We are seeking a Principal Consultant, Zscaler ZIA/ZPA and Zero Trust Architecture to lead the design and implementation of modern Zero Trust architectures, with a focus on Zscaler (ZIA/ZPA) and secure access transformation. This role is ideal for a hands-on technical leader who can translate strategy into scalable, real-world solutions—driving DIA-first architectures, eliminating legacy network assumptions, and delivering identity-driven access for enterprise clients in regulated environments.
\n
Responsibilities
Key Responsibilities
Architecture & Solution Design
Design and deliver end-to-end Zero Trust architectures leveraging ZTNA (ZPA), ZIA, and SSE/SASE frameworks
Architect DIA-first strategies that eliminate centralized egress and legacy network dependencies
Ensure all access decisions are based on identity, device posture, and context, not network location
Lead the transition away from VPN and MPLS to modern secure access models
Hands-On Implementation & Build
Lead full lifecycle Zscaler implementations across enterprise environments
Configure and optimize ZIA traffic forwarding and ZPA segmentation
Design, implement, and continuously refine ZIA policies including URL filtering, SSL inspection, CASB, and DLP
Troubleshoot complex issues across TLS, DNS, proxy, and application layers
Optimize for performance, security, and operational scalability
SD-WAN & Network Integration
Integrate Zscaler with leading SD-WAN platforms
Implement DIA-based traffic steering using GRE/IPsec tunnels
Eliminate assumptions of trusted networks and legacy routing models
Technical Leadership
Serve as a hands-on technical leader across design and delivery
Establish reusable architecture patterns, standards, and best practices
Mentor engineers and elevate client technical capabilities
Client Engagement
Act as a trusted advisor on Zero Trust transformation and secure access strategy
Lead technical discovery, solution validation, and stakeholder alignment
Clearly communicate architectural shifts and business impact
Compliance & Risk Alignment
Align solutions with frameworks such as NIST, NERC-CIP, and ISO
Ensure designs are audit-ready, secure, and compliant with regulatory requirements
Qualifications
Work Authorization: Must be legally authorized to work in the United States without employer sponsorship
Location Requirement: Must be a resident of the continental United States
8–12+ years of experience in network security, Zero Trust, or secure access architecture roles
Deep expertise in Zscaler (ZIA & ZPA), including policy design, optimization, and troubleshooting
Strong experience designing and implementing Zero Trust Network Access (ZTNA) and SSE/SASE architectures
Proven experience building DIA-first architectures and eliminating VPN/MPLS-based designs
Strong knowledge of networking fundamentals including DNS, TLS, proxy architectures, and traffic flow design
Experience integrating Zscaler with SD-WAN platforms and implementing GRE/IPsec tunnels
Solid understanding of identity providers such as Entra ID (Azure AD) or Okta, including conditional access and device posture
Experience with security policy frameworks including URL filtering, SSL inspection, CASB, and DLP
Familiarity with automation using APIs, Terraform, or similar tooling is a plus
Experience working in regulated industries (e.g., energy, utilities, finance, healthcare) preferred
Strong troubleshooting skills across network and application layers
Excellent communication skills with experience engaging both technical teams and business stakeholders
Demonstrated ability to operate as a hands-on builder across both architecture and implementation
Nice to Haves
Experience with identity providers such as Entra ID (Azure AD) or Okta in Zero Trust architectures
Familiarity with endpoint management and device posture enforcement (e.g., Intune, CrowdStrike)
Experience with automation using Terraform, APIs, or infrastructure-as-code for Zscaler deployments
Exposure to enterprise compliance frameworks such as NIST, NERC-CIP, or ISO, and collaboration with SOC/SIEM teams
Knowledge of SIEM platforms (e.g., QRadar, Splunk) and integrating Zscaler logs for visibility and response
Experience integrating third-party security tools into SSE/SASE ecosystems
Familiarity with cloud security architectures across Azure, AWS, or GCP
Exposure to performance monitoring and user experience optimization within secure access environments
Experience supporting large-scale enterprise transformations from legacy network models to Zero Trust
\n$150 - $300 a year
Compensation
W2 Employment: $150-300k annually with full benefits, including:
401(k) with employer matching 6%
Health, dental, and vision insurance
Paid time off
Life insurance
\nAt DevAltus, we’re a boutique consultancy focused on modern cybersecurity, Zero Trust architecture, and secure access transformation. As a Principal Consultant – Zero Trust, ZTNA & Secure Access (Zscaler), you will lead the design and delivery of identity-driven, cloud-enforced architectures that replace legacy network models and enable secure, scalable access for enterprise clients.
We’re looking for builders—leaders who thrive in both architecture and hands-on implementation, who can navigate complexity, challenge outdated assumptions, and deliver real-world outcomes. If you’re passionate about Zero Trust, Zscaler, and driving meaningful transformation, we’d love to connect.
📌 Please ensure your resume highlights relevant experience with Zscaler (ZIA/ZPA), Zero Trust architecture, DIA-first design, and secure access implementations.