Zscaler Architect - Remote

High-impact role responsible for stabilizing and optimizing a complex Zscaler environment. Opportunity to operate as both architect and escalation authority, with influence over design, operations, and team direction.

Policy configuration (URL filtering, SSL inspection)

App Connectors (ZPA)

Traffic forwarding (PAC files, tunnels)

Zscaler Admin Portal and log analysis

Disqualifier: Limited exposure or experience with only one Zscaler module.

2. Advanced Troubleshooting (L3 Level)

Proven ability to resolve complex, non-standard issues

Root cause analysis across:

DNS

Authentication / SSO

Network routing and tunnels

Application access

Deep log analysis experience

Key signal: Clear examples of independently resolving high-impact issues.

3. Networking Fundamentals

Strong knowledge of:

IPSec and GRE tunnels (configuration + troubleshooting)

PAC files and proxy behavior

DNS and routing

Disqualifier: Weak networking background.

4. Security Architecture (Zero Trust)

Understanding of:

Zero Trust architecture

Secure Web Gateway (SWG)

Experience integrating with identity providers such as:

Azure Active Directory

CyberArk

5. L3 Escalation Ownership

Experience as a final escalation point

Ownership of outages and critical incidents

Background in 24/7 production environments

Disqualifier: Candidates who primarily escalate issues upward.

6. Leadership / Communication

Mentoring L1/L2 engineers

Leading technical discussions

Building documentation, runbooks, and processes

Preferred

Zscaler certifications (ZCP, ZDTA, ZDTE, ZDXA)

Experience with Palo Alto, Cisco

Network security architecture background

Profiles to Avoid

L1/L2 support-only candidates

General network engineers without deep Zscaler experience

Candidates lacking hands-on troubleshooting depth, Senior Zscaler expert (ZIA/ZPA/ZDX) with strong networking and troubleshooting skills, capable of owning L3 escalations, designing solutions, and leading support teams.

IMPORTANT SOFT SKILLS:

Top candidates will demonstrate:

Strong ownership

Clear, structured communication

Proven leadership in high-pressure situations, Candidates should show hands-on experience across all four areas, not just one silo.

Nice-to-haves signal depth and versatility, but should never outweigh:

Core Zscaler expertise

Strong troubleshooting ability

Solid networking foundation

If a candidate has 2-3 of these in addition to the core requirements, they're typically a strong contender., Hands-on Zscaler experience

Proven L3 troubleshooting ability

Real-world architecture and escalation ownership

Preferred (Nice-to-Have)

Zscaler certifications are highly valued and can help differentiate candidates:

ZCP (Zscaler Certified Professional), Prioritize hands-on Zscaler expertise and L3 experience over credentials

Strong candidates will typically have experience that aligns with these certifications-even if they don't formally hold them.

*experience weighs more than certifications

Target candidates with:

8-12+ years total experience

At least several years of deep, hands-on Zscaler work

Proven experience operating at an L3 or architect level

Less experienced candidates (even if strong technically) will likely struggle in this role due to the level of ownership and complexity.

*experience weighs more than certifications

This is a lead-level technical role within a support function.

It sits in production support / operations

But operates at the highest escalation tier (L3)

Also includes architect-level responsibilities

Type: Support-based (L3)

Level: Lead / Architect

Management: No direct reports, but strong technical leadership responsibilities

The onboarding focuses on understanding the existing environment and processes quickly, with the expectation that the candidate already brings deep Zscaler and networking expertise and can begin contributing at a high level within the first few weeks.