Job Title: L3 Zscaler Architect - Remote
Duration: 6 - 12 Months to start likely to extend or be ongoing
This isn’t a general Zscaler role—it’s a high-level “architect + L3 escalation” position, so the most important skillsets cluster around deep technical mastery + troubleshooting + leadership.
Seeking a senior Zscaler SME who can operate as both a hands-on architect and L3 escalation lead. This role owns complex production issues, drives design/optimization, and guides L1/L2 teams.
Core Requirements (Must-Have)
1. Zscaler Expertise (Primary Filter)
Deep, hands-on experience with:
ZIA (Internet Access)
ZPA (Private Access)
ZDX (Digital Experience)
Strong experience with:
Policy configuration (URL filtering, SSL inspection)
App Connectors (ZPA)
Traffic forwarding (PAC files, tunnels)
Zscaler Admin Portal and log analysis
Disqualifier: Limited exposure or experience with only one Zscaler module.
2. Advanced Troubleshooting (L3 Level)
Proven ability to resolve complex, non-standard issues
Root cause analysis across:
DNS
Authentication / SSO
Network routing and tunnels
Application access
Deep log analysis experience
Key signal: Clear examples of independently resolving high-impact issues.
3. Networking Fundamentals
Strong knowledge of:
IPSec and GRE tunnels (configuration + troubleshooting)
PAC files and proxy behavior
DNS and routing
Disqualifier: Weak networking background.
4. Security Architecture (Zero Trust)
Understanding of:
Zero Trust architecture
Secure Web Gateway (SWG)
Experience integrating with identity providers such as:
Azure Active Directory
CyberArk
5. L3 Escalation Ownership
Experience as a final escalation point
Ownership of outages and critical incidents
Background in 24/7 production environments
Disqualifier: Candidates who primarily escalate issues upward.
6. Leadership / Communication
Mentoring L1/L2 engineers
Leading technical discussions
Building documentation, runbooks, and processes
Preferred
Zscaler certifications (ZCP, ZDTA, ZDTE, ZDXA)
Experience with Palo Alto, Cisco
Network security architecture background
Profiles to Avoid
L1/L2 support-only candidates
General network engineers without deep Zscaler experience
Candidates lacking hands-on troubleshooting depth
Experience limited to a single Zscaler product
Positioning Summary (For Candidate Outreach)
High-impact role responsible for stabilizing and optimizing a complex Zscaler environment. Opportunity to operate as both architect and escalation authority, with influence over design, operations, and team direction.
Quick Summary
Senior Zscaler expert (ZIA/ZPA/ZDX) with strong networking and troubleshooting skills, capable of owning L3 escalations, designing solutions, and leading support teams.
IMPORTANT SOFT SKILLS:
Top candidates will demonstrate:
Strong ownership
Clear, structured communication
Proven leadership in high-pressure situations
If a candidate is technically strong but lacks these, they will struggle in this role.
This role sits at the intersection of:
Zscaler platform expertise
Enterprise networking
Identity and access management
Cloud security architecture
Candidates should show hands-on experience across all four areas, not just one silo.
Nice-to-haves signal depth and versatility, but should never outweigh:
Core Zscaler expertise
Strong troubleshooting ability
Solid networking foundation
If a candidate has 2–3 of these in addition to the core requirements, they’re typically a strong contender.
This role is a mix of hands-on engineering, escalation support, and architecture ownership in a live enterprise environment.
This role spends the day:
Owning escalations
Solving complex issues
Designing and improving the Zscaler environment
Supporting and elevating the team
It’s ideal for someone who thrives in high-impact, hands-on, problem-solving environments.
Required
No certifications are strictly required for this role.
The hiring team is prioritizing:
Hands-on Zscaler experience
Proven L3 troubleshooting ability
Real-world architecture and escalation ownership
Preferred (Nice-to-Have)
Zscaler certifications are highly valued and can help differentiate candidates:
ZCP (Zscaler Certified Professional)
ZDTA (Zscaler Digital Transformation Administrator)
ZDTE (Zscaler Digital Transformation Engineer)
ZDXA (Zscaler Digital Experience Analyst)
Additional Relevant Certifications (Bonus)
Network/security certifications (e.g., Cisco, Palo Alto)
Cloud/security certifications (Azure, general security certs)
Do not filter candidates out based on lack of certifications
Use certifications as a tie-breaker, not a requirement
Prioritize hands-on Zscaler expertise and L3 experience over credentials
Strong candidates will typically have experience that aligns with these certifications—even if they don’t formally hold them.
*experience weighs more than certifications
Target candidates with:
8–12+ years total experience
At least several years of deep, hands-on Zscaler work
Proven experience operating at an L3 or architect level
Less experienced candidates (even if strong technically) will likely struggle in this role due to the level of ownership and complexity.
*experience weighs more than certifications
This is a lead-level technical role within a support function.
It sits in production support / operations
But operates at the highest escalation tier (L3)
Also includes architect-level responsibilities
Type: Support-based (L3)
Level: Lead / Architect
Management: No direct reports, but strong technical leadership responsibilities
The onboarding focuses on understanding the existing environment and processes quickly, with the expectation that the candidate already brings deep Zscaler and networking expertise and can begin contributing at a high level within the first few weeks.
This is not a “maintenance-only” role. The candidate will be involved in:
Stabilizing and improving an active environment
Expanding and optimizing Zscaler capabilities
Driving both technical and operational improvements
The role offers involvement in high-impact initiatives focused on optimizing and scaling a Zscaler environment, improving Zero Trust access, and driving operational maturity across a complex enterprise landscape.
Thank you,
Shiva Mittal