IT Security (Zscaler) Engineer

Preference is to hire an IT Security Engineer living in the Houston, TX Metro area for this role; however, we want to hire the strongest qualified candidate available, so we are considering individuals living outside the Houston Metro area, for this important role.*

Due to exposure to sensitive and privileged company data, this position requires a US Permanent Resident (Green Card), or a US Citizen work status

This is a fulltime, hybrid / WFH position, with an opportunity for 100% remote work; if living outside the Houston area.

If you reside in the Houston Metro - the schedule is 2 days / week at our Corp HQ, located in North Houston. If you live outside the Houston, TX Metro area, then the position will be 100% remote work

IS&T is helping the Director of IT Security / CISO for a Power Generation / Infrastructure firm find an IT Security / Zscaler Engineer for a fulltime / direct hire position.

Preferred skills we seek include Zscaler design, engineering, complex configuration (proper optimization of ZENs, etc.), and demonstrated successful deployment expereince.

highlights of advanced skills for this role :

• Zscaler design / architecture, and engineering
• deep understanding of Zscaler capabilities
• Proficiency in ZIA, ZPA configurations
• Complex configurations (ZENs, local internet breakouts, traffic routing, etc.)
• ZENs; local internet breakout optimization
• Experience with SSL / TLS inspection, cloud firewall, DLP, and sandboxing
• Strong grasp of IAM principles - including SSO, MFA, and RBAC
• Security Policy design and management - internet and application access, etc.
• performance and scalability planning (traffic loads, M&A's, etc.)
• Demonstrated successful deployment of Zscaler, into production
• Post deployment Zscaler Engineering optimization and performance
• deep understanding of enterprise network architecture - WAN, VPN, and hybrid cloud
• Traffic Routing, split tunneling, capacity planning, load balancing, redundancy / failover, business critical application performance, troubleshooting & resolution, and training
• Compliance & Data privacy
• Integration of Zscaler with other enterprise solutions such as Splunk, endpoint protection, CASB
• Ensure seamless interoperability with our network appliances and cloud services
• Experience with Zscaler analytics and reporting capabilities

Notes from a detailed Teams call with the Dir of Information Security & Hiring Manager :

Quote,

I’ve now been in CISO role for about 2 1 / 2 years, as of June 2024 - we are now ready to bring in new blood; grow and upgrade skills / attract A-players to our team

Our work schedule is hybrid 2 days in the office, located at our North Loop Headquarters. If you live outside the Houston metro area, this role will allow for 100% remote work.

We are looking for the best Zscaler & IT Security Engineer we can find to join our team

We need a Zscaler ninja

We run a complex corporate structure consisting of 30,000 fulltime employees; 15,000 additional contract employees, supporting 100 daughter companies, which feed into our parent Corporate HQ, all with a centralized IT Security / Cyber Security posture and tool / environment.

This IT Security / Zscaler Engineer will take extreme ownership of the product."

We want a person who's going to tell us the truth about our Zscaler deployment / instance. We want them to tell us, Your Zscaler baby (deployment) is ugly - and this is why.

and this is how we fix it

We are looking for a true Zscaler Engineer to right the ship...

We have top level Zscaler Premium Support Contract in place, to assist as needed; but we want a true Security Engineer to completely own, steady, then bring Zscaler to peak performance this includes integration, config’s (ZEN’s, local breakouts, etc.

SSL / TLS, Application and traffic optimization, etc, etc.

To put a finer point on it : Zscaler truth about scaler; ugly install and why; recommend a re-design / do it differently, and why..."

Finally - we want to find a Security Engineer with well developed people / EQ skills & awareness; and will take into consideration the Sec Engineering Manager’s input - who this person will report to - not as an end all be all;

but to impart understanding of knowledge gained in our IT Security ecosystem. Our Sec Eng Manager has been with us as a Sec Engineer & now as a Manager, since the inception of our Security Team / Dept, and tool stack’s implementation Ultimately, this Security Engineer will have final say / will make the call on Zscaler."

Interview process :

First interview will be a Teams call with me (CISO); then a 2nd Teams call with key players on our Security Team - Security Architect, Security Eng Manager, etc.

If a key person cant make the team interview, we may set up a one on one. There will be a final IT Mgt panel; this is more of a formality;

when the candidate makes it to this stage, an offer is very likely...

Formal JD

Notes :

• for a highly qualified Security Engineer, role has been approved as full remote / 100% - anywhere in United States*
• only A players (top talent) - tenure, skills
• preferred - programming / scripting skills (PowerShell, Python, etc.), CISSP, GCIH, OSCP, etc.
• Web Proxy (ForcePoint, Zscaler), EDR (Carbon Black, CrowdStrike, SentinelOne), NDR, PAM (Thycotic, CyberArk, ByondTrust)
• NGFW and intrusion detection / prevention solutions (Palo Alto, Cisco FTD), Vulnerability Managements Solutions (Qualys, Tenable)
• Scripting Languages such as Python and PowerShell; Security Information and Event Management (SIEM) & a deep understanding of the Cyber Kill-Chain and MITRE ATT&CK frameworks

formal job description

The IT Security Engineer will help design, implement, and maintain different security solutions to mitigate cyber threats within the organization network.

On a daily basis, will ferret out the weaknesses of the company’s infrastructure and find creative ways to protect it.

SCOPE - Enterprise

Essential / Non-essential Job Functions

Establishes plans and protocols to protect information systems against unauthorized access, modification and / or destruction.

Ensuring that the organization’s data and infrastructure are protected by enabling the appropriate security controls

Troubleshoot security tools related issues.

Analyze new threats and vulnerabilities and suggest the appropriate remediation.

Performs vulnerability scans, risk analyses and security assessments.

Conducts internal and external security audits.

Anticipates security alerts, incidents and disasters and reduces their likelihood.

Manages network, intrusion detection and prevention systems.

Analyzes security breaches to determine their root causes

Adheres to internal standards, policies, and procedures.

Performs other duties as assigned.

Required Education And Experience

EDUCATION AND EXPERIENCE REQUIREMENTS

Bachelor’s degree in Computer Science or the equivalent (e.g. Math, Electrical Engineering, Cyber Security, etc.) and 6+ years of IT experience (3+ years of Cyber Security experience)

Preferred Education and Experience

Web Proxy (ForcePoint, Zscaler), EDR (Carbon Black, CrowdStrike, SentinelOne), NDR, PAM (Thycotic, CyberArk, ByondTrust)

NGFW and intrusion detection / prevention solutions (Palo Alto, Cisco FTD)

Vulnerability Managements Solutions (Qualys, Tenable)

Scripting Languages such as Python and PowerShell

Security Information and Event Management (SIEM)

Deep understanding of the Cyber Kill-Chain and MITRE ATT&CK frameworks.

LICENSES / CERTIFICATIONS

CISSP, OSCP, OSCE, GCIH, GPEN, GXPN, CCNP Security, would be desirable certifications though other comparable certifications and experience will be considered.

Supervisory Responsibilities

Supervises others No

Has hiring and terminating responsibilities No

Number of employees report to this job 0

Subordinate Supervisory Employees, 0 Non-Supervisory Employees

Budgetary Responsibilities

Direct amount $ 0 (No; however all team members provide input into the annual planning process and tool evaluation / selections.)

Indirect amount $ 0

Travel Requirements

Travels Yes, possibility of light travel.

Percent of time Less than 10% - 15% of time and only to assist subsidiaries in solution deployments; or critical IT Security events.

Knowledge / Skills / Abilities

Language Skills English, Intermediate level of knowledge

Mathematical Skills Intermediate level of knowledge

Computer Skills Intermediate - advanced level of knowledge

IDS / IPS, penetration and vulnerability testing

TCP / IP, computer networking, routing and switching

Windows, UNIX and Linux operating systems

Cloud computing

COMPETENCIES

Self-starter who is able to work independently while supporting the needs of the team.

Excellent oral and written communication skills.

Strong decision-making skills.

Strong critical thinking skills.

Strong problem solving skills.