Principal Consultant, Zscaler ZIA​/ZPA and Zero Trust Architecture

Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture – Overview

We are seeking a Principal Consultant to lead the design and implementation of modern Zero Trust architectures, focusing on Zscaler (ZIA/ZPA) and secure access transformation. This is a hands‑on technical leader role translating strategy into scalable, real‑world solutions, driving DIA‑first architectures, eliminating legacy network assumptions, and delivering identity‑driven access for enterprise clients in regulated environments.

• Design and deliver end‑to‑end Zero Trust architectures leveraging ZTNA (ZPA), ZIA, and SSE/SASE frameworks.
• Architect DIA‑first strategies that eliminate centralized egress and legacy network dependencies.
• Ensure all access decisions are based on identity, device posture, and context, not network location.
• Lead the transition away from VPN and MPLS to modern secure access models.
• Lead full lifecycle Zscaler implementations across enterprise environments.
• Configure and optimize ZIA traffic forwarding and ZPA segmentation.
• Design, implement, and continuously refine ZIA policies (URL filtering, SSL inspection, CASB, DLP).
• Troubleshoot complex issues across TLS, DNS, proxy, and application layers.
• Optimize for performance, security, and operational scalability.
• Integrate Zscaler with leading SD‑WAN platforms and implement DIA‑based traffic steering using GRE/IPsec tunnels.
• Serve as a hands‑on technical leader across design and delivery.
• Establish reusable architecture patterns, standards, and best practices.
• Mentor engineers and elevate client technical capabilities.
• Act as a trusted advisor on Zero Trust transformation and secure access strategy.
• Lead technical discovery, solution validation, and stakeholder alignment.
• Clearly communicate architectural shifts and business impact.
• Align solutions with NIST, NERC‑CIP, ISO frameworks.
• Ensure designs are audit‑ready, secure, and compliant with regulatory requirements.

• Must be legally authorized to work in the United States without employer sponsorship.
• Must be a resident of the continental United States.
• 8–12+ years of experience in network security, Zero Trust, or secure access architecture.
• Deep expertise in Zscaler (ZIA & ZPA), including policy design, optimization, and troubleshooting.
• Strong experience designing and implementing ZTNA and SSE/SASE architectures.
• Proven experience building DIA‑first architectures and eliminating VPN/MPLS‑based designs.
• Strong knowledge of networking fundamentals: DNS, TLS, proxy architectures, traffic flow design.
• Experience integrating Zscaler with SD‑WAN platforms and implementing GRE/IPsec tunnels.
• Solid understanding of identity providers (Entra , Okta) and conditional access, device posture.
• Experience with security policy frameworks: URL filtering, SSL inspection, CASB, DLP.
• Familiarity with automation using APIs, Terraform, or similar tooling is a plus.
• Experience working in regulated industries (energy, utilities, finance, healthcare) preferred.
• Strong troubleshooting skills across network and application layers.
• Excellent communication skills with experience engaging both technical teams and business stakeholders.
• Demonstrated ability to operate as a hands‑on builder across architecture and implementation.

• Experience with Entra  (Azure AD) or Okta in Zero Trust architectures.
• Familiarity with endpoint management and device posture enforcement (Intune, Crowd Strike).
• Experience with automation using Terraform, APIs, or code for Zscaler deployments.
• Exposure to enterprise compliance frameworks (NIST, NERC‑CIP, ISO) and collaboration with SOC/SIEM teams.
• Knowledge of SIEM platforms (QRadar, Splunk) and integrating Zscaler logs.
• Experience integrating third‑party security tools into SSE/SASE ecosystems.
• Familiarity with cloud security architectures across Azure, AWS, GCP.
• Exposure to performance monitoring and user experience optimization in secure access environments.
• Experience supporting large‑scale enterprise transformations from legacy network models to Zero Trust.

W2 Employment: $150,000–$300,000 annually with full benefits, including 401(k) with employer matching 6%, health, dental, and vision insurance, paid time off, and life insurance.