
Principal ZTNA Network Engineer – Employee Remote Access
Posted 14 hours ago

Posted 14 hours ago
This is a fully remote position, open to applicants in North Carolina.
• Lead the design and execution of ZTNA solutions (Zscaler ZPA/ZIA, ZVPN) to replace outdated VPN technologies.
• Participate in required on-call rotation.
• Define and implement modern Zero Trust architecture patterns, including application-level segmentation and identity-based access.
• Facilitate the decommissioning of legacy VPNs and transition to ZTNA platforms.
• Create and execute engineering roadmaps that align with the enterprise remote access strategy.
• Collaborate with security, infrastructure, and business units to ensure a coordinated rollout and adoption process.
• Document architecture, operational models, and implementation standards.
• Evaluate emerging ZTNA and secure access technologies, providing data-driven recommendations.
• Lead pilots and phased deployments, including testing, validation, and performance benchmarking.
• Serve as a Tier-3 escalation lead for complex remote access and connectivity challenges.
• Ensure high availability and resilience of remote access infrastructure in a 24x7 global environment.
• Assess and mitigate risks associated with latency, scale, and user experience during migrations.
• 6–10 years of experience in network/security engineering, including 4+ years focused on ZTNA or remote access transformations.
• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Hands-on experience with Zscaler (ZPA/ZIA) or similar Zero Trust platforms.
• Proven track record of migrating legacy VPNs to Zero Trust, cloud-delivered access solutions.
• In-depth expertise in ZTNA design, implementation, and Zero Trust principles (least privilege, continuous verification, no implicit trust).
• Experience in designing application segmentation and identity-based access policies.
• Strong understanding of traffic steering, split tunneling, and secure access routing (ZVPN architectures).
• Experience with load balancing, gateways, and access control layers.
• Advanced troubleshooting skills across network layers (L3–L7).
• Familiarity with hybrid environments (on-prem, cloud, SaaS).
• Ability to optimize latency, performance, and user experience in ZTNA environments.
• Experience with high availability, disaster recovery, and failover strategies in global, always-on settings.
• Proficient with network automation tools (Python, Ansible, APIs).
• Familiarity with endpoint management and deployment tools (Intune, SCCM).
• Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access.
• Knowledge of PKI, certificates, and modern authentication methods.
• Experience integrating with SIEM, EDR, and security monitoring platforms.
• Strong ownership mindset with a focus on execution and delivery.
• Ability to excel in fast-paced, ambiguous environments with competing priorities.
• Excellent communication skills across technical and business stakeholders.
• Proven ability to lead incident response and drive resolution under pressure.
• Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP (or equivalent), ITIL Foundation.
• N/A
Netrix Global
DKSH Portugal, Unipessoal, Lda.
NetCraftsmen, now BlueAlly
Evry Health
Get handpicked remote jobs straight to your inbox weekly.