Network Security Engineer SME

*Hands-on experience with Zscaler (ZIA/ZPA) or comparable cloud security / SWG / ZTNA platforms strongly preferred*

Highlights:

• This is a rare opportunity to lead a high-impact Zero Trust transformation supporting the FBI CJIS division, driving the shift from legacy network security to a modern, cloud-first architecture powered by Zscaler. You will play a key role in implementing cutting-edge security capabilities aligned with TIC 3.0 while working alongside highly experienced engineers in a mature SAFe Agile environment. This role offers the chance to shape future-state architecture, solve complex challenges at scale, and build highly marketable expertise across both federal and commercial sectors.
• The team consists of a collaborative mix of government personnel and contractor staff from multiple organizations, working together in a mature SAFe Agile environment. The culture emphasizes teamwork, technical excellence, and shared accountability, with a strong focus on delivering high-quality solutions to mission-critical systems.
• This role combines hands-on engineering, architecture, and transformation leadership in a single position. It provides the opportunity to work on a large-scale Zscaler implementation and Zero Trust initiative that is directly aligned with federal modernization efforts such as TIC 3.0. The position offers exposure to complex enterprise environments and the ability to make meaningful, visible contributions to a high-profile mission.
• The individual in this role will play a critical part in modernizing the organization's security posture, enabling secure, cloud-first access to applications and services. Their contributions will help reduce reliance on legacy infrastructure, improve visibility and control, and enhance overall cybersecurity capabilities through the implementation of Zero Trust principles.
• The candidate will acquire the following skills should they accept:
  
  
  
  • Hands-on experience with Zscaler ZIA and ZPA implementations at enterprise scale
  • Deep understanding of Zero Trust architecture and SASE frameworks
  • Experience aligning technical solutions to TIC 3.0 and federal security modernization initiatives
  • Advanced experience operating within a SAFe Agile environment in a large government organization
  • Enhanced expertise in cloud security, identity-driven access, and network transformation strategies
  
  
  
  

Typical Day:

A typical day entails operating within a SAFe Agile environment, starting with a brief daily stand-up to align on priorities, provide updates, and identify blockers. Team communication and coordination are primarily conducted through Microsoft tools and Jira, with work tracked via assigned tickets and sprint boards.

Work is executed in two-week sprint cycles, focusing on prioritized stories and features defined by leadership. In parallel, the role supports ongoing Operations & Maintenance (O&M) activities, including service ticket resolution, vulnerability management, and system sustainment to ensure operational stability.

Tasks:

• Participate in SAFe Agile ceremonies (daily stand-ups, sprint planning, retrospectives) and deliver work within sprint cycles
• Lead the implementation of Zscaler ZIA and ZPA to support Zero Trust and cloud-delivered security objectives
• Develop and execute migration strategies to transition from legacy forward proxies and VPNs to Zscaler-based architectures
• Design direct-to-cloud connectivity solutions that eliminate on-premises traffic backhaul
• Configure and optimize Zscaler policies (URL filtering, SSL inspection, DLP, access controls) to meet security requirements
• Integrate Zscaler with enterprise identity providers (e.g., Active Directory, Azure AD) to enforce identity-based access
• Collaborate with cross-functional teams (network, security, cloud) to support Zero Trust and TIC 3.0-aligned architectures
• Manage and resolve complex network security issues, including traffic flow, access, and policy enforcement troubleshooting
• Support Operations & Maintenance (O&M) activities such as service ticket resolution, vulnerability remediation, and system sustainment
• Develop and maintain technical documentation, including architecture diagrams, implementation plans, and operational procedures

Required Qualifications:

• Hands-on experience with Zscaler (ZIA/ZPA) or comparable cloud security / SWG / ZTNA platforms strongly preferred
• 10+ years of network security or cybersecurity engineering experience required
• Education: A degree may substitute for a portion of the required experience
• Proven experience as a technical lead / SME on enterprise network or security projects
• Experience supporting large-scale network security migrations (e.g., proxy/VPN to cloud-based or Zero Trust architectures)
• Experience supporting Zero Trust architecture or modern secure access solutions
• Experience integrating with identity providers (Active Directory, Azure AD, SAML/OIDC)
• Strong background in enterprise networking and security, including firewalls (Palo Alto, Cisco, etc.), routing, DNS, and proxy architectures
• Experience with SIEM/logging platforms (Splunk preferred)
• Experience troubleshooting complex network and security issues in enterprise environments

Desired Qualifications:

• Zscaler certifications (e.g., ZDTA, ZDTE, ZCCA-IA, ZCCA-PA)
• Experience leading or supporting a Zscaler ZIA/ZPA enterprise deployment
• Familiarity with CISA TIC 3.0 and federal network security modernization initiatives
• Experience replacing on-prem forward proxies and/or VPNs with cloud-delivered security solutions
• Knowledge of Zero Trust architecture (ZTA) and SASE frameworks
• Experience designing or implementing direct-to-cloud access architectures (avoiding traditional network backhaul)
• Cloud experience with AWS and/or Azure, including networking and security integration
• Security certifications (e.g., Security+, CASP/X, CISSP)
• Cisco certifications (e.g., CCNA, CCNP)
• Experience working in a SAFe Agile environment using Jira and Confluence

Position Type Shift Information:

• Day Shift 8am-5pm

US Citizenship: US citizenship required

Clearance: Top Secret clearance required

Location: FBI CJIS Campus (Clarksburg, WV)

Ideal Innovations, Inc. is an Equal Opportunity Employer:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or veteran status.

Ideal Innovations, Inc. is a VEVRAA Federal Contractor.

High School (preferred)

Experience troubleshooting complex network and security issues in enterprise environments (required)
Experience with SIEM/logging platforms (Splunk preferred) (required)
Strong background in enterprise networking and security, including firewalls (Palo Alto, Cisco, etc.), routing, DNS, and proxy architectures (required)
Experience integrating with identity providers (Active Directory, Azure AD, SAML/OIDC) (required)
Experience supporting Zero Trust architecture or modern secure access solutions (required)
Experience supporting large-scale network security migrations (e.g., proxy/VPN to cloud-based or Zero Trust architectures) (required)
Hands-on experience with Zscaler (ZIA/ZPA) or comparable cloud security / SWG / ZTNA platforms (required)
Proven experience as a technical lead / SME on enterprise network or security projects (required)
10 years: Network security or cybersecurity engineering experience required; degree may substitute for a portion of required experience (required)