Network Security Engineer

The Sr. Network Security Engineer (Zscaler Specialist) will be part of a global infrastructure organization responsible for designing, implementing, and delivering enterprise-grade secure access solution using cloud-delivered security, particularly Zscaler platform. This role will be instrumental in designing, implementing, and managing secure access solutions that protect enterprise users, applications, and data in a modern, cloud & on-prem environment. The engineer will work closely with architecture, security, operations, and vendors to ensure high-quality, scalable, and secure access.

The KOCH Technologies Infrastructure team provides reliable, flexible, and secure connectivity solutions that enable business solutions and perpetual transformation. We manage network and network security infrastructure, including wide area networking, local area networking, wireless, firewalls, datacenter networking, load balancing, endpoint security, and proxies. We provide enterprise infrastructure monitoring for IT components across the enterprise. We are currently focused on the following transformation strategies: talent, proactive management, process optimization and automation, security by design, and adopting a service focused organization.

This role can be based in Wichita, KS / Plano, TX / Atlanta, GA / Green Bay , WI and requires an in office presence with flexibility.

This role is not eligible for VISA sponsorship.

• Design, implement, and manage Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX) solutions in alignment with Zero Trust Architecture (ZTA) principles.
• Define and enforce Zero Trust policies based on user identity, device posture, application context, and risk signals.
• Architect least-privileged access models ensuring users are granted access only to specific applications-not entire networks.
• Implement and optimize application segmentation and user-to-app access policies using ZPA.
• Continuously evaluate and improve trust evaluation mechanisms, including device compliance, user behaviour, and session context.
• Deploy and optimize SSL/TLS inspection, secure web gateway policies, CASB controls, and DLP frameworks within ZIA as part of Zero Trust data protection strategy.
• Monitor user experience and performance using ZDX and troubleshoot connectivity or latency issues.
• Collaborate with network, security, and vendor teams to ensure seamless and secure connectivity.
• Perform log analysis, incident response, and threat mitigation using Zscaler logs and SIEM tools.
• Ensure compliance with security standards and best practices.
• Stay updated with evolving Zero Trust frameworks and industry best practices.
• Document architecture, configurations, and operational procedures.
• Contribute to automation and standardization efforts (Ansible, Terraform, APIs).
• Identify inefficiencies and drive process, quality, and documentation improvements.
• Participate in design reviews, quality checks, and peer mentoring.
• Work directly with internal customers, project managers, and global stakeholders.
• Coordinate with OEMs, and system integrators for implementation and issue resolution.
• Provide clear communication on project status, risks, and dependencies.
• Participate in on-call rotations as part of a global team, including availability for planned weekend or off hours work during major implementations or migrations.

• Demonstrated experience in an enterprise network security field.
• Hands-on experience with Zscaler ZIA and ZPA, proxy technologies, VPN alternatives and secure remote access
• Strong understanding of Zero Trust Network Access (ZTNA)
• Experience with TCP/IP, DNS HTTP/HTTPS, SSL/TLS inspection
• Experience with Firewall and routing concepts
• Exposure to cloud platforms such as AWS, Microsoft Azure, or Google Cloud Platform (GCP)
• Understanding of cloud security principles and secure workload access.
• Familiarity with SIEM/Observability tools (e.g., Splunk, Grafana, LogicMonitor).

• Zscaler certifications (e.g., ZCCA, ZCCP, ZCSP).
• Exposure to network automation (Python, Ansible, DevNet concepts).
• Experience with Branch/Cloud Connector deployments.
• Experience with other security platforms (CASB, SWG, EDR/XDR).
• Knowledge of cloud platforms such as AWS, Azure, or GCP.
• An open-minded individual who embraces challenges positively, KOCH Fit.
• Experience working in global delivery or follow-the-sun models.
• Experience in traffic forwarding methods (GRE/IPSec tunnels, PAC files, Client Connector)
• Experience integrating Zscaler with PingID, Azure AD, or similar IdPs.
• Familiarity with APIs for integrating and automating Zscaler workflows.