Network security Engineer (L2/L3)

Role Summary:

Should focus on day-2-day operations, incident, change management, and user centric troubleshooting.

Operate and continuously improve the organization's Secure Access Service Edge (SASE)services using Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA),ensuring secure, reliable user connectivity and strong policy governance.

Certification

Zscaler certifications

Key Responsibilities (Operational / BAU)

. Runday-to-day operations for ZIA (web gateway, SSL inspection, URL filtering,cloud app control, sandbox, DLP , DNS security).

. Runday-to-day operations for ZPA (App Segments, Access Policies, Connector management, posture requirements, policy troubleshooting).

. Monitorservice health and user experience proactively identify trends and recurring issues.

. HandleL2/L3 incident troubleshooting: authentication issues (SSO/SAML),PAC/forwarding issues, tunnel/connector issues, policy blocks, certificate/SSL inspection issues.

. Perform policy administration: create/update rules, exceptions, and change deployments following CAB/ITSM change controls.

. Maintain forwarding architecture: Zscaler Client Connector, GRE/IPsec tunnels, PAC files, forwarding profiles, location configuration, traffic steering.

. Manage integrations: IdP (Azure AD/Entra ID, Okta, ADFS), SIEM (Splunk/QRadar),ticketing (ServiceNow), endpoint tools (Intune/Jamf), MFA.

. Execute routine operational tasks: connector upgrades, certificate updates, location updates, application onboarding to ZPA, user/group updates.

. Work with vendors/TAC drive cases to closure and implement corrective actions.

. Maintain documentation: runbooks, SOPs, troubleshooting guides, policy standards,onboarding checklists.

. Support audits and compliance: policy reviews, recertification evidence,logging/retention checks. Menlo Web Isolation Maintain allow-list/whitelist for approved URLs/domains based on business justification and security requirements.

. Manage exception lifecycle: approvals, expiry dates, periodic review/cleanup, and recertification evidence.

. Ensure isolation policies align with ZIA policies and do not create conflicting user experience (e.g., bypass vs isolate logic) Site not loading in isolation,rendering issues, broken web apps, file download/upload restrictions,clipboard/printing controls (as applicable)

Core skills:

. Strong working knowledge of ZIA (SSL inspection, URL filtering, CASB/app control,sandbox, forwarding methods).

. Strong working knowledge of ZPA (connectors, app segments, access policies, posture,authentication flows).

.Troubleshooting across endpoint + network + identity (DNS, TLS cert chains,proxy behavior, SAML/SSO, routing).

.ITSM/change management discipline (ServiceNow/JIRA), documentation habits.Strong knowledge about Zero Trust concepts

.Nice-to-have: SIEM integration, DLP, basic scripting (PowerShell/Python) forops automation.