Senior IT Security & Zscaler Managed Services Engineer

The Senior IT Security & Zscaler Managed Services Engineer will be responsible for managing and optimizing Zscaler security solutions, IT security tools, and vulnerability management processes. This role ensures secure traffic routing, compliance enforcement, advanced threat protection, and day-to-day operations of critical security platforms.

Key Responsibilities

Zscaler Managed Services

• Configure and manage locations, sublocations, GRE/IPSec tunnels, and redundancy.
• Fine-tune forwarding profiles, app profiles, PAC files, and bypass/redirect policies.
• Manage ZCC client profiles, virtual private service edges, and authentication methods (SAML, SCIM).
• Implement and maintain ZIA traffic forwarding (Client Connector, GRE/IPSec tunnels, PAC files, DNS resolution).
• Configure and enforce Access Control, URL Filtering, DLP, Threat Prevention, SSL Inspection, and Compliance Policies.
• Implement bandwidth control and traffic shaping policies based on user identity, time, and location.
• Configure Browser Control, Smart Browser Isolation, Cloud App Control, File Type Control, Firewall, DNS, FTP inspection, IPS, and sandbox policies.
• Perform policy testing, documentation of test cases, and maintain audit-ready records.
• Utilize Zscaler Analyzer, reporting, and analytics tools for troubleshooting and performance monitoring.
• Maintain Zscaler components with latest updates, patches, and security signatures.
• Configure CASB features for data protection, threat prevention, compliance, and Shadow IT discovery.
• Configure SaaS Security API policies for DLP and malware detection in sanctioned SaaS applications.

IT Security Tools Managed Services

• SentinelOne Management & Support Monitor, configure, and maintain endpoint protection.
• Antivirus Management Manage APEX and Windows Defender (future stages).
• NAC Management & Support Ensure secure network access control.
• IPS/IDS Signature Maintenance Update and fine-tune intrusion prevention/detection systems.

Vulnerability Management

• Emergency Vulnerability Patching/Mitigation Prioritize and resolve emergency vulnerabilities within SLA.
• Validate patch effectiveness and maintain detailed documentation.
• Comprehensive Vulnerability Remediation Deploy OS, application, and firmware patches.
• Remediate configuration issues and unsupported software vulnerabilities.
• Maintain vulnerability management database for tracking.
• Reporting & Compliance Generate weekly/monthly reports on vulnerability status, trends, and risks.
• Provide actionable recommendations for process improvement.
• Achieve 90% KPI compliance for vulnerabilities patched within SLA.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 5+ years in IT security operations and vulnerability management.
• 2+ years hands-on experience with Zscaler solutions (ZIA, ZCC, CASB).
• Experience managing SentinelOne, NAC, IPS/IDS, Antivirus platforms.
• Strong knowledge of network protocols (TCP/IP, DNS, GRE, IPSec).
• Expertise in policy configuration (DLP, URL filtering, SSL inspection, threat prevention).
• Familiarity with authentication methods (SAML, SCIM) and identity-based access control.
• Experience with CASB implementation and SaaS security best practices.

Preferred Certifications

• Zscaler Certified Cloud Professional (ZCCP)
• Zscaler Certified Cloud Administrator (ZCCA)
• Relevant security certifications (CISSP, CCSP, CEH, etc.).

Soft Skills

• Strong troubleshooting and analytical skills.
• Excellent documentation and communication abilities.

KPIs & Performance Metrics

• 90% SLA compliance for vulnerability remediation.
• Zero critical misconfigurations in Zscaler and security tools.
• Timely reporting (weekly/monthly) with actionable insights.
• Continuous improvement in security posture and compliance adherence.