About the role

Senior Network Security Engineer driving Zero Trust security fabric design and optimization at CRC Group. Hands-on role managing Zscaler and Palo Alto implementations across multi-cloud environments.

Responsibilities

Lead the architecture, deployment, and lifecycle management of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) at scale (including App Connectors, ZPA gateways, policy orchestration, and integration with identity providers)
Design, configure, and maintain Palo Alto Networks firewall estates (PA-Series, VM-Series, and Panorama) with security policy automation, URL filtering, threat prevention, etc.
Build and maintain reusable Terraform modules for Zscaler, Palo Alto, cloud networking, and routing infrastructure (full IaC pipelines using Terraform Cloud/Enterprise, GitHub Actions, or equivalent)
Architect and optimize routing strategies (BGP, OSPF, static, policy-based routing) for hybrid WAN, internet breakout, direct cloud connectivity, and SD-WAN overlays
Troubleshoot complex issues involving Zscaler tunnels, Palo Alto sessions, routing loops, asymmetric routing, and multi-cloud latency
Automate operational tasks (provisioning, upgrades, policy drift detection, compliance reporting) using Terraform where appropriate
Provide technical leadership and mentorship to mid-level and junior engineers
Document architecture, runbooks, and lessons learned

Expert-level hands-on deployment and troubleshooting experience with both Zscaler ZIA and ZPA in production environments (1000+ users or 50+ sites)
Expert-level experience with Palo Alto Panorama, device groups, templates, and VM-Series in cloud environments
Strong production experience writing and maintaining Terraform modules for networking/security appliances (Zscaler Terraform provider, Palo Alto Terraform provider, AWS/Azure/GCP providers)
Solid understanding of routing protocols (BGP especially – eBGP/iBGP, route reflectors, communities, prefix-lists) and cloud networking (transit architectures, hub-and-spoke, direct connect, private endpoints)
Proven track record of delivering secure, scalable designs in multi-cloud or hybrid environments
Ability to work independently in a small-team environment while collaborating with cloud, identity, and application teams
Preferred Qualifications: Terraform Associate or Terraform Professional certification, PCNSE (Palo Alto Certified Network Security Engineer), and at least one Zscaler certification (ZIA or ZPA Professional/Architect level) preferred, Experience with SASE, SD-WAN, or full Zero Trust Network Access (ZTNA 2.0) migrations, Scripting/automation beyond Terraform (Python, PowerShell), Experience in regulated industries (finance, healthcare, retail) with compliance requirements (PCI, SOC 2, HIPAA), CCNP (or equivalent advanced routing/security knowledge)

Medical, dental, vision, life, disability, and AD&D insurance
Tax-advantaged savings accounts
401(k) plan with company match
Generous paid time off programs including company holidays, vacation and sick days, new parent leave, and more
Eligible positions may also qualify for restricted stock units and/or a deferred compensation plan