Job Description

Key Responsibilities

• Serve as the L3 escalation point for ZIA, ZPA, ZDX, and Browser Isolation incidents affecting user connectivity or application performance.
• Perform end-to-end packet flow analysis involving GRE/IPSec tunnels, PAC file behavior, DNS resolution, and authentication exchanges with IdPs (SAML, SCIM, OAuth).
• Troubleshoot complex integrations between Zscaler connectors, public/private applications, and enterprise firewalls (e.g., Palo Alto, Cisco, Fortinet).
• Conduct advanced health monitoring using ZDX analytics and API-based telemetry from Zscaler Nano/Z App clients.
• Use Zscaler Central Authority (ZCC), ZIA Admin Portal, and ZPA Admin Portal to configure, validate, and optimize policies across user groups, segments, and tenant environments.
• Diagnose and resolve SSL inspection issues, certificate chain mismatches, or DPI conflicts affecting end-user traffic.
• Optimize ZIA and ZPA Access Control Policies, App Segmentation Policies, and ensure efficient traffic routing and posture checks.
• Integrate and maintain authentication and provisioning with Azure AD, Okta, and on-prem AD Connectors; automate onboarding/offboarding workflows through APIs or scripts.
• Conduct Zscaler App Connector deployments, upgrades, and health checks on virtual platforms (VMware, AWS, Azure).
• Lead post-incident reviews and root cause analyses, ensuring lessons learned are operationalized via Knowledge Base documents or automated monitors.
• Train and mentor L1/L2 engineers in interpreting Zscaler logs, leveraging Zscaler Diagnostics (e.g., Packet Capture, Browser Access Logs), and implementing operational best practices.
• Maintain documentation for baseline configurations, topology diagrams, and approval workflows for policy changes.
• Collaborate with vendor TAC and internal Security Engineering teams for escalations and platform optimization.

Required Skills & Experience

• Minimum 10 years of experience in network/security engineering, with 5+ years dedicated to Zscaler platforms (ZIA, ZPA, ZDX, Browser Isolation).
• Deep understanding of:
• Proxy architectures (explicit and transparent modes) and SSL/TLS inspection pipelines
• GRE/IPSec tunnel establishment with branch gateways or SD-WAN devices
• Authentication integrations (SAML, OAuth, LDAP, SCIM) and troubleshooting identity flow mismatches
• ZDX client diagnostic data, synthetic monitoring setup, and endpoint telemetry analysis
• Adaptive policy control using ZTNA segmentation for private apps and traffic steering via PAC/transparent proxy rules
• Proficiency with network diagnostic tools: Wireshark, Zscaler Analyzer, curl/wget, nslookup/dig, and browser developer tools.
• Sound knowledge of routing, VPN, DNS, and certificate management in enterprise hybrid networks.
• Experience with Zscaler API usage for reporting, policy automation, and workflow orchestration is a plus.
• Familiarity with script-based automation (Python, PowerShell) and integration with ITSM tools (ServiceNow, Jira).
• Strong analytical, documentation, and communication skills with the ability to translate technical findings into actionable recommendations.
• Preferred certifications: ZCCP-IA, ZCCP-PA, ZDX Certified, CCNP Security, or equivalent.

Work Conditions

• Role based out of Hyderabad or Pune.
• Availability for 24x7 escalation support and participation in on-call rotations for high-severity incidents.