Responsibilities

Position Summary:

The Zero Trust / Zscaler Support Engineer supports a cabinet level agency’s Zero Trust security program through the hands-on implementation, administration, troubleshooting, and optimization of cloud-based Secure Access Service Edge (SASE) technologies, primarily the Zscaler platform. This role works closely with Federal and contractor teams to deploy and maintain secure remote access solutions, troubleshoot connectivity and authentication issues, support end users, and improve the overall security and user experience of the enterprise environment.

 

The position serves as a technical escalation resource responsible for supporting Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital Experience (ZDX), and Zscaler Client Connector (ZCC) operations while assisting with policy management, incident response, root cause analysis, and operational documentation. The role requires a highly hands-on engineer capable of working directly with network traffic analysis, authentication systems, endpoint connectivity, and cloud security technologies in support of the Department’s Zero Trust initiatives.

 

Key Responsibilities:

• Deploy, configure, maintain, and support Zscaler cloud security platforms including ZIA, ZPA, ZDX, and ZCC in support of the Department’s Zero Trust architecture.
• Provide day-to-day operational support and troubleshooting for internet access, private application access, VPN replacement technologies, authentication workflows, SSL inspection, DNS resolution, and endpoint connectivity issues.
• Diagnose and resolve complex technical issues involving HTTP/HTTPS traffic, firewall policies, proxy configurations, certificate inspection, traffic forwarding, authentication integrations, and user-access problems.
• Serve as a frontline and escalation support engineer for Zero Trust and Zscaler-related incidents affecting enterprise users and applications.
• Implement and maintain Zscaler security policies including URL filtering, SSL inspection, DLP, CASB, threat protection, segmentation, and access control policies.
• Assist with integration and troubleshooting involving identity providers, SAML authentication, SCIM provisioning, Active Directory, Entra ID/Azure AD, MFA, and endpoint posture validation.
• Monitor and optimize Zscaler platform performance and user experience using ZDX and related monitoring capabilities.
• Analyze packet captures and traffic flows using tools including; browser/network diagnostic tools to identify connectivity, latency, and policy enforcement issues.
• Create and maintain Standard Operating Procedures (SOPs), troubleshooting guides, network diagrams, root cause analyses, and operational documentation.
• Coordinate closely with Network Services, Cyber Security, Endpoint Engineering, Cloud Operations, and Service Desk teams to resolve operational issues and improve service delivery.
• Support change management activities, including implementation validation, testing, rollback planning, and post-change verification.
• Assist with onboarding applications and users into Zero Trust workflows and secure access models.
• Support incident response and operational investigations by reviewing logs, telemetry, authentication events, and policy enforcement activity.
• Identify operational improvement opportunities and assist with automation initiatives using APIs, scripting, and standardized deployment methodologies.
• Provide technical guidance and knowledge transfer sessions to internal support teams and operational stakeholders

Qualifications

Basic Qualifications:

• Min 8 years with BS/BA, Min 6 years with MS/MA, or Min of 12 years with High School Diploma.
• 2+ years of experience supporting Zscaler technologies and network security platforms. 
• Strong hands-on experience supporting Zscaler technologies including ZIA and ZPA within enterprise environments.
• Good understanding of Zero Trust and SASE security architectures and secure remote access concepts.
• Must be a US Citizen or Green Card Holder and have the ability to obtain a Public Trust. 

• Strong knowledge of:
• TCP/IP
• DNS
• HTTP/HTTPS
• SSL/TLS inspection
• VPN technologies
• Proxy technologies
• Firewall concepts
• Authentication protocols including SAML and SCIM

Target Salary Range$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.