Principal ZTNA Network Engineer - Employee Remote Access

Fmr LLC
Durham, United States of America
12 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Durham, United States of America

Tech stack

API
User Authentication
Software as a Service
Cloud Computing
Digital Architecture
Disaster Recovery
Failover
Virtual Private Networks (VPN)
Python
Network Layer
System Center Configuration Manager
Routing
Public Key Infrastructure
Remote Access Technology
Azure
Ansible
Zero Trust Network Access
Security Information and Event Management
Systems Integration
Alwayson
Enterprise Software Applications
Load Balancing
System Availability
HybridCloud
Microsoft InTune
Information Technology
Low Latency
Deployment Automation
Data Analytics
Open Network Automation Platform

Job description

We are seeking a Senior ZTNA (Zero Trust Network Access) Network Engineer to lead the engineering, deployment, and optimization of secure remote access solutions across the enterprise. This role will drive the transition from legacy VPN technologies to modern Zero Trust architectures, with a strong focus on Zscaler (ZPA/ZIA) and enterprise ZVPN initiatives. You will design and implement secure, scalable, and resilient access solutions that enable seamless, secure connectivity to enterprise applications while eliminating implicit trust. This includes architecting Zero Trust segmentation, application-level access controls, and robust connectivity strategies for a global workforce. Responsibilities will include:

  • Lead design and implementation of ZTNA solutions (Zscaler ZPA/ZIA, ZVPN) to replace legacy VPN technologies
  • On call required rotation
  • Define and deliver modern Zero Trust architecture patterns, including application-level segmentation and identity-based access
  • Drive legacy VPN decommissioning and migration to ZTNA platforms
  • Develop and execute engineering roadmaps aligned to enterprise remote access strategy
  • Partner with security, infrastructure, and business units to ensure coordinated rollout and adoption
  • Document architecture, operational models, and implementation standards
  • Evaluate emerging ZTNA and secure access technologies and provide data-driven recommendations
  • Lead pilots and phased deployments, including testing, validation, and performance benchmarking
  • Act as a Tier-3 escalation lead for complex remote access and connectivity issues
  • Ensure high availability and resilience of remote access infrastructure in a 24x7 global environment
  • Assess and mitigate risks related to latency, scale, and user experience during migrations, You will be part of the Enterprise Cloud, Infrastructure, and Operations (ECIO) organization, playing a central role in transforming the enterprise's remote access strategy from legacy VPN to Zero Trust. This is a high-visibility, high-impact team focused on ZVPN rollout and enterprise-wide adoption, legacy VPN decommissioning, and Zscaler-driven Zero Trust transformation.

The team operates in a global, 24x7 environment and partners closely with security, infrastructure, and business stakeholders. Together, you enable secure, seamless access to applications for a distributed workforce-reducing cyber risk, improving resilience, and supporting business continuity at scale.

Requirements

Do you have experience in Zero Trust security?, Do you have a Bachelor's degree?, * 6-10 years of network/security engineering experience, including 4+ years in ZTNA or remote access transformations

  • Bachelor's degree in Computer Science, Information Technology, or related field
  • Hands-on experience with Zscaler (ZPA/ZIA) or comparable Zero Trust platforms
  • Proven success migrating legacy VPNs to Zero Trust, cloud-delivered access solutions
  • Deep expertise in ZTNA design, implementation, and Zero Trust principles (least privilege, continuous verification, no implicit trust)
  • Experience designing application segmentation and identity-based access policies
  • Strong knowledge of traffic steering, split tunneling, and secure access routing (ZVPN architectures)
  • Experience with load balancing, gateways, and access control layers
  • Advanced troubleshooting across network layers (L3-L7)
  • Familiarity with hybrid environments (on-prem, cloud, SaaS)
  • Ability to optimize latency, performance, and user experience in ZTNA environments
  • Experience with high availability, disaster recovery, and failover strategies in global, always-on environments
  • Experience with network automation tools (Python, Ansible, APIs)
  • Familiarity with endpoint management and deployment tools (Intune, SCCM)
  • Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access
  • Knowledge of PKI, certificates, and modern authentication methods
  • Experience integrating with SIEM, EDR, and security monitoring platforms
  • Strong ownership mindset with a focus on execution and delivery
  • Ability to thrive in fast-paced, ambiguous environments with competing priorities
  • Excellent communication skills across technical and business stakeholders
  • Proven ability to lead incident response and drive resolution under pressure
  • Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP (or equivalent), ITIL Foundation

Apply for this position