Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture

We are seeking a Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture to lead the design and implementation of modern Zero Trust architectures, with a focus on Zscaler (ZIA/ZPA) and secure access transformation. This role is ideal for a hands-on technical leader who can translate strategy into scalable, real-world solutions—driving DIA-first architectures, eliminating legacy network assumptions, and delivering identity-driven access for enterprise clients in regulated environments. \n

Responsibilities

Key Responsibilities Architecture & Solution Design Design and deliver end-to-end Zero Trust architectures leveraging ZTNA (ZPA), ZIA, and SSE/SASE frameworks Architect DIA-first strategies that eliminate centralized egress and legacy network dependencies Ensure all access decisions are based on identity, device posture, and context, not network location Lead the transition away from VPN and MPLS to modern secure access models Hands-On Implementation & Build Lead full lifecycle Zscaler implementations across enterprise environments Configure and optimize ZIA traffic forwarding and ZPA segmentation Design, implement, and continuously refine ZIA policies including URL filtering, SSL inspection, CASB, and DLP Troubleshoot complex issues across TLS, DNS, proxy, and application layers Optimize for performance, security, and operational scalability SD-WAN & Network Integration Integrate Zscaler with leading SD-WAN platforms Implement DIA-based traffic steering using GRE/IPsec tunnels Eliminate assumptions of trusted networks and legacy routing models Technical Leadership Serve as a hands-on technical leader across design and delivery Establish reusable architecture patterns, standards, and best practices Mentor engineers and elevate client technical capabilities Client Engagement Act as a trusted advisor on Zero Trust transformation and secure access strategy Lead technical discovery, solution validation, and stakeholder alignment Clearly communicate architectural shifts and business impact Compliance & Risk Alignment Align solutions with frameworks such as NIST, NERC-CIP, and ISO Ensure designs are audit-ready, secure, and compliant with regulatory requirements

Qualifications

Work Authorization: Must be legally authorized to work in the United States without employer sponsorship Location Requirement: Must be a resident of the continental United States 8–12+ years of experience in network security, Zero Trust, or secure access architecture roles Deep expertise in Zscaler (ZIA & ZPA), including policy design, optimization, and troubleshooting Strong experience designing and implementing Zero Trust Network Access (ZTNA) and SSE/SASE architectures Proven experience building DIA-first architectures and eliminating VPN/MPLS-based designs Strong knowledge of networking fundamentals including DNS, TLS, proxy architectures, and traffic flow design Experience integrating Zscaler with SD-WAN platforms and implementing GRE/IPsec tunnels Solid understanding of identity providers such as Entra ID (Azure AD) or Okta, including conditional access and device posture Experience with security policy frameworks including URL filtering, SSL inspection, CASB, and DLP Familiarity with automation using APIs, Terraform, or similar tooling is a plus Experience working in regulated industries (e.g., energy, utilities, finance, healthcare) preferred Strong troubleshooting skills across network and application layers Excellent communication skills with experience engaging both technical teams and business stakeholders Demonstrated ability to operate as a hands-on builder across both architecture and implementation Nice to Haves Experience with identity providers such as Entra ID (Azure AD) or Okta in Zero Trust architectures Familiarity with endpoint management and device posture enforcement (e.g., Intune, CrowdStrike) Experience with automation using Terraform, APIs, or infrastructure-as-code for Zscaler deployments Exposure to enterprise compliance frameworks such as NIST, NERC-CIP, or ISO, and collaboration with SOC/SIEM teams Knowledge of SIEM platforms (e.g., QRadar, Splunk) and integrating Zscaler logs for visibility and response Experience integrating third-party security tools into SSE/SASE ecosystems Familiarity with cloud security architectures across Azure, AWS, or GCP Exposure to performance monitoring and user experience optimization within secure access environments Experience supporting large-scale enterprise transformations from legacy network models to Zero Trust \n$150 - $300 a year

Compensation

W2 Employment: $150-300k annually with full benefits, including: 401(k) with employer matching 6% Health, dental, and vision insurance Paid time off Life insurance \nAt DevAltus, we’re a boutique consultancy focused on modern cybersecurity, Zero Trust architecture, and secure access transformation. As a Principal Consultant – Zero Trust, ZTNA & Secure Access (Zscaler), you will lead the design and delivery of identity-driven, cloud-enforced architectures that replace legacy network models and enable secure, scalable access for enterprise clients. We’re looking for builders—leaders who thrive in both architecture and hands-on implementation, who can navigate complexity, challenge outdated assumptions, and deliver real-world outcomes. If you’re passionate about Zero Trust, Zscaler, and driving meaningful transformation, we’d love to connect. 📌 Please ensure your resume highlights relevant experience with Zscaler (ZIA/ZPA), Zero Trust architecture, DIA-first design, and secure access implementations. Apply To This Job