Govcio logo

Zscaler Enterprise Architect - GovCIO

Govcio United States


No Relocation

Posted: July 13, 2026

Additional Content

Responsibilities
  • Define enterprise network security architecture and roadmap for next-generation firewalls, web security proxies, VPNs, and related controls across data centers, cloud, and branch/remote sites.
Define enterprise network security architecture and roadmap for next-generation firewalls, web security proxies, VPNs, and related controls across data centers, cloud, and branch/remote sites.
  • Lead design and implementation of Palo Alto Networks NGFW solutions at scale, including architecture patterns for segmentation, security policies, NAT, VPNs (IPsec/SSL), threat prevention, URL filtering, TLS/SSL decryption, and high-availability/clustering.
Lead design and implementation of Palo Alto Networks NGFW solutions at scale, including architecture patterns for segmentation, security policies, NAT, VPNs (IPsec/SSL), threat prevention, URL filtering, TLS/SSL decryption, and high-availability/clustering.
  • Architect and validate network designs for Cisco routing and switching across LAN/WAN, ensuring performance, resilience, and security for high-throughput environments.
Architect and validate network designs for Cisco routing and switching across LAN/WAN, ensuring performance, resilience, and security for high-throughput environments.
  • Own architecture and deployment strategies for web security platforms (McAfee Web Gateway / Web Security Proxy) and cloud-based secure web gateways (e.g., Zscaler), including policy models, threat protection, content inspection, and telemetry integration.
Own architecture and deployment strategies for web security platforms (McAfee Web Gateway / Web Security Proxy) and cloud-based secure web gateways (e.g., Zscaler), including policy models, threat protection, content inspection, and telemetry integration.
  • Integrate network security solutions with enterprise identity and authentication services (Active Directory, LDAP, RADIUS, TACACS+, 802.1X), enabling centralized policy enforcement and role-based access controls.
Integrate network security solutions with enterprise identity and authentication services (Active Directory, LDAP, RADIUS, TACACS+, 802.1X), enabling centralized policy enforcement and role-based access controls.
  • Define secure network segmentation, micro-segmentation, and zero-trust network access strategies; produce reference architectures, design patterns, and configuration baselines.
Define secure network segmentation, micro-segmentation, and zero-trust network access strategies; produce reference architectures, design patterns, and configuration baselines.
  • Drive cross-functional security initiatives: large-scale firewall and proxy migrations, datacenter-to-cloud transition, SD-WAN and SASE adoption, and consolidation of security tooling.
Drive cross-functional security initiatives: large-scale firewall and proxy migrations, datacenter-to-cloud transition, SD-WAN and SASE adoption, and consolidation of security tooling.
  • Establish governance: security policy lifecycle, rulebase rationalization, change control, risk assessments, and exception processes.
Establish governance: security policy lifecycle, rulebase rationalization, change control, risk assessments, and exception processes.
  • Design and implement logging, telemetry, and monitoring architectures to surface threats, performance issues, and policy violations; integrate with SIEM, SOAR, and observability platforms.
Design and implement logging, telemetry, and monitoring architectures to surface threats, performance issues, and policy violations; integrate with SIEM, SOAR, and observability platforms.
  • Lead incident response for network security events, conduct root-cause analysis, and define remediation and preventative controls.
Lead incident response for network security events, conduct root-cause analysis, and define remediation and preventative controls.
  • Optimize operational processes via automation and IaC (Ansible, Terraform, scripts) for deployment, configuration management, and compliance validation.
Optimize operational processes via automation and IaC (Ansible, Terraform, scripts) for deployment, configuration management, and compliance validation.
  • Provide technical leadership, mentor engineers, coordinate vendor engagements, and influence executive stakeholders on strategy, budgets, and roadmap.
Provide technical leadership, mentor engineers, coordinate vendor engagements, and influence executive stakeholders on strategy, budgets, and roadmap.
  • Ensure architectures meet regulatory, compliance, and audit requirements; produce documentation, diagrams, and security design reviews.
  • 10+ years of progressive networking and security experience, including 5+ years in architecture/lead roles.
10+ years of progressive networking and security experience, including 5+ years in architecture/lead roles.
  • Deep, demonstrable expertise with Palo Alto Networks NGFW architecture and deployment at enterprise scale.
Deep, demonstrable expertise with Palo Alto Networks NGFW architecture and deployment at enterprise scale.
  • Extensive experience with Cisco routing and switching design across enterprise LAN/WAN and data center environments.
Extensive experience with Cisco routing and switching design across enterprise LAN/WAN and data center environments.
  • Strong experience designing and deploying McAfee Web Gateway/Web Security Proxy and cloud secure web gateway solutions (e.g., Zscaler).
Strong experience designing and deploying McAfee Web Gateway/Web Security Proxy and cloud secure web gateway solutions (e.g., Zscaler).
  • In-depth knowledge of TCP/IP, routing protocols, switching, VLANs, VRFs, ACLs, NAT, QoS, DNS/DHCP/NTP.
In-depth knowledge of TCP/IP, routing protocols, switching, VLANs, VRFs, ACLs, NAT, QoS, DNS/DHCP/NTP.
  • Expertise in VPN technologies (IPsec, SSL/TLS), secure remote access, and zero-trust network architectures.
Expertise in VPN technologies (IPsec, SSL/TLS), secure remote access, and zero-trust network architectures.
  • Hands-on experience integrating security platforms with AD/LDAP, RADIUS/TACACS+, and 802.1X.
Hands-on experience integrating security platforms with AD/LDAP, RADIUS/TACACS+, and 802.1X.
  • Proven ability with automation and Infrastructure as Code (Ansible, Terraform, Python scripting) for network/security operations.
Proven ability with automation and Infrastructure as Code (Ansible, Terraform, Python scripting) for network/security operations.
  • Experience with logging / telemetry integration, SIEM, threat detection, and incident response processes.
Experience with logging / telemetry integration, SIEM, threat detection, and incident response processes.
  • Strong documentation, architecture modeling, and stakeholder communication skills.
Preferred Skills and Experience
  • Master’s preferred
Master’s preferred
  • Relevant certifications: Palo Alto (PCNSE/PCNSA), Cisco (CCNP/CCIE), CISSP, SANS/GIAC.
Relevant certifications: Palo Alto (PCNSE/PCNSA), Cisco (CCNP/CCIE), CISSP, SANS/GIAC.
  • Experience with SD-WAN, SASE, cloud networking (AWS, Azure), and micro-segmentation technologies.
Experience with SD-WAN, SASE, cloud networking (AWS, Azure), and micro-segmentation technologies.
  • Prior experience leading large-scale migrations, global rollouts, or managed security
If you are selected to move forward through the process, here’s what you can expect:
  • During the Interview Process
  • Virtual video interview conducted via video with the hiring manager and/or team Camera must be on A valid photo ID must be presented during each interview
During the Interview Process
  • Virtual video interview conducted via video with the hiring manager and/or team
  • Camera must be on
  • A valid photo ID must be presented during each interview
During the Interview Process Virtual video interview conducted via video with the hiring manager and/or team Camera must be on A valid photo ID must be presented during each interview
  • During the Hiring Process
  • Enhanced Biometrics ID verification screening Background check, to include: Criminal history (past 7 years) Verification of your highest level of education Verification of your employment history (past 7 years), based on information provided in your application
During the Hiring Process
  • Enhanced Biometrics ID verification screening
  • Background check, to include:
  • Criminal history (past 7 years) Verification of your highest level of education Verification of your employment history (past 7 years), based on information provided in your application
Background check, to include:
  • Criminal history (past 7 years)
  • Verification of your highest level of education
  • Verification of your employment history (past 7 years), based on information provided in your application
At GovCIO, we consistently hear that meaningful work and a collaborative team environment are two of the top reasons our employees enjoy working here. In addition, our employees have access to a range of perks and benefits to support their personal and professional well-being, beyond the standard company offered health benefits, including:
  • Employee Assistance Program (EAP)
  • Corporate Discounts
  • Learning & Development platform, to include certification preparation content
  • Training, Education and Certification Assistance*
  • Referral Bonus Program
  • Internal Mobility Program
  • Pet Insurance
  • Flexible Work Environment