Staff Information Security Engineer (Vulnerability Management)

About Zscaler Zscaler accelerates digital transformation so our customers can be more agile, efficient, resilient, and secure. Our cloud native Zero Trust Exchange platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Here, impact in your role matters more than title and trust is built on results. We believe in transparency and value constructive, honest debate —we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership and accountability. We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges and want to make a positive difference on a global scale, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity. Zscaler is expanding its U.S. Federal operations to support customers across multiple government departments. We are looking for a Staff Information Security Engineer who will report to the Senior Manager of Information Security Engineering to operate as a vulnerability management engineer inside the U.S. Federal IL6 (SCIF) environment. This is a fully onsite role based in the Crystal City / Arlington, VA area. The position operates strictly within a U.S. SCIF environment, requiring autonomy and adherence to one-way diode transfer protocols with no access to external networks or corporate systems. What you’ll do (Role Expectations) Designing and running authenticated/unauthenticated network and host scanning using IL6-approved tools in air-gapped environments (e.g., Tenable.sc / Nessus Manager or similar) Building Python/Go/PowerShell automations for scan orchestration, asset onboarding, policy tuning, and diode-ready reporting formats Driving collaboration with IL6 service owners to eliminate exploitable risks and manage patch/hardening campaigns Producing weekly and monthly reporting aligned to IL6 program cadence and diode data transfer policies Maintaining documentation, including runbooks, SOPs, exception governance, and change control processes within the SCIF Who You Are (Success Profile) You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful. You are a problem-solver. You seek out challenges because you are energized by finding solutions, knowing that solving the hard problems delivers the biggest impact. You are a learner. You have a true growth mindset and never stop developing yourself, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose. You operate with urgency. You understand that in a high-growth environment, speed and quality are not mutually exclusive. You have a relentless focus on execution and a bias for action, delivering high-impact results quickly to win for the customer and the team. You lead with integrity. You do the right thing, even when it’s hard. You hold yourself and others to a high standard of accountability and build trust by matching your words with consistent, transparent action.