Zero Trust Security Analyst - Hybrid

About The Position

Requirements

• Strong understanding of network security fundamentals (firewalls, zones, L4/L7 rules).
• Experience analyzing enterprise firewall rule-bases (Palo Alto or similar).
• Familiarity with identity-based access controls (AD groups, Entra ID groups, RBAC).
• Ability to read and interpret complex security configurations and translate them into actionable requirements.
• Experience documenting security findings in a clear, structured manner.
• Candidates must be legally authorized to work in the United States.
• Must complete the Employment Eligibility Verification Form I-9 and provide documentation that establishes identity and authorization to work.
• E-Verify will be used for employment verification as part of your onboarding process.
• Candidates will be asked to provide documentation confirming employment history, education, and work authorization.

Nice To Haves

• Experience with Zero Trust Network Access (ZTNA) or user-based firewall policies.
• Exposure to IAM, IGA, or identity governance tooling.
• Familiarity with CMDB, application identifiers, and service onboarding workflows.
• Prior experience supporting audits or security assessments.

Responsibilities

• Analyze existing network security rules, firewall policies, address groups, and user/group-based access controls to determine Zero Trust applicability and reuse.
• Review current identity sources (AD, Entra ID, IGA, RBAC structures) to identify reusable groupings or role models for Zero Trust enforcement.
• Assess application access patterns (web, console, database, API, internal services) to understand required network paths and trust boundaries.
• Identify gaps, overlaps, and overly permissive rules that must be remediated to align with Zero Trust principles.
• Determine whether existing firewall rules, user groups, and address objects can be leveraged or must be redesigned for Zero Trust enforcement.
• Document required net new security objects, including user groups, address groups, application definitions, and metadata dependencies.
• Support application onboarding by validating that proposed Zero Trust rules meet least privilege access requirements.
• Produce clear analysis artifacts that define: What exists today, What can be reused, What must be created new.
• Provide structured inputs to Zero Trust Engineers for rule implementation and firewall request packages.
• Maintain traceability between application identifiers, security objects, and Zero Trust policies for audit and compliance purposes.

Benefits

• CC Pace is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.