L3 Network Security engineer

Successful candidate must be comfortable with rotation shifts and weekends as and when required.

Responsibilities

Should focus on day-2-day operations, incident, change management, and user centric troubleshooting.

Operate and continuously improve the organization’s Secure Access Service Edge (SASE)services using Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA),ensuring secure, reliable user connectivity and strong policy governance.

• Run day-to-day operations for ZIA (web gateway, SSL inspection, URL filtering, cloud app control, sandbox, DLP , DNS security).

• Run day-to-day operations for ZPA (App Segments, Access Policies, Connector management, posture requirements, policy troubleshooting).

• Monitor service health and user experience; proactively identify trends and recurring issues.

• HandleL2/L3 incident troubleshooting: authentication issues (SSO/SAML),PAC/forwarding issues, tunnel/connector issues, policy blocks, certificate/SSL inspection issues.

• Perform policy administration: create/update rules, exceptions, and change deployments following CAB/ITSM change controls.

• Maintain forwarding architecture: Zscaler Client Connector, GRE/IPsec tunnels, PAC files, forwarding profiles, location configuration, traffic steering.

• Manage integrations: IdP (Azure AD/Entra ID, Okta, ADFS), SIEM (Splunk/QRadar),ticketing (ServiceNow), endpoint tools (Intune/Jamf), MFA.

• Execute routine operational tasks: connector upgrades, certificate updates, location updates, application onboarding to ZPA, user/group updates.

• Work with vendors/TAC; drive cases to closure and implement corrective actions.

• Maintain documentation: runbooks, SOPs, troubleshooting guides, policy standards, onboarding checklists.

• Support audits and compliance: policy reviews, recertification evidence, logging/retention checks. Menlo Web Isolation Maintain allow-list/whitelist for approved URLs/domains based on business justification and security requirements.

• Manage exception lifecycle: approvals, expiry dates, periodic review/cleanup, and recertification evidence.

• Ensure isolation policies align with ZIA policies and do not create conflicting user experience (e.g., bypass vs isolate logic) Site not loading in isolation, rendering issues, broken web apps, file download/upload restrictions, clipboard/printing controls (as applicable)

Any other ad-hoc duties as assigned by supervisor.

Requirements

Degree in IT or related discipline

• Strong working knowledge of ZIA (SSL inspection, URL filtering, CASB/app control, sandbox, forwarding methods).

• Strong working knowledge of ZPA (connectors, app segments, access policies, posture, authentication flows).

•Troubleshooting across endpoint + network + identity (DNS, TLS cert chains, proxy behavior, SAML/SSO, routing).

•ITSM/change management discipline (ServiceNow/JIRA), documentation habits. Strong knowledge about Zero Trust concepts

•Nice-to-have: SIEM integration, DLP, basic scripting (PowerShell/Python) forops automation.

Interested applicants, please email your resume to Karin Chan Wei Kien

Email: ***email_hidden***

CEI Reg No: R1104584

Recruit Express Pte Ltd

UEN: 199601303W

EA Licence No: 99C4599