Sr. Network Security Architect Zscaler - Remote

Job Title: Sr. Network Security Architect - Zscaler- Remote -Duration: 6 Months CTHLocation: remoteThe client needs someone who is comfortable with... making decisions and backing it up with solid points if we disagree.This role requires a:Security-focused Network Architect with deep Zscaler expertise, strong Zero Trust experience, and the ability to independently design and troubleshoot complex environments.1) Zscaler Expertise (Mandatory)This is the most critical requirement.Strong hands-on experience with Zscaler platforms:ZIA (Internet Access)ZPA (Private Access)ZDX (Digital Experience)Experience configuring policies, SSL inspection, and application accessExperience deploying and managing ZPA App ConnectorsRecruiter takeaway:If the candidate does not have deep, hands-on Zscaler experience, they are not a fit.2) Zero Trust ArchitectureExperience designing and implementing Zero Trust ArchitectureUnderstanding of identity-based access vs traditional perimeter securityExperience aligning security architecture with enterprise strategyRecruiter takeaway:Look for candidates who have designed or led Zero Trust initiatives—not just supported them.3) Network Security + Networking FundamentalsStrong understanding of:IPSec and GRE tunnelsDNS architectureSecure Web GatewaysRouting and network protocolsAbility to troubleshoot at both network and security layersRecruiter takeaway:Candidate must be strong in both networking and security. One without the other will not be sufficient.4) Cloud Security and Identity IntegrationExperience integrating with identity platforms such as:Microsoft Azure ADCyberArkUnderstanding of secure access in cloud and hybrid environmentsRecruiter takeaway:Look for candidates who understand how identity ties into network security (especially in Zscaler/ZPA environments).5) Advanced Troubleshooting (Critical Differentiator)Ability to troubleshoot complex, non-standard, and legacy environmentsStrong experience with log analysis and traffic inspectionComfortable working through ambiguous or undefined issues independentlyRecruiter takeaway:This role requires someone who can operate without heavy direction. Candidates should demonstrate ownership of complex problem-solving.6) Security-First MindsetBackground in penetration testing, red teaming, or offensive security is a strong plusAbility to think from an attacker's perspective when designing defensesRecruiter takeaway:Prioritize candidates who approach architecture from a security-first standpoint, not just infrastructure.7) Architecture and Leadership ExperienceExperience designing scalable security solutionsAbility to collaborate across security, network, and IAM teamsStrong documentation and communication skillsRecruiter takeaway:This is an architect-level role. Candidates should demonstrate ownership of design, not just implementation.Quick Screening ChecklistUse this to qualify candidates quickly:Hands-on experience with Zscaler (ZIA, ZPA, ZDX)Experience designing or implementing Zero Trust ArchitectureStrong networking fundamentals (IPSec, DNS, routing)Experience troubleshooting complex or legacy environments independentlyExposure to identity integrations (Azure AD, CyberArk)Common Red FlagsOnly "exposure" to Zscaler without hands-on implementationStrong firewall/network background but limited security architecture experienceNo experience with Zero Trust concepts or implementationsCandidates who rely on structured environments and lack experience handling ambiguityIMPORTANT SOFT SKILLS:Operates independently, thinks like a security architect, communicates clearly, and can navigate complex, ambiguous environments without relying on structure.DAY IN THE LIFE:This is a hands-on security architect role, not a passive design position. The day is a mix of:Designing and implementing solutions in ZscalerTroubleshooting complex network/security issuesCollaborating with network, security, and IAM teamsDriving Zero Trust initiatives forwardA hands-on security architect role focused on Zscaler and Zero Trust, where you'll design, implement, and troubleshoot complex network security solutions while working across teams in a dynamic, often non-standard environment.Zscaler Certifications: ZCP, ZDTA, ZDTE, ZDXA (or equivalent)Experience with additional security platforms such as Palo Alto and CiscoStrong written and verbal communication skills with the ability to document architecture and processes clearlyOffensive Security BackgroundExposure to:Penetration testingRed teamingVulnerability assessmentsRecruiter takeaway:Candidates with this background tend to design more resilient, threat-aware architectures.Zscaler (ZIA/ZPA/ZDX) + network security technologies (VPN, DNS, SWG) + identity platforms (Azure AD, CyberArk) + logging/troubleshooting toolsNice-to-Have Skillsets1) Zscaler CertificationsCertifications such as:ZCP, ZDTA, ZDTE, ZDXARecruiter takeaway:Helpful for validating expertise, but should not outweigh real-world, hands-on Zscaler experience.8–12+ years total experienceAt least 3–5+ years in security-focused rolesDemonstrated architect-level ownership (not just engineer tasks)Strong exposure to Zero Trust and modern security frameworks*experience weighs more than certificationsThis is a hands-on security architect role where you'll lead Zscaler and Zero Trust initiatives, work on complex real-world environments, and have full ownership over design and implementation—without being stuck in day-to-day operational noise.This is a lead roleThis role is centered around:Expanding and optimizing ZscalerDriving Zero Trust adoptionModernizing legacy infrastructureImproving secure connectivity and identity-driven accessThese are high-impact, ongoing initiatives, not one-off projects—ideal for candidates who want ownership and long-term influence.Thank you,Shiva Mittal