Job Requirements
Remote
Public Trust Polygraph Unspecified
Career Level not specified
$160,000 - $180,000
Job Description
GovCIO is seeking an experienced Zscaler Enterprise Architect to define and deliver enterprise-wide firewall, web security proxy, and secure network architecture solutions across data centers, cloud, and distributed field locations. The Architect will set strategy, design scalable and highly available security platforms, lead complex implementations and migrations, and drive governance, automation, and continuous improvement of network security controls. This position will be within United States and will be fully remote.
Responsibilities
Qualifications
Bachelor's degree in Computer Science, Information Technology, Engineering, or equivalent experience with 15 + years (or commensurate experience)
Required Skills and Experience
Clearance Required: Must be able to attain and maintain an AOUSC Public Trust
Preferred Skills and Experience
Posted Salary Range
USD $160,000.00 - USD $180,000.00 /Yr.
Responsibilities
- Define enterprise network security architecture and roadmap for next-generation firewalls, web security proxies, VPNs, and related controls across data centers, cloud, and branch/remote sites.
- Lead design and implementation of Palo Alto Networks NGFW solutions at scale, including architecture patterns for segmentation, security policies, NAT, VPNs (IPsec/SSL), threat prevention, URL filtering, TLS/SSL decryption, and high-availability/clustering.
- Architect and validate network designs for Cisco routing and switching across LAN/WAN, ensuring performance, resilience, and security for high-throughput environments.
- Own architecture and deployment strategies for web security platforms (McAfee Web Gateway / Web Security Proxy) and cloud-based secure web gateways (e.g., Zscaler), including policy models, threat protection, content inspection, and telemetry integration.
- Integrate network security solutions with enterprise identity and authentication services (Active Directory, LDAP, RADIUS, TACACS+, 802.1X), enabling centralized policy enforcement and role-based access controls.
- Define secure network segmentation, micro-segmentation, and zero-trust network access strategies; produce reference architectures, design patterns, and configuration baselines.
- Drive cross-functional security initiatives: large-scale firewall and proxy migrations, datacenter-to-cloud transition, SD-WAN and SASE adoption, and consolidation of security tooling.
- Establish governance: security policy lifecycle, rulebase rationalization, change control, risk assessments, and exception processes.
- Design and implement logging, telemetry, and monitoring architectures to surface threats, performance issues, and policy violations; integrate with SIEM, SOAR, and observability platforms.
- Lead incident response for network security events, conduct root-cause analysis, and define remediation and preventative controls.
- Optimize operational processes via automation and IaC (Ansible, Terraform, scripts) for deployment, configuration management, and compliance validation.
- Provide technical leadership, mentor engineers, coordinate vendor engagements, and influence executive stakeholders on strategy, budgets, and roadmap.
- Ensure architectures meet regulatory, compliance, and audit requirements; produce documentation, diagrams, and security design reviews.
Qualifications
Bachelor's degree in Computer Science, Information Technology, Engineering, or equivalent experience with 15 + years (or commensurate experience)
Required Skills and Experience
- 10+ years of progressive networking and security experience, including 5+ years in architecture/lead roles.
- Deep, demonstrable expertise with Palo Alto Networks NGFW architecture and deployment at enterprise scale.
- Extensive experience with Cisco routing and switching design across enterprise LAN/WAN and data center environments.
- Strong experience designing and deploying McAfee Web Gateway/Web Security Proxy and cloud secure web gateway solutions (e.g., Zscaler).
- In-depth knowledge of TCP/IP, routing protocols, switching, VLANs, VRFs, ACLs, NAT, QoS, DNS/DHCP/NTP.
- Expertise in VPN technologies (IPsec, SSL/TLS), secure remote access, and zero-trust network architectures.
- Hands-on experience integrating security platforms with AD/LDAP, RADIUS/TACACS+, and 802.1X.
- Proven ability with automation and Infrastructure as Code (Ansible, Terraform, Python scripting) for network/security operations.
- Experience with logging / telemetry integration, SIEM, threat detection, and incident response processes.
- Strong documentation, architecture modeling, and stakeholder communication skills.
Clearance Required: Must be able to attain and maintain an AOUSC Public Trust
Preferred Skills and Experience
- Master's preferred
- Relevant certifications: Palo Alto (PCNSE/PCNSA), Cisco (CCNP/CCIE), CISSP, SANS/GIAC.
- Experience with SD-WAN, SASE, cloud networking (AWS, Azure), and micro-segmentation technologies.
- Prior experience leading large-scale migrations, global rollouts, or managed security
Posted Salary Range
USD $160,000.00 - USD $180,000.00 /Yr.
group id: 10384469
After the acquisition of Salient CRGT, we're excited to introduce the new GovCIO. As we evolve towards our next phase as a company, we’ve refreshed our brand to better position ourselves in the government marketplace.