PKI, certificates, and modern authentication methods
Experience integrating with SIEM, EDR, and security monitoring platforms
Strong ownership mindset with a focus on execution and delivery
Excellent communication skills across technical and business stakeholders
Proven ability to lead incident response and drive resolution under pressure
Skills
- Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP (or equivalent), ITIL Foundation