Job Requirements
Lead Network Security Engineer (ZTNA & Zero Trust Access)
Experience: 10+ years
Employment Type: Full-time
Role Overview
We are seeking a
Lead Network Security Engineer ZTNA & Zero Trust Access to design and operate
identity-driven access controls in a regulated banking environment.
This role focuses on
Zero Trust Network Access (ZTNA) for users, vendors, and applications, while working closely with teams responsible for
SWG, firewalls, and Web/API Protection.
Key Responsibilities
Primary Focus ZTNA
- Design and implement ZTNA-based access models for internal users, third parties, and partners.
- Reduce dependency on traditional VPNs by deploying identity-aware, device-aware access controls.
- Integrate ZTNA with identity providers, endpoint posture, and risk-based access policies.
- Support secure access to on-prem and cloud-hosted applications.
Security Operations & Governance
- Monitor ZTNA access logs and anomalies; integrate with SIEM and SOC workflows.
- Participate in incident response related to unauthorized access or identity misuse.
- Ensure ZTNA implementation aligns with regulatory and audit requirements.
- Maintain architecture documentation and SOPs.
Required Skills
- Hands-on experience implementing ZTNA / Zero Trust access architectures.
- Strong understanding of identity-based access, authentication, and authorization models.
- Knowledge of network fundamentals to troubleshoot access and connectivity issues.
- Ability to troubleshoot network and security issues in complex environments.
- Strong understanding of cloud security principles, including SaaS, IaaS, and PaaS.
- Knowledge of security frameworks such as ISO 27001, NIST, or GDPR is a plus.
- Hands-on experience with networking protocols such as HTTP, HTTPS, DNS, and
- TCP/IP.
- Strong communication skills and the ability to collaborate with teams across various functions.
- Certifications in network security (e.g., CCSP, CISSP, CompTIA Security+, or equivalent) are a plus.
- Experience operating security controls in regulated environments.
Good to Have
- Exposure to Secure Web Gateway (SWG) platforms.
- Understanding of network firewalls and perimeter security.
- Familiarity with Web & API Protection / WAF.
- Experience with endpoint posture, EDR, and device trust models.
- Awareness of SASE / SSE architectures.
