Network Security Engineer-SASE/Zscaler & Netscope
United States
Full Time
3 hours ago
$160,000 - $195,000 USD
No H1B
Key skills
Entra IDOktaSaaSMentoringNetwork SecurityCloud SecurityZero Trust
About this role
Fulcrum Technology Solutions is seeking a Senior SASE Engineer to join their Network Engineering team. This role focuses on architecting, deploying, and optimizing Secure Access Service Edge solutions using Zscaler and Netskope platforms while contributing to broader network infrastructure decisions.
Responsibilities:
- Design and implement enterprise SASE architecture leveraging Zscaler ZIA, ZPA, and ZDX alongside Netskope SSE, NPA, and CASB capabilities
- Lead deployment and optimization of Zero Trust Network Access (ZTNA) solutions across both Zscaler and Netskope platforms
- Architect secure internet access and private application access for remote users, branch offices, and cloud workloads
- Configure and manage security controls including:
- SSL/TLS inspection across cloud and on-premises environments
- URL filtering, threat protection, and advanced sandboxing / malware detection
- Data Loss Prevention (DLP) policies across Zscaler and Netskope DLP engines
- Netskope inline and API-mode CASB for SaaS application governance
- Manage and troubleshoot Zscaler Client Connector (ZCC) and Netskope Client deployments at enterprise scale
- Participate in enterprise network architecture design reviews, contributing SASE and Zero Trust perspective to broader infrastructure decisions
- Design and implement traffic forwarding strategies including IPSec tunnels, GRE, and PAC file deployments in SD-WAN environments (Cisco Viptela, VMware VeloCloud, Fortinet)
- Configure and support network segmentation — VLANs, 802.1Q trunking, inter-VLAN routing — ensuring alignment between SASE policy enforcement and campus trust zone architecture
- Architect and troubleshoot DNS infrastructure supporting SASE deployments, including split-horizon DNS, conditional forwarders, and ZPA application access resolution
- Evaluate existing perimeter security architecture (Palo Alto, Fortinet, Checkpoint) and develop SASE migration roadmaps to guide clients from legacy VPN and on-prem proxy environments to Zero Trust architectures
- Integrate SASE solutions with enterprise identity providers including Microsoft Entra ID, Okta, and Ping Identity
- Implement identity-based access policies, device posture checks, and application segmentation aligned to Zero Trust frameworks
- Monitor and analyze security events, traffic patterns, and digital experience metrics using Zscaler ZDX and Netskope Network Traffic Analysis (NTA)
- Partner with SOC teams to investigate security alerts and threats surfaced through SASE telemetry
- Continuously optimize performance, user experience, and security posture across all managed SASE environments
- Serve as technical lead on client engagements, mentoring and guiding junior engineers throughout project delivery
Requirements:
- 5+ years of experience in network security, SASE, cloud security engineering, or enterprise network architecture
- Strong hands-on experience with Zscaler ZIA and ZPA deployments in enterprise environments
- Hands-on experience with Netskope SSE, NPA, and CASB — inline and API-mode
- Demonstrated experience implementing Zero Trust Network Access (ZTNA) and leading or supporting VPN-to-ZTNA migration projects
- Deep networking fundamentals: Routing protocols: BGP, OSPF, EIGRP, TCP/IP, DNS (split-horizon, conditional forwarding), HTTP/HTTPS, GRE/IPSec tunneling, SD-WAN fabric integration, VLAN segmentation, 802.1Q, inter-VLAN routing
- Experience integrating SASE and security platforms with enterprise identity providers (Entra ID, Okta, Ping Identity)
- Experience evaluating legacy perimeter architectures and developing SASE migration roadmaps
- Must be authorized to work in the United States
- SD-WAN platform experience: Cisco Viptela / Catalyst SD-WAN, VMware VeloCloud, Fortinet Secure SD-WAN
- Wireless LAN integration experience: Cisco Catalyst Center, Aruba Central — configuring SASE forwarding for wireless controllers
- Functional understanding of virtualization platforms (VMware vSphere/NSX)
- Experience partnering with SOC teams on SASE-sourced security alert investigation