ZPA Network Engineer

---

Key Responsibilities

- Collaborate with Enterprise ZTNA network and security teams, as well as identity and application stakeholders, to design and support ZPA-based access to internal applications.

- Design, implement, and maintain Zscaler Private Access connectivity, including App Connectors, Server Groups, Application Segments, and access policy configurations.

- Analyze and assess legacy network and VPN-based access requirements, agency-specific application needs, and connectivity dependencies, and translate them into ZPA application-level access models.

- Support the onboarding of applications to ZPA by validating network paths, ports, protocols, and dependency requirements, and coordinating testing and validation activities.

- Configure and support ZPA access policies that enforce least-privileged access while minimizing disruption to mission-critical operations.

- Troubleshoot ZPA-related access and connectivity issues, including user access failures, application reachability concerns, and connector health or routing issues.

- Participate in migration activities to transition users and applications from legacy access models to ZPA in coordination with enterprise and agency stakeholders.

- Ensure ZPA configurations and access models are documented, auditable, and aligned with Commonwealth security, governance, and compliance requirements.

- Develop and maintain technical documentation, including configuration standards, procedures, diagrams, and operational runbooks.

- Engage with vendors and Zscaler support to resolve complex issues and support platform stability and optimization.

 

Required Skills and Experience

- Strong background in enterprise networking, including routing, firewalling, DNS, and traffic flow analysis.

- Experience implementing and supporting secure application access technologies such as Zscaler Private Access or similar Zero Trust access platforms.

- In-depth understanding of Zero Trust Network Access concepts and application-level segmentation.

- Ability to analyze complex, legacy network environments and translate them into scalable, enforceable access models.

- Experience working in regulated or compliance-driven environments, ensuring adherence to security and governance standards.

- Strong documentation, communication, and collaboration skills for cross-functional engagement.

 

Preferred Qualifications

- Zscaler certifications such as Zscaler Digital Transformation Administrator or Zscaler Digital Transformation Engineer.

- Completion of Zscaler administrator or engineer training courses relevant to ZPA.

- Industry-recognized certifications such as CCNP, Security+, CySA+, or equivalent.

- Experience supporting large, multi-agency, or public-sector enterprise environments.

- Familiarity with regulatory and security frameworks such as CJIS, NIST 800-53, or similar standards.

- Hands-on experience supporting access modernization initiatives in complex enterprise environments.

 

Position Characteristics

- This role supports the Enterprise ZTNA program and works closely with enterprise network and enterprise security teams.

- The position balances strong security controls with operational requirements, focusing on reliable and secure private application access.

- The ZPA Network Engineer is responsible for ensuring ZPA-based access is implemented consistently and operates effectively within the Commonwealth’s Zero Trust architecture.

 

Fill the skill matrix below:

Skill	Required/Desired	Amount	Candidate's No. of years of experience
Strong background in enterprise networking, including routing, firewalling, DNS, and traffic flow analysis.	Required	8
Experience implementing and supporting secure application access technologies such as Zscaler Private Access or similar Zero Trust access platforms.	Required
In-depth understanding of Zero Trust Network Access concepts and application-level segmentation.	Required
Ability to analyze complex, legacy network environments and translate them into scalable, enforceable access models.	Required
Experience working in regulated or compliance-driven environments, ensuring adherence to security and governance standards.	Required
Zscaler certifications such as Zscaler Digital Transformation Administrator or Zscaler Digital Transformation Engineer.	Highly desired
Completion of Zscaler administrator or engineer training courses relevant to ZPA.	Highly desired
Industry-recognized certifications such as CCNP, Security+, CySA+, or equivalent.	Highly desired
Familiarity with regulatory and security frameworks such as CJIS, NIST 800-53, or similar standards.	Highly desired

• Apply Now
• Fields with * are required

  What is your full name?

  How can we contact you?

  Home Cell Work

  Where are you located?

  State* Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Dist. Of Columbia Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming

  What is your preferred method of communication?

  Email Text Message

  File Upload: (only PDF, DOC, DOCX are accepted)

  I agree to MBIUS' Application Information Use Policy

  Please Enter the 3 Black Symbols