Everforth ECS is seeking a Senior Zscaler Engineer to work in our Washington, DC office
Cybersecurity professional responsible for designing, deploying, and managing cloud-based network security solutions, specifically focusing on Secure Access Service Edge (SASE) and Zero Trust architectures. They ensure secure, high-performance application access and traffic routing for enterprise users.
Core Responsibilities:
- Platform Management, Deploy and optimize Zscaler core services—primarily ZIA (Zscaler Internet Access), ZPA (Zscaler Private Access), and ZDX (Zscaler Digital Experience).
- Policy Configuration, Define security policies for threat protection, URL filtering, SSL inspection, and data loss prevention (DLP).
- Traffic Routing, Create and maintain Proxy Auto-Configuration (PAC) files and manage application profiles for efficient routing.
- Identity Integration, Synchronize directories and manage integrations using SAML and SCIM with tools like Microsoft Azure AD.
- Troubleshooting & Support, Act as the top escalation point for connectivity, authentication, performance, and application access issues.
Salary Range: $180,000-$200,000
General Description of Benefits
Preferred Qualifications- Active DoD Top Secret clearance with SCI eligibility and ability to obtain/maintain a CI polygraph.
- Bachelor’s degree in Cybersecurity or IT
- 3+ years of technical experience in enterprise IT environments.
- Zscaler Expertise: Deep hands-on experience with ZIA/ZPA, often validated by certifications like Zscaler Certified Administrator (ZCA) or Zscaler Certified Security Engineer (ZCSE).
- Networking Foundations, Strong grasp of TCP/IP, DNS, HTTP/S, routing, VPNs, and firewalls.
- Cloud & SASE Concepts, Familiarity with Zero Trust principles, cloud-native security, and Secure Access Service Edge.
- Automation, Ability to write scripts (e.g., Python, PowerShell, Bash) to automate routine tasks and API integrations.
ICAMO cloud identity management:
- Lead hands-on configuration, integration, troubleshooting, and sustainment of ICAM platforms with familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, M-22-09, M-26-14 and FICAM architectures.
- Strong desire for understanding of Zero Trust principles and Microsoft Entra architecture
- Proficiency with EntraID, Microsoft Graph API, and PowerShell for identity management tasks.
- Enterprise application registrations, Conditional Access & Security: Set up Conditional Access policies, Secure Score, Compliance Score, and integrate with Microsoft Defender for Identity and Cloud Apps. Configure and integrate SAML 2.0, OIDC, OAuth 2.0, SCIM, REST APIs, PKI, CAC/PIV, SCEP, MFA, and passwordless authentication technologies.
- Support integration of ICAM services across cloud, enterprise, hybrid, and multi-domain mission environments including Cloud Service Providers (CSP), Azure, AWS, IL5/IL6, and classified systems where applicable.
- Support integration of ICAM services across SaaS services in the cloud, enterprise, hybrid, and multi-domain mission environments with focus on Zscaler integrations.
- Integrate Entra ID with SaaS apps, on-premises systems, and Azure services; automate provisioning and access reviews.
Skills Required
- Active DoD Top Secret clearance with SCI eligibility and ability to obtain/maintain a CI polygraph
- Bachelor's degree in Cybersecurity or IT
- 3+ years of technical experience in enterprise IT environments
- Deep hands-on experience with ZIA and ZPA (Zscaler)
- Zscaler certifications such as ZCA or ZCSE
- Strong grasp of TCP/IP, DNS, HTTP/S, routing, VPNs, and firewalls
- Familiarity with Zero Trust principles, cloud-native security, and SASE concepts
- Ability to write automation scripts and use APIs (Python, PowerShell, Bash, REST APIs)
- Proficiency with Entra ID, Microsoft Graph API, and PowerShell for identity management
- Experience with SAML 2.0, OIDC, OAuth 2.0, SCIM, PKI, CAC/PIV, SCEP, MFA, and passwordless authentication
- Familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, M-22-09, M-26-14, and FICAM architectures
- Experience integrating ICAM and Zscaler solutions across Azure, AWS, IL5/IL6, and classified systems
ECS Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.
-
Healthcare Strength — ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
-
Retirement Support — A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
-
Parental & Family Support — Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.
ECS Insights
What We Do
ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.









