Position Summary
Zscaler Network Security Engineer / Senior Consultant, Strategy, Growth, and Transformation
Deloitte’s Cyber business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients.
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
As a Senior Consultant, Strategy, Growth, and Transformation, you will help clients modernize network security through cloud-delivered zero trust architectures. This role supports the design, deployment, and optimization of Zscaler capabilities across complex enterprise environments, helping organizations strengthen security posture, improve user access experiences, and enable secure transformation across on-premises and cloud ecosystems.
Recruiting for this role ends on 12/31/2026.
Work you'll do
As a Senior Consultant, Strategy, Growth, and Transformation on the Cyber Enterprise Security team, you will be responsible for…
- Designing, deploying, and managing Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) capabilities across enterprise client environments
- Supporting zero trust network access (ZTNA) transformations, including replacement of legacy virtual private network (VPN) infrastructure and modernization of access controls
- Configuring and optimizing Zscaler security features, including policy administration, SSL/TLS inspection, advanced threat protection, data loss prevention, and cloud-based traffic inspection
- Implementing branch, cloud, and application connector architectures across on-premises and cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
- Developing technical deliverables, solution designs, and client-facing recommendations aligned to enterprise security, network transformation, and operational requirements
A successful candidate would possess these skills:
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
The team
Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client’s technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.
Qualifications
Required Qualifications
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)
- Zscaler Digital Transformation Engineer (ZDTE) certification required
- 5+ years of progressively responsible experience in network security engineering
- 5+ years of hands-on experience designing, deploying, and managing Zscaler Internet Access (ZIA), including web filtering, DNS security, cloud firewall, bandwidth controls, and advanced threat protection policies in enterprise-scale environments
- 5+ years of hands-on experience designing, deploying, and managing Zscaler Private Access (ZPA), including application segment configuration, access policies, connector deployment, and zero trust network access (ZTNA) architectures replacing legacy VPN infrastructure
- 1+ years of experience designing, deploying, and managing Zscaler Branch Connector, and configuring BGP/static routing configurations and network segmentation, replacing traditional SD-WAN platforms (e.g., Cisco, VMware, Aruba)
- 1+ years of experience designing, deploying, and managing Zscaler Cloud Connector, including deployment within cloud environments (AWS, Azure, and/or GCP), workload-to-internet and workload-to-workload traffic inspection, and integration with cloud-native networking constructs (e.g., VPCs, VNets, Transit Gateways)
- 3+ years of experience configuring and tuning Zscaler advanced security features, including Cloud Sandboxing, Advanced Threat Protection (ATP), Intrusion Prevention (IPS), Cloud Browser Isolation (CBI), and Data Loss Prevention (DLP) policies
- 3+ years of experience implementing and troubleshooting SSL/TLS inspection within ZIA, including certificate management, decryption policy design, bypass rules, and handling of certificate-pinned applications
- 1+ years of experience with Zscaler AI-powered capabilities, including AI-driven policy recommendations, Digital Experience Monitoring (ZDX), and leveraging Zscaler's AI/ML-based threat intelligence for automated threat response
- 3+ years of hands-on experience defining, managing, and reviewing Zscaler security policies, including rule base optimization, policy lifecycle management, access reviews, and role-based access controls within the Zscaler Admin Portal
- Experience implementing ZIdentity for centralize identity management.
- 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) to deploy ZPA App Connectors within cloud-native architectures.
- 3+ years of experience deploying Zscaler Cloud Connector.
- Experience integrating Zscaler with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows
- Experience with Zscaler APIs and automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows
- Experience designing and presenting Zscaler solution architectures tailored to client requirements, translating technical concepts for executive and non-technical stakeholders
- Familiarity with identity provider integrations (e.g., Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within ZIA and ZPA deployments
- Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve
- Limited immigration sponsorship may be available
Preferred Qualifications
- Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (e.g., GPEN, GCSA)
- Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on specific use cases and requirements (e.g., Zscaler vs. Palo Alto Prisma vs. Netskope)
- Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks
- Previous consulting or "Big 4" experience, with a track record of delivering enterprise network security or SASE transformation engagements
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas, and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.