user avatar

Zscaler Enterprise Architect

GovCIO

Posted today

Job Requirements

Remote
Public Trust Polygraph Unspecified
Career Level not specified
$160,000 - $180,000

Job Description

GovCIO is seeking an experienced Zscaler Enterprise Architect to define and deliver enterprise-wide firewall, web security proxy, and secure network architecture solutions across data centers, cloud, and distributed field locations. The Architect will set strategy, design scalable and highly available security platforms, lead complex implementations and migrations, and drive governance, automation, and continuous improvement of network security controls. This position will be within United States and will be fully remote.

Responsibilities

  • Define enterprise network security architecture and roadmap for next-generation firewalls, web security proxies, VPNs, and related controls across data centers, cloud, and branch/remote sites.
  • Lead design and implementation of Palo Alto Networks NGFW solutions at scale, including architecture patterns for segmentation, security policies, NAT, VPNs (IPsec/SSL), threat prevention, URL filtering, TLS/SSL decryption, and high-availability/clustering.
  • Architect and validate network designs for Cisco routing and switching across LAN/WAN, ensuring performance, resilience, and security for high-throughput environments.
  • Own architecture and deployment strategies for web security platforms (McAfee Web Gateway / Web Security Proxy) and cloud-based secure web gateways (e.g., Zscaler), including policy models, threat protection, content inspection, and telemetry integration.
  • Integrate network security solutions with enterprise identity and authentication services (Active Directory, LDAP, RADIUS, TACACS+, 802.1X), enabling centralized policy enforcement and role-based access controls.
  • Define secure network segmentation, micro-segmentation, and zero-trust network access strategies; produce reference architectures, design patterns, and configuration baselines.
  • Drive cross-functional security initiatives: large-scale firewall and proxy migrations, datacenter-to-cloud transition, SD-WAN and SASE adoption, and consolidation of security tooling.
  • Establish governance: security policy lifecycle, rulebase rationalization, change control, risk assessments, and exception processes.
  • Design and implement logging, telemetry, and monitoring architectures to surface threats, performance issues, and policy violations; integrate with SIEM, SOAR, and observability platforms.
  • Lead incident response for network security events, conduct root-cause analysis, and define remediation and preventative controls.
  • Optimize operational processes via automation and IaC (Ansible, Terraform, scripts) for deployment, configuration management, and compliance validation.
  • Provide technical leadership, mentor engineers, coordinate vendor engagements, and influence executive stakeholders on strategy, budgets, and roadmap.
  • Ensure architectures meet regulatory, compliance, and audit requirements; produce documentation, diagrams, and security design reviews.


Qualifications

Bachelor's degree in Computer Science, Information Technology, Engineering, or equivalent experience with 15 + years (or commensurate experience)

Required Skills and Experience

  • 10+ years of progressive networking and security experience, including 5+ years in architecture/lead roles.
  • Deep, demonstrable expertise with Palo Alto Networks NGFW architecture and deployment at enterprise scale.
  • Extensive experience with Cisco routing and switching design across enterprise LAN/WAN and data center environments.
  • Strong experience designing and deploying McAfee Web Gateway/Web Security Proxy and cloud secure web gateway solutions (e.g., Zscaler).
  • In-depth knowledge of TCP/IP, routing protocols, switching, VLANs, VRFs, ACLs, NAT, QoS, DNS/DHCP/NTP.
  • Expertise in VPN technologies (IPsec, SSL/TLS), secure remote access, and zero-trust network architectures.
  • Hands-on experience integrating security platforms with AD/LDAP, RADIUS/TACACS+, and 802.1X.
  • Proven ability with automation and Infrastructure as Code (Ansible, Terraform, Python scripting) for network/security operations.
  • Experience with logging / telemetry integration, SIEM, threat detection, and incident response processes.
  • Strong documentation, architecture modeling, and stakeholder communication skills.


Clearance Required: Must be able to attain and maintain an AOUSC Public Trust

Preferred Skills and Experience
  • Master's preferred
  • Relevant certifications: Palo Alto (PCNSE/PCNSA), Cisco (CCNP/CCIE), CISSP, SANS/GIAC.
  • Experience with SD-WAN, SASE, cloud networking (AWS, Azure), and micro-segmentation technologies.
  • Prior experience leading large-scale migrations, global rollouts, or managed security

Posted Salary Range

USD $160,000.00 - USD $180,000.00 /Yr.
group id: 10384469

After the acquisition of Salient CRGT, we're excited to introduce the new GovCIO. As we evolve towards our next phase as a company, we’ve refreshed our brand to better position ourselves in the government marketplace.

job ad image
Find GovCIO on Social Media
Recruiters
user avatar
About Us
GovCIO was founded with a single purpose-To Transform Government IT. Our expert teams apply groundbreaking IT solutions to optimize government agencies’ daily operations so they can focus on serving our citizens. We want to make a difference, so we’ve built an inclusive work culture to fuel this mission. Various skills and perspectives make us better problem solvers and creators. We’re changing the face of IT-from our diverse staff to the end-products we develop and we want you on our team!
job ad2 image

GovCIO Jobs


Clearance Level
Public Trust
Employer
GovCIO