Zscaler Architect - Remote

Job Title: L3 Zscaler Architect - RemoteDuration: 6 - 12 Months to start likely to extend or be ongoingThis isn't a general Zscaler role—it's a high-level "architect + L3 escalation" position, so the most important skillsets cluster around deep technical mastery + troubleshooting + leadership.Seeking a senior Zscaler SME who can operate as both a hands-on architect and L3 escalation lead. This role owns complex production issues, drives design/optimization, and guides L1/L2 teams.Core Requirements (Must-Have)1. Zscaler Expertise (Primary Filter)Deep, hands-on experience with:ZIA (Internet Access)ZPA (Private Access)ZDX (Digital Experience)Strong experience with:Policy configuration (URL filtering, SSL inspection)App Connectors (ZPA)Traffic forwarding (PAC files, tunnels)Zscaler Admin Portal and log analysisDisqualifier: Limited exposure or experience with only one Zscaler module.2. Advanced Troubleshooting (L3 Level)Proven ability to resolve complex, non-standard issuesRoot cause analysis across:DNSAuthentication / SSONetwork routing and tunnelsApplication accessDeep log analysis experienceKey signal: Clear examples of independently resolving high-impact issues.3. Networking FundamentalsStrong knowledge of:IPSec and GRE tunnels (configuration + troubleshooting)PAC files and proxy behaviorDNS and routingDisqualifier: Weak networking background.4. Security Architecture (Zero Trust)Understanding of:Zero Trust architectureSecure Web Gateway (SWG)Experience integrating with identity providers such as:Azure Active DirectoryCyberArk5. L3 Escalation OwnershipExperience as a final escalation pointOwnership of outages and critical incidentsBackground in 24/7 production environmentsDisqualifier: Candidates who primarily escalate issues upward.6. Leadership / CommunicationMentoring L1/L2 engineersLeading technical discussionsBuilding documentation, runbooks, and processesPreferredZscaler certifications (ZCP, ZDTA, ZDTE, ZDXA)Experience with Palo Alto, CiscoNetwork security architecture backgroundProfiles to AvoidL1/L2 support-only candidatesGeneral network engineers without deep Zscaler experienceCandidates lacking hands-on troubleshooting depthExperience limited to a single Zscaler productPositioning Summary (For Candidate Outreach)High-impact role responsible for stabilizing and optimizing a complex Zscaler environment. Opportunity to operate as both architect and escalation authority, with influence over design, operations, and team direction.Quick SummarySenior Zscaler expert (ZIA/ZPA/ZDX) with strong networking and troubleshooting skills, capable of owning L3 escalations, designing solutions, and leading support teams.IMPORTANT SOFT SKILLS:Top candidates will demonstrate:Strong ownershipClear, structured communicationProven leadership in high-pressure situationsIf a candidate is technically strong but lacks these, they will struggle in this role.This role sits at the intersection of:Zscaler platform expertiseEnterprise networkingIdentity and access managementCloud security architectureCandidates should show hands-on experience across all four areas, not just one silo.Nice-to-haves signal depth and versatility, but should never outweigh:Core Zscaler expertiseStrong troubleshooting abilitySolid networking foundationIf a candidate has 2–3 of these in addition to the core requirements, they're typically a strong contender.This role is a mix of hands-on engineering, escalation support, and architecture ownership in a live enterprise environment.This role spends the day:Owning escalationsSolving complex issuesDesigning and improving the Zscaler environmentSupporting and elevating the teamIt's ideal for someone who thrives in high-impact, hands-on, problem-solving environments.RequiredNo certifications are strictly required for this role.The hiring team is prioritizing:Hands-on Zscaler experienceProven L3 troubleshooting abilityReal-world architecture and escalation ownershipPreferred (Nice-to-Have)Zscaler certifications are highly valued and can help differentiate candidates:ZCP (Zscaler Certified Professional)ZDTA (Zscaler Digital Transformation Administrator)ZDTE (Zscaler Digital Transformation Engineer)ZDXA (Zscaler Digital Experience Analyst)Additional Relevant Certifications (Bonus)Network/security certifications (e.g., Cisco, Palo Alto)Cloud/security certifications (Azure, general security certs)Do not filter candidates out based on lack of certificationsUse certifications as a tie-breaker, not a requirementPrioritize hands-on Zscaler expertise and L3 experience over credentialsStrong candidates will typically have experience that aligns with these certifications—even if they don't formally hold them.*experience weighs more than certificationsTarget candidates with:8–12+ years total experienceAt least several years of deep, hands-on Zscaler workProven experience operating at an L3 or architect levelLess experienced candidates (even if strong technically) will likely struggle in this role due to the level of ownership and complexity.*experience weighs more than certificationsThis is a lead-level technical role within a support function.It sits in production support / operationsBut operates at the highest escalation tier (L3)Also includes architect-level responsibilitiesType: Support-based (L3)Level: Lead / ArchitectManagement: No direct reports, but strong technical leadership responsibilitiesThe onboarding focuses on understanding the existing environment and processes quickly, with the expectation that the candidate already brings deep Zscaler and networking expertise and can begin contributing at a high level within the first few weeks.This is not a "maintenance-only" role. The candidate will be involved in:Stabilizing and improving an active environmentExpanding and optimizing Zscaler capabilitiesDriving both technical and operational improvementsThe role offers involvement in high-impact initiatives focused on optimizing and scaling a Zscaler environment, improving Zero Trust access, and driving operational maturity across a complex enterprise landscape.Thank you,Shiva Mittal