Senior Zscaler Engineer

ECS Tech IncWashington, DC
$180,000 - $200,000Onsite

About The Position

Cybersecurity professional responsible for designing, deploying, and managing cloud-based network security solutions, specifically focusing on Secure Access Service Edge (SASE) and Zero Trust architectures. They ensure secure, high-performance application access and traffic routing for enterprise users.

Requirements

  • Active DoD Top Secret clearance with SCI eligibility and ability to obtain/maintain a CI polygraph.
  • Bachelor’s degree in Cybersecurity or IT
  • 3+ years of technical experience in enterprise IT environments.
  • Deep hands-on experience with ZIA/ZPA, often validated by certifications like Zscaler Certified Administrator (ZCA) or Zscaler Certified Security Engineer (ZCSE).
  • Strong grasp of TCP/IP, DNS, HTTP/S, routing, VPNs, and firewalls.
  • Familiarity with Zero Trust principles, cloud-native security, and Secure Access Service Edge.
  • Ability to write scripts (e.g., Python, PowerShell, Bash) to automate routine tasks and API integrations.
  • Strong desire for understanding of Zero Trust principles and Microsoft Entra architecture
  • Proficiency with EntraID, Microsoft Graph API, and PowerShell for identity management tasks.
  • Enterprise application registrations, Conditional Access & Security

Nice To Haves

  • Zscaler Certified Administrator (ZCA)
  • Zscaler Certified Security Engineer (ZCSE)
  • Familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, M-22-09, M-26-14 and FICAM architectures.
  • Microsoft Entra architecture

Responsibilities

  • Deploy and optimize Zscaler core services—primarily ZIA (Zscaler Internet Access), ZPA (Zscaler Private Access), and ZDX (Zscaler Digital Experience).
  • Define security policies for threat protection, URL filtering, SSL inspection, and data loss prevention (DLP).
  • Create and maintain Proxy Auto-Configuration (PAC) files and manage application profiles for efficient routing.
  • Synchronize directories and manage integrations using SAML and SCIM with tools like Microsoft Azure AD.
  • Act as the top escalation point for connectivity, authentication, performance, and application access issues.
  • Lead hands-on configuration, integration, troubleshooting, and sustainment of ICAM platforms with familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, M-22-09, M-26-14 and FICAM architectures.
  • Set up Conditional Access policies, Secure Score, Compliance Score, and integrate with Microsoft Defender for Identity and Cloud Apps.
  • Configure and integrate SAML 2.0, OIDC, OAuth 2.0, SCIM, REST APIs, PKI, CAC/PIV, SCEP, MFA, and passwordless authentication technologies.
  • Support integration of ICAM services across cloud, enterprise, hybrid, and multi-domain mission environments including Cloud Service Providers (CSP), Azure, AWS, IL5/IL6, and classified systems where applicable.
  • Support integration of ICAM services across SaaS services in the cloud, enterprise, hybrid, and multi-domain mission environments with focus on Zscaler integrations.
  • Integrate Entra ID with SaaS apps, on-premises systems, and Azure services; automate provisioning and access reviews.

Benefits

  • General Description of Benefits [https://ecstech.com/careers/benefits]
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service