Senior Network Security Engineer

We are looking for a Senior Zscaler & Palo Alto Firewall Engineer to drive the design, deployment, and ongoing optimization of our enterprise-grade Zero Trust security fabric. This is a hands-on, senior-level technical role on a small but high-impact network security team. You will be a go-to expert for Zscaler (ZIA + ZPA), Palo Alto firewalls, Terraform-driven infrastructure-as-code, and complex routing/cloud networking across a multi-cloud, multi-branch environment.

Key Responsibilities

- Lead the architecture, deployment, and lifecycle management of
Zscaler Internet Access (ZIA)
and
Zscaler Private Access (ZPA)
at scale (including App Connectors, ZPA gateways, policy orchestration, and integration with identity providers).
- Design, configure, and maintain
Palo Alto Networks
firewall estates (PA-Series, VM-Series, and Panorama) with security policy automation, URL filtering, threat prevention, etc..
- Build and maintain reusable
Terraform modules
for Zscaler, Palo Alto, cloud networking, and routing infrastructure (full IaC pipelines using Terraform Cloud/Enterprise, GitHub Actions, or equivalent).
- Architect and optimize routing strategies (BGP, OSPF, static, policy-based routing) for hybrid WAN, internet breakout, direct cloud connectivity, and SD-WAN overlays.
- Troubleshoot complex issues involving Zscaler tunnels, Palo Alto sessions, routing loops, asymmetric routing, and multi-cloud latency.
- Automate operational tasks (provisioning, upgrades, policy drift detection, compliance reporting) using Terraform where appropriate.
- Provide technical leadership and mentorship to mid-level and junior engineers.
- Document architecture, runbooks, and lessons learned.

Required Qualifications

- 5 years of experience with Zscaler, Palo Alto or related technologies.
- Expert-level hands-on deployment and troubleshooting experience with both
Zscaler ZIA
and
ZPA
in production environments (1000+ users or 50+ sites).
- Expert-level experience with
Palo Alto
Panorama, device groups, templates, and VM-Series in cloud environments.
- Strong production experience writing and maintaining
Terraform modules
for networking/security appliances (Zscaler Terraform provider, Palo Alto Terraform provider, AWS/Azure/GCP providers).
- Solid understanding of
routing protocols
(BGP especially – eBGP/iBGP, route reflectors, communities, prefix-lists) and
cloud networking
(transit architectures, hub-and-spoke, direct connect, private endpoints).
- Proven track record of delivering secure, scalable designs in multi-cloud or hybrid environments.
- Ability to work independently in a small-team environment while collaborating with cloud, identity, and application teams.

Preferred Qualifications

- Terraform Associate or Terraform Professional certification
- PCNSE (Palo Alto Certified Network Security Engineer)
and
at least one Zscaler certification (ZIA or ZPA Professional/Architect level) preferred
- Experience with SASE, SD-WAN, or full Zero Trust Network Access (ZTNA 2.0) migrations
- Scripting/automation beyond Terraform (Python, PowerShell)
- Experience in regulated industries (finance, healthcare, retail) with compliance requirements (PCI, SOC 2, HIPAA)
- CCNP (or equivalent advanced routing/security knowledge)

Location: This role can be based in Charlotte, Atlanta or Dallas.