Zero Trust Security Analyst

About The Position

Requirements

• Strong understanding of network security fundamentals (firewalls, zones, L4/L7 rules).
• Experience analyzing enterprise firewall rule-bases (Palo Alto or similar).
• Familiarity with identity-based access controls (AD groups, Entra ID groups, RBAC).
• Ability to read and interpret complex security configurations and translate them into actionable requirements.
• Experience documenting security findings in a clear, structured manner.
• Experience with Zero Trust Network Access (ZTNA) or user-based firewall policies.
• Exposure to IAM, IGA, or identity governance tooling.
• Familiarity with CMDB, application identifiers, and service onboarding workflows.
• Prior experience supporting audits or security assessments.

Nice To Haves

• Minimal re work due to accurate upfront analysis.
• Clear reuse of existing controls where appropriate.
• Well defined, least privilege Zero Trust requirements handed to engineering teams.

Responsibilities

• Analyze existing network security rules, firewall policies, address groups, and user/group-based access controls to determine Zero Trust applicability and reuse.
• Review current identity sources (AD, Entra ID, IGA, RBAC structures) to identify reusable groupings or role models for Zero Trust enforcement.
• Assess application access patterns (web, console, database, API, internal services) to understand required network paths and trust boundaries.
• Identify gaps, overlaps, and overly permissive rules that must be remediated to align with Zero Trust principles.
• Determine whether existing firewall rules, user groups, and address objects can be leveraged or must be redesigned for Zero Trust enforcement.
• Document required net new security objects, including user groups, address groups, application definitions, and metadata dependencies.
• Support application onboarding by validating that proposed Zero Trust rules meet least privilege access requirements.
• Produce clear analysis artifacts that define: What exists today, What can be reused, What must be created new.
• Provide structured inputs to Zero Trust Engineers for rule implementation and firewall request packages.
• Maintain traceability between application identifiers, security objects, and Zero Trust policies for audit and compliance purposes.
• Perform other duties as assigned

Benefits

• Comprehensive Medical, Dental, and Vision Insurance
• Employer-Paid Life Insurance
• Employer-Paid Short-Term and Long-Term Disability Insurance
• 401(k)
• Paid Time Off (PTO) that includes Vacation Leave, Sick Leave, and 11 Paid Holidays
• Educational Assistance