Network Security Engineer

We are seeking an experienced Network Security Engineer to lead the design, deployment, and management of Zscaler ZPA and ZIA solutions across our enterprise network. This is a hands-on role requiring deep technical expertise, with the opportunity to shape and secure network access for both cloud and on-premises environments. You will work closely with IT, security, and compliance teams to deliver secure, scalable, and policy-compliant infrastructure.

• Design, deploy, and manage Zscaler ZPA and ZIA solutions across the organisation.
• Integrate Zscaler platforms with identity providers (IdPs), SIEM tools, and endpoint security platforms.
• Monitor and optimise Zscaler configurations, including policies, access rules, and application segments.
• Troubleshoot and resolve issues relating to DNS filtering, SSL inspection, traffic forwarding, and secure access.
• Collaborate with cross-functional teams to ensure secure and compliant network architecture.
• Maintain up-to-date documentation for all relevant Zscaler configurations and operational procedures.
• Stay informed on emerging threats, platform updates, and industry best practices.
• Troubleshoot application connectivity within cloud environments.
• Use basic Linux commands for script execution, key updates, cron job management, and connection troubleshooting.
• Contribute to the design and documentation of on-premises, cloud, and ZPA network architecture, ensuring alignment with security best practices.

• Minimum 8 years’ experience in network security or a closely related discipline.
• At least 2 years of hands-on experience with Zscaler ZPA and ZIA.
• Strong understanding of TCP/IP, DNS, VPNs, firewalls, and proxy technologies.
• Proven experience with cloud platforms such as AWS, Azure, or GCP, and working knowledge of Zero Trust architecture.
• Familiarity with identity and access management (IAM) and SAML/SSO integrations.
• Proficient in the use of network and security monitoring tools such as Wireshark, Splunk, or similar.
• Good understanding of routing protocols, such as OSPF and BGP.
• Strong problem-solving abilities and effective communication skills.

• Zscaler certifications (e.g. ZCCA-IA, ZCCA-PA, or Zscaler Certified Cloud Professional).
• Experience with network automation or scripting (e.g. Python, PowerShell, Bash).
• Familiarity with infrastructure-as-code tools, such as Terraform or Ansible.
• Understanding of SASE (Secure Access Service Edge) frameworks.
• Exposure to cloud security standards (e.g. CIS Benchmarks, NIST, CSA).
• Experience with ITSM tools like ServiceNow.
• Knowledge of endpoint protection platforms (e.g. CrowdStrike, SentinelOne).
• Working knowledge of Active Directory and Azure Active Directory.
• Involvement in security audits or compliance assessments.
• Understanding of regulatory frameworks such as ISO 27001, GDPR, or SOC 2.
• Experience supporting global enterprise networks.
• Previous experience working in a regulated industry such as finance, healthcare, or government.

Please email your CV to janice.gomes@stottandmay.com for immediate consideration.