Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture

Remote Full-time
We are seeking a Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture to lead the design and implementation of modern Zero Trust architectures, with a focus on Zscaler (ZIA/ZPA) and secure access transformation. This role is ideal for a hands-on technical leader who can translate strategy into scalable, real-world solutions—driving DIA-first architectures, eliminating legacy network assumptions, and delivering identity-driven access for enterprise clients in regulated environments.
\n

Responsibilities
Key Responsibilities

Architecture & Solution Design

Design and deliver end-to-end Zero Trust architectures leveraging ZTNA (ZPA), ZIA, and SSE/SASE frameworks

Architect DIA-first strategies that eliminate centralized egress and legacy network dependencies

Ensure all access decisions are based on identity, device posture, and context, not network location

Lead the transition away from VPN and MPLS to modern secure access models

Hands-On Implementation & Build

Lead full lifecycle Zscaler implementations across enterprise environments

Configure and optimize ZIA traffic forwarding and ZPA segmentation

Design, implement, and continuously refine ZIA policies including URL filtering, SSL inspection, CASB, and DLP

Troubleshoot complex issues across TLS, DNS, proxy, and application layers

Optimize for performance, security, and operational scalability

SD-WAN & Network Integration

Integrate Zscaler with leading SD-WAN platforms

Implement DIA-based traffic steering using GRE/IPsec tunnels

Eliminate assumptions of trusted networks and legacy routing models

Technical Leadership

Serve as a hands-on technical leader across design and delivery

Establish reusable architecture patterns, standards, and best practices

Mentor engineers and elevate client technical capabilities

Client Engagement

Act as a trusted advisor on Zero Trust transformation and secure access strategy

Lead technical discovery, solution validation, and stakeholder alignment

Clearly communicate architectural shifts and business impact

Compliance & Risk Alignment

Align solutions with frameworks such as NIST, NERC-CIP, and ISO

Ensure designs are audit-ready, secure, and compliant with regulatory requirements

Qualifications

Work Authorization: Must be legally authorized to work in the United States without employer sponsorship

Location Requirement: Must be a resident of the continental United States

8–12+ years of experience in network security, Zero Trust, or secure access architecture roles

Deep expertise in Zscaler (ZIA & ZPA), including policy design, optimization, and troubleshooting

Strong experience designing and implementing Zero Trust Network Access (ZTNA) and SSE/SASE architectures

Proven experience building DIA-first architectures and eliminating VPN/MPLS-based designs

Strong knowledge of networking fundamentals including DNS, TLS, proxy architectures, and traffic flow design

Experience integrating Zscaler with SD-WAN platforms and implementing GRE/IPsec tunnels

Solid understanding of identity providers such as Entra ID (Azure AD) or Okta, including conditional access and device posture

Experience with security policy frameworks including URL filtering, SSL inspection, CASB, and DLP

Familiarity with automation using APIs, Terraform, or similar tooling is a plus

Experience working in regulated industries (e.g., energy, utilities, finance, healthcare) preferred

Strong troubleshooting skills across network and application layers

Excellent communication skills with experience engaging both technical teams and business stakeholders

Demonstrated ability to operate as a hands-on builder across both architecture and implementation

Nice to Haves

Experience with identity providers such as Entra ID (Azure AD) or Okta in Zero Trust architectures

Familiarity with endpoint management and device posture enforcement (e.g., Intune, CrowdStrike)

Experience with automation using Terraform, APIs, or infrastructure-as-code for Zscaler deployments

Exposure to enterprise compliance frameworks such as NIST, NERC-CIP, or ISO, and collaboration with SOC/SIEM teams

Knowledge of SIEM platforms (e.g., QRadar, Splunk) and integrating Zscaler logs for visibility and response

Experience integrating third-party security tools into SSE/SASE ecosystems

Familiarity with cloud security architectures across Azure, AWS, or GCP

Exposure to performance monitoring and user experience optimization within secure access environments

Experience supporting large-scale enterprise transformations from legacy network models to Zero Trust

\n$150 - $300 a year
Compensation

W2 Employment: $150-300k annually with full benefits, including:

401(k) with employer matching 6%

Health, dental, and vision insurance

Paid time off

Life insurance


\nAt DevAltus, we’re a boutique consultancy focused on modern cybersecurity, Zero Trust architecture, and secure access transformation. As a Principal Consultant – Zero Trust, ZTNA & Secure Access (Zscaler), you will lead the design and delivery of identity-driven, cloud-enforced architectures that replace legacy network models and enable secure, scalable access for enterprise clients.

We’re looking for builders—leaders who thrive in both architecture and hands-on implementation, who can navigate complexity, challenge outdated assumptions, and deliver real-world outcomes. If you’re passionate about Zero Trust, Zscaler, and driving meaningful transformation, we’d love to connect.

📌 Please ensure your resume highlights relevant experience with Zscaler (ZIA/ZPA), Zero Trust architecture, DIA-first design, and secure access implementations.

Apply To This Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Experienced Data Entry Specialist – Health Insurance Operations – Remote Opportunity with Temp-to-Perm Conversion

Remote

Clinical Triage Nurse, Work From Home

Remote

Dishwasher - Flexible Hours and Weekly Pay!

Remote

Enterprise Sales Executive- Staffing

Remote

Key Account Manager UK (Paper Bags) (Weybridge, GB)

Remote

**Experienced Data Entry Freelance Operator – arenaflex**

Remote

Online Veterinary Medicine Educator - Part-time

Remote

HR Business Partner (DFW area)

Remote

Client Support Representative, Fintech

Remote

**Experienced Full Stack Data Entry Specialist – E-commerce Operations and Customer Service Support**

Remote
← Back