Role Summary
The Commonwealth is seeking a Zscaler Private Access (ZPA) Network Engineer to
support the secure deployment and operationalization of Zscaler Private Access
as a key component of the Commonwealth’s Zero Trust Network Access (ZTNA)
strategy.
This role will focus on designing, implementing, and supporting network
connectivity and access paths for private applications using ZPA, while
translating existing network access models and legacy VPN-based connectivity
into scalable, policy-driven access patterns aligned with Zero Trust principles.
The position is network-focused and hands-on, supporting application access
enablement while ensuring solutions are secure, auditable, and operationally
sustainable across the Commonwealth. The role works in close coordination with
the Enterprise ZTNA program, including enterprise network and security teams.
Key Responsibilities
Collaborate with Enterprise ZTNA network and security teams, as well as identity
and application stakeholders, to design and support ZPA-based access to internal
applications.
Design, implement, and maintain Zscaler Private Access connectivity, including
App Connectors, Server Groups, Application Segments, and access policy
configurations.
Analyze and assess legacy network and VPN-based access requirements,
agency-specific application needs, and connectivity dependencies, and translate
them into ZPA application-level access models.
Support the onboarding of applications to ZPA by validating network paths,
ports, protocols, and dependency requirements, and coordinating testing and
validation activities.
Configure and support ZPA access policies that enforce least-privileged access
while minimizing disruption to mission-critical operations.
Troubleshoot ZPA-related access and connectivity issues, including user access
failures, application reachability concerns, and connector health or routing
issues.
Participate in migration activities to transition users and applications from
legacy access models to ZPA in coordination with enterprise and agency
stakeholders.
Ensure ZPA configurations and access models are documented, auditable, and
aligned with Commonwealth security, governance, and compliance requirements.
Develop and maintain technical documentation, including configuration standards,
procedures, diagrams, and operational runbooks.
Engage with vendors and Zscaler support to resolve complex issues and support
platform stability and optimization.
Required Skills and Experience
Strong background in enterprise networking, including routing, firewalling, DNS,
and traffic flow analysis.
Experience implementing and supporting secure application access technologies
such as Zscaler Private Access or similar Zero Trust access platforms.
In-depth understanding of Zero Trust Network Access concepts and
application-level segmentation.
Ability to analyze complex, legacy network environments and translate them into
scalable, enforceable access models.
Experience working in regulated or compliance-driven environments, ensuring
adherence to security and governance standards.
Strong documentation, communication, and collaboration skills for
cross-functional engagement.
Preferred Qualifications
Zscaler certifications such as Zscaler Digital Transformation Administrator or
Zscaler Digital Transformation Engineer.
Completion of Zscaler administrator or engineer training courses relevant to
ZPA.
Industry-recognized certifications such as CCNP, Security+, CySA+, or
equivalent.
Experience supporting large, multi-agency, or public-sector enterprise
environments.
Familiarity with regulatory and security frameworks such as CJIS, NIST 800-53,
or similar standards.
Hands-on experience supporting access modernization initiatives in complex
enterprise environments.
Position Characteristics
This role supports the Enterprise ZTNA program and works closely with enterprise
network and enterprise security teams.
The position balances strong security controls with operational requirements,
focusing on reliable and secure private application access.
The ZPA Network Engineer is responsible for ensuring ZPA-based access is
implemented consistently and operates effectively within the Commonwealth’s Zero
Trust architecture.A
American Technology Consulting