Note: Fidelity will not provide immigration sponsorship for this position.
The Role
We are seeking a Senior ZTNA (Zero Trust Network Access) Network Engineer to lead the engineering, deployment, and optimization of secure remote access solutions across the enterprise. This role will drive the transition from legacy VPN technologies to modern Zero Trust architectures, with a strong focus on Zscaler (ZPA/ZIA) and enterprise ZVPN initiatives.
You will design and implement secure, scalable, and resilient access solutions that enable seamless, secure connectivity to enterprise applications while eliminating implicit trust. This includes architecting Zero Trust segmentation, application-level access controls, and robust connectivity strategies for a global workforce. Responsibilities will include:
Lead design and implementation of ZTNA solutions (Zscaler ZPA/ZIA, ZVPN) to replace legacy VPN technologies
On call required rotation
Define and deliver modern Zero Trust architecture patterns, including application-level segmentation and identity-based access
Drive legacy VPN decommissioning and migration to ZTNA platforms
Develop and execute engineering roadmaps aligned to enterprise remote access strategy
Partner with security, infrastructure, and business units to ensure coordinated rollout and adoption
Document architecture, operational models, and implementation standards
Evaluate emerging ZTNA and secure access technologies and provide data-driven recommendations
Lead pilots and phased deployments, including testing, validation, and performance benchmarking
Act as a Tier-3 escalation lead for complex remote access and connectivity issues
Ensure high availability and resilience of remote access infrastructure in a 24x7 global environment
Assess and mitigate risks related to latency, scale, and user experience during migrations
The Expertise and Skills You Bring
6–10 years of network/security engineering experience, including 4+ years in ZTNA or remote access transformations
Bachelor’s degree in Computer Science, Information Technology, or related field
Hands-on experience with Zscaler (ZPA/ZIA) or comparable Zero Trust platforms
Proven success migrating legacy VPNs to Zero Trust, cloud-delivered access solutions
Deep expertise in ZTNA design, implementation, and Zero Trust principles (least privilege, continuous verification, no implicit trust)
Experience designing application segmentation and identity-based access policies
Strong knowledge of traffic steering, split tunneling, and secure access routing (ZVPN architectures)
Experience with load balancing, gateways, and access control layers
Advanced troubleshooting across network layers (L3–L7)
Familiarity with hybrid environments (on-prem, cloud, SaaS)
Ability to optimize latency, performance, and user experience in ZTNA environments
Experience with high availability, disaster recovery, and failover strategies in global, always-on environments
Experience with network automation tools (Python, Ansible, APIs)
Familiarity with endpoint management and deployment tools (Intune, SCCM)
Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access
Knowledge of PKI, certificates, and modern authentication methods
Experience integrating with SIEM, EDR, and security monitoring platforms
Strong ownership mindset with a focus on execution and delivery
Ability to thrive in fast-paced, ambiguous environments with competing priorities
Excellent communication skills across technical and business stakeholders
Proven ability to lead incident response and drive resolution under pressure
Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP (or equivalent), ITIL Foundation
The Team
You will be part of the Enterprise Cloud, Infrastructure, and Operations (ECIO) organization, playing a central role in transforming the enterprise’s remote access strategy from legacy VPN to Zero Trust. This is a high-visibility, high-impact team focused on ZVPN rollout and enterprise-wide adoption, legacy VPN decommissioning, and Zscaler-driven Zero Trust transformation.
The team operates in a global, 24x7 environment and partners closely with security, infrastructure, and business stakeholders. Together, you enable secure, seamless access to applications for a distributed workforce—reducing cyber risk, improving resilience, and supporting business continuity at scale.
Certifications:Category:Information TechnologyPlease be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.
Skills Required
- 6-10 years network/security engineering experience, including 4+ years in ZTNA or remote access transformations
- Bachelor's degree in Computer Science, Information Technology, or related field
- Hands-on experience with Zscaler (ZPA/ZIA) or comparable Zero Trust platforms
- Proven experience migrating legacy VPNs to Zero Trust/cloud-delivered access solutions
- Deep expertise in ZTNA design, implementation, and Zero Trust principles
- Designing application segmentation and identity-based access policies
- Knowledge of traffic steering, split tunneling, and secure access routing (ZVPN architectures)
- Experience with load balancing, gateways, and access control layers
- Advanced troubleshooting across network layers L3-L7
- Familiarity with hybrid environments (on-prem, cloud, SaaS)
- Experience with high availability, disaster recovery, and failover strategies in global environments
- Experience with network automation tools (Python, Ansible, APIs)
- Familiarity with endpoint management and deployment tools (Intune, SCCM)
- Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access
- Knowledge of PKI, certificates, and modern authentication methods
- Experience integrating remote access with SIEM, EDR, and security monitoring platforms
- On-call rotation participation
- Proven ability to lead incident response and drive resolution under pressure
- Excellent communication skills across technical and business stakeholders
- Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP, ITIL Foundation
Fidelity Investments Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Fidelity Investments and has not been reviewed or approved by Fidelity Investments.
-
Strong & Reliable Incentives — Bonuses, commissions, and profit-sharing are presented as generous and meaningful components of total compensation, with certain roles achieving high total earnings through multiple pay streams. Variable pay is consistently framed as a positive contributor beyond base salary.
-
Retirement Support — A 401(k) match up to 7% alongside additional profit-sharing up to 10% materially enhances long-term compensation. These retirement features are highlighted as standout strengths of the overall package.
-
Parental & Family Support — Generous paid parental leave (16 weeks maternity, 12 weeks parental), backup dependent care, and adoption assistance provide robust family support. Hybrid work and caregiving resources further ease family responsibilities.
Fidelity Investments Insights
What We Do
At Fidelity, our goal is to make financial expertise broadly accessible and effective in helping people live the lives they want. We do this by focusing on a diverse set of customers: - from 23 million people investing their life savings, to 20,000 businesses managing their employee benefits to 10,000 advisors needing innovative technology to invest their clients’ money. We offer investment management, retirement planning, portfolio guidance, brokerage, and many other financial products. Privately held for nearly 70 years, we’ve always believed by providing investors with access to the information and expertise, we can help them achieve better results. That’s been our approach- innovative yet personal, compassionate yet responsible, grounded by a tireless work ethic—it is the heart of the Fidelity way.
.png)
