We are seeking a Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture to lead the design and implementation of modern Zero Trust architectures, with a focus on Zscaler (ZIA/ZPA) and secure access transformation. This role is ideal for a hands-on technical leader who can translate strategy into scalable, real-world solutions—driving DIA-first architectures, eliminating legacy network assumptions, and delivering identity-driven access for enterprise clients in regulated environments.
Responsibilities
Key Responsibilities
Architecture & Solution Design
• Design and deliver end-to-end Zero Trust architectures leveraging ZTNA (ZPA), ZIA, and SSE/SASE frameworks
• Architect DIA-first strategies that eliminate centralized egress and legacy network dependencies
• Ensure all access decisions are based on identity, device posture, and context, not network location
• Lead the transition away from VPN and MPLS to modern secure access models
Hands-On Implementation & Build
• Lead full lifecycle Zscaler implementations across enterprise environments
• Configure and optimize ZIA traffic forwarding and ZPA segmentation
• Design, implement, and continuously refine ZIA policies including URL filtering, SSL inspection, CASB, and DLP
• Troubleshoot complex issues across TLS, DNS, proxy, and application layers
• Optimize for performance, security, and operational scalability
SD-WAN & Network Integration
• Integrate Zscaler with leading SD-WAN platforms
• Implement DIA-based traffic steering using GRE/IPsec tunnels
• Eliminate assumptions of trusted networks and legacy routing models
Technical Leadership
• Serve as a hands-on technical leader across design and delivery
• Establish reusable architecture patterns, standards, and best practices
• Mentor engineers and elevate client technical capabilities
Client Engagement
• Act as a trusted advisor on Zero Trust transformation and secure access strategy
• Lead technical discovery, solution validation, and stakeholder alignment
• Clearly communicate architectural shifts and business impact
Compliance & Risk Alignment
• Align solutions with frameworks such as NIST, NERC-CIP, and ISO
• Ensure designs are audit-ready, secure, and compliant with regulatory requirements
Qualifications
• Work Authorization: Must be legally authorized to work in the United States without employer sponsorship
• Location Requirement: Must be a resident of the continental United States
• 8–12+ years of experience in network security, Zero Trust, or secure access architecture roles
• Deep expertise in Zscaler (ZIA & ZPA), including policy design, optimization, and troubleshooting
• Strong experience designing and implementing Zero Trust Network Access (ZTNA) and SSE/SASE architectures
• Proven experience building DIA-first architectures and eliminating VPN/MPLS-based designs
• Strong knowledge of networking fundamentals including DNS, TLS, proxy architectures, and traffic flow design
• Experience integrating Zscaler with SD-WAN platforms and implementing GRE/IPsec tunnels
• Solid understanding of identity providers such as Entra ID (Azure AD) or Okta, including conditional access and device posture
• Experience with security policy frameworks including URL filtering, SSL inspection, CASB, and DLP
• Familiarity with automation using APIs, Terraform, or similar tooling is a plus
• Experience working in regulated industries (e.g., energy, utilities, finance, healthcare) preferred
• Strong troubleshooting skills across network and application layers
• Excellent communication skills with experience engaging both technical teams and business stakeholders
• Demonstrated ability to operate as a hands-on builder across both architecture and implementation
Nice to Haves
• Experience with identity providers such as Entra ID (Azure AD) or Okta in Zero Trust architectures
• Familiarity with endpoint management and device posture enforcement (e.g., Intune, CrowdStrike)
• Experience with automation using Terraform, APIs, or infrastructure-as-code for Zscaler deployments
• Exposure to enterprise compliance frameworks such as NIST, NERC-CIP, or ISO, and collaboration with SOC/SIEM teams
• Knowledge of SIEM platforms (e.g., QRadar, Splunk) and integrating Zscaler logs for visibility and response
• Experience integrating third-party security tools into SSE/SASE ecosystems
• Familiarity with cloud security architectures across Azure, AWS, or GCP
• Exposure to performance monitoring and user experience optimization within secure access environments
• Experience supporting large-scale enterprise transformations from legacy network models to Zero Trust
Compensation
W2 Employment: $150-300k annually with full benefits, including:
401(k) with employer matching 6%
Health, dental, and vision insurance
Paid time off
Life insurance
At DevAltus, we’re a boutique consultancy focused on modern cybersecurity, Zero Trust architecture, and secure access transformation. As a Principal Consultant – Zero Trust, ZTNA & Secure Access (Zscaler), you will lead the design and delivery of identity-driven, cloud-enforced architectures that replace legacy network models and enable secure, scalable access for enterprise clients.
We’re looking for builders—leaders who thrive in both architecture and hands-on implementation, who can navigate complexity, challenge outdated assumptions, and deliver real-world outcomes. If you’re passionate about Zero Trust, Zscaler, and driving meaningful transformation, we’d love to connect.
Please ensure your resume highlights relevant experience with Zscaler (ZIA/ZPA), Zero Trust architecture, DIA-first design, and secure access implementations.