Zscaler Security Engineer : Mountain View CA / San Diego CA / Plano TX (Onsite)

Job OverviewWe are seeking a Security Engineer who will be responsible for designing, deploying, and operating Zero Trust security solutions using Zscaler technologies (ZIA, ZPA, ZDX). This role involves deep technical expertise in cloud security, endpoint integration, and advanced network troubleshooting, acting as a Level 3 escalation point for critical incidents. The engineer will partner closely with cross-functional teams to ensure secure, optimized, and resilient access for enterprise users and applications.  Key Responsibilities:Zero Trust & Zscaler EngineeringDeploy and manage Zscaler ZIA, ZPA, ZDX for large enterprise environments.Design and optimize security policies: SSL Inspection, URL Filtering, Sandbox, Access & Timeout Policies, Client Forwarding.Support Zscaler migration and integration with Workspace ONE / MDM platforms.Deploy and manage ZPA App Connectors in data centers and cloud (AWS preferred).Endpoint & Zscaler Client Connector (ZCC)Manage ZCC agent profiles, configuration updates, rollout strategy.Maintain SSL Inspection Exemption lists for certificate‑pinned applications.Support development and monitoring of DLP policies.Advanced Troubleshooting & OperationsPerform L3–L7 troubleshooting using tools such as: Wireshark, tcpdump, MTR, Zscaler Analyzer, ZSATunnel & ZSATray logs.Use ZDX and other Zscaler diagnostics to analyze latency and performance issues.Act as Level‑3 escalation for P1/P2 incidents and coordinate with Zscaler TAMs & Support.Manage Zscaler‑related tickets and escalations in ServiceNow.Collaboration & DocumentationCollaborate with infrastructure, cloud, network, and security teams.Create and maintain SOPs, documentation, and knowledge articles.Qualifications:BS/MS in Computer Science or related area or equivalent relevant experience8+ years of network security / cloud security / Zero TrustStrong hands-on expertise with ZIA, ZPA, ZDX, ZCC (mandatory). Solid understanding of: TCP/IP, DNS, HTTP/HTTPS, TLS/SSL, Proxy architecture, authentication (SAML/AD), IPSec/GREProficiency in packet analysis (Wireshark, tcpdump). Experience with AWS/GCP (networking fundamentals).Strong Analytical, Problem solving, and creative mindsetExperience with various Software Development Lifecycle Process (Agile Development, SCRUM methodologies. etc.)Strong stakeholder communication with leadership and cross-functional teams. Excellent communication skills. Communicates clearly, succinctly, and persuasively to all levels of employees, customers, and managementAbility to work independently and lead problem-solving efforts. Excellent troubleshooting and documentation skills.Ability to work under pressure and in fast‑paced enterprise environments.Preferred CertificationsZscaler: ZCCP‑IA, ZCCP‑PA, ZCCASecurity: CEH, CISSP (added advantage)Networking: CCNP SecurityAWS Cloud Certifications