ZScaler Firewall Management Engineer (L3) at Xurpas

We are seeking a highly skilled Senior Zscaler Firewall Management Engineer (L3) with strong expertise in cloud security, firewall operations, and secure access technologies. The ideal candidate will be responsible for managing, troubleshooting, and optimizing enterprise firewall and Zscaler environments, ensuring secure connectivity, threat protection, and operational stability across the organization.

Configure, manage, and support advanced Zscaler environments, including ZIA and ZPA solutions.
Manage and troubleshoot GRE and IPsec tunnels, including latency issues, tunnel failures, and connectivity problems.
Implement and maintain Zscaler Private Access (ZPA) policies and advanced access control configurations.
Configure traffic forwarding policies and SSL inspection settings to secure enterprise traffic.
Support firewall management operations, including Layer 7 traffic analysis, policy management, and threat intelligence integration.
Implement deception technology solutions for threat hunting, malware detection, and containment.
Integrate ZPA with Identity Providers (IdPs) and manage user- and role-based access controls.
Perform SIEM integrations by forwarding logs from ZIA/ZPA to platforms such as Splunk and Microsoft Sentinel for monitoring and incident response.
Conduct root cause analysis and provide resolution for complex network and security incidents.
Evaluate and contribute to enterprise security architecture and cloud security best practices.
Collaborate with cross-functional teams and communicate technical solutions effectively to stakeholders and leadership.
Prepare and present security findings, operational reports, and recommendations to technical and non-technical audiences.

Minimum of 4+ years of experience with advanced Zscaler configurations and firewall management operations.
Expertise in GRE and IPsec tunnel management, including troubleshooting latency and tunnel failures
Proficiency with Zscaler Private Access (ZPA) policies and advanced access control rules
Experience with deception technology implementation using Zscaler for threat hunting and malware containment
Hands-on with traffic forwarding policies and SSL inspection configurations
Advanced skills in cloud firewall capabilities, including layer 7 traffic analysis and threat intelligence feeds
Strong understanding of user and role-based access management integrated with ZPA and identity providers (IdPs)
SIEM integration expertise, forwarding logs from ZIA/ZPA to Splunk or Azure Sentinel for monitoring and incident response
Ability to perform root cause analysis and evaluate security architecture
Has good communication skills to clearly convey technical details to executives, collaborate effectively with cross-functional teams, and present security reports.
Willing to work night shift
Amenable to hybrid 1x week onsite