Network security Engineer (L2/L3)

Network security Engineer (L2/L3)

RoleSummary:

Shouldfocus on day-2-day operations, incident, change management, and user centrictroubleshooting.

Operate andcontinuously improve the organization's Secure Access Service Edge (SASE)services using Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA),ensuring secure, reliable user connectivity and strong policy governance.

Keyresponsibilities (Operational / BAU)

. Runday-to-day operations for ZIA (web gateway, SSL inspection, URL filtering,cloud app control, sandbox, DLP , DNS security).

. Runday-to-day operations for ZPA (App Segments, Access Policies, Connectormanagement, posture requirements, policy troubleshooting).

. Monitorservice health and user experience proactively identify trends and recurringissues.

. HandleL2/L3 incident troubleshooting: authentication issues (SSO/SAML),PAC/forwarding issues, tunnel/connector issues, policy blocks, certificate/SSLinspection issues.

. Performpolicy administration: create/update rules, exceptions, and change deploymentsfollowing CAB/ITSM change controls.

. Maintainforwarding architecture: Zscaler Client Connector, GRE/IPsec tunnels, PACfiles, forwarding profiles, location configuration, traffic steering.

. Manageintegrations: IdP (Azure AD/Entra ID, Okta, ADFS), SIEM (Splunk/QRadar),ticketing (ServiceNow), endpoint tools (Intune/Jamf), MFA.

. Executeroutine operational tasks: connector upgrades, certificate updates, locationupdates, application onboarding to ZPA, user/group updates.

. Work withvendors/TAC drive cases to closure and implement corrective actions.

. Maintaindocumentation: runbooks, SOPs, troubleshooting guides, policy standards,onboarding checklists.

. Supportaudits and compliance: policy reviews, recertification evidence,logging/retention checks. Menlo Web Isolation Maintain allow-list/whitelist forapproved URLs/domains based on business justification and securityrequirements.

. Manageexception lifecycle: approvals, expiry dates, periodic review/cleanup, andrecertification evidence.

. Ensureisolation policies align with ZIA policies and do not create conflicting userexperience (e.g., bypass vs isolate logic) Site not loading in isolation,rendering issues, broken web apps, file download/upload restrictions,clipboard/printing controls (as applicable)

Coreskills:

. Strongworking knowledge of ZIA (SSL inspection, URL filtering, CASB/app control,sandbox, forwarding methods).

. Strongworking knowledge of ZPA (connectors, app segments, access policies, posture,authentication flows).

. Troubleshootingacross endpoint + network + identity (DNS, TLS cert chains, proxy behavior,SAML/SSO, routing).

.ITSM/change management discipline (ServiceNow/JIRA), documentation habits.Strong knowledge about Zero Trust concepts

.Nice-to-have: SIEM integration, DLP, basic scripting (PowerShell/Python) forops automation.