Networking ZTNA

Job Description Title Cyber Resilience ZTNA Implementation Engineer Department Enterprise Network Services (ENS) Location India - Flexible Reports To Jordan Finn Level Infrastructure Engineer - Engineer - 6 We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So bring your boldest ideas to the Enterprise Network Services team and feel like youre making progress. About your team The Engineering group is an integral and strategy defining function within Enterprise Network Services team, overall part of Technology Infrastructure, defining the roadmap, design, patterns, blueprints, and high-level / low-level implementation for core technologies within the network, firewall and voice domains. About your role Within this role, youll be at the forefront of leading an enterprise network segmentation program, delivering initial ZTNA access for developers and system administrators, utilizing Zscaler Private Access (ZPA), translating business intent and data flows into declarative policy, reducing network attack surface and increasing cyber resilience. Youll be reviewing historic traffic flow logs, aligning to business intent and requirements, determining and rationalizing network flows, and translating this into scalable and maintainable ZPA access policy. Youll be aligning historical traffic flow logs with enterprise CMDB data sources, to determine application components and composition, ensuring all application components, and only those necessary, are included within the recommended enforcement policies for developers and administrators. Youll be engaging with internal business units, developers, architects and SMEs to validate and rationalize observed traffic flows and interactions, confirming policy prior to implementation. Youll be engaging with internal security stakeholders to assess and determine approval or rejection of certain traffic flows, according to the security and safety of protocol usage, following risk acceptance processes where necessary. Youll be engaging with external stakeholders, within third-parties such as Fidelity Investments as well as other B2B organisations which FIL interconnect with, both within the network and security function, as well as within the business development and application support functions, to identify the nature of resources being accessed by FIL resources and vice versa, confirming and validating the need for these assets to be accessed according to defined business intent. Youll be documenting all segmentation instances / application runs, incorporating into application passports attestation, contributing towards cyber KPIs relating to improvement in cyber posture and risk reduction for developer and engineer access to internal applications and resources. About you A suitable candidate for this role would have the following skillset: Subject Matter Expert Skillset As part of joining the Engineering function and working on this cyber resilience acceleration project, youll be expected to bring a Subject Matter Expert (SME) skillset, specifically for Zscaler Private Access (ZPA). ZPA is the strategic underpinning and enabling technology for FIL users to remotely connect to internal applications and resources, and as such, knowledge and experience with translating observed traffic flows and user interactions to deterministic network policy restrictions within ZPA is essential. Your role here as a ZTNA implementation engineer will concentrate on consuming the analysing and policy recommendations of a traffic analyst, derived from flow log data, and as such, the priority in skillset here is to ensure comprehensive understanding of how to implement ZPA Access Policy within a nature to facilitate necessary application access, whilst blocking unnecessary and non-business aligned flow attempts. Data Analysis & Manipulation As part of joining the Engineering function and leading the cyber resilience acceleration project, you will be expected to take a data driven and analytical approach to drive segmentation, to sufficiently de-risk the segmentation process, without breaking application services or business processes. To this end, experience of working with Microsoft Sentinel / Azure Log Analytics / KQL, or other applicable SIEM applications, to harvest and mine log data and drive outcomes is essential. Experience in taking application flow data sets, analysing, rationalising, manipulating data sets, and translated into recommended policy sets is necessary, to accelerate the process of translating observed flows into network policy and approved business intent. Your role here as a ZTNA implementation engineer will concentrate more on the consumption of data of this nature, and as such, experience of this nature is welcome and useful, and from a skillset prioritisation perspective, your experience with implementing ZTNA policy within ZPA is more important here. Programming / Scripting / Network Automation Further to an SME skillset, its beneficial that you will bring some level of programming, scripting or automation experience. Examples of toolset experience expected here includes Python, CI/CD Pipelines, Terraform, Ansible, PowerShell, etc aiding within the data analysis and manipulation job parameters. Problem Solving As part of this role, youll be engaging within highly complex technical requirements and problems, requiring application of innovative solutions, to work through challenges within the workplace. As a member of the Engineering function, youll be expected to use your problem-solving skills, to provide solutions articulated by the business. Analytical Skills As a member of the Engineering function, youll be expected to be able to break down complex problems and define technical solutions, based upon your analysis and triage of the problem and expressed requirements. Youll need to be able to understand the problem domain youre assigned from a variety of technical implementations and make recommendations for these domains based on vendor and industry best practice. Creativity Brainstorming and creative thinking for developing initatives, solving problems and recommending technical solutions is highly important for working effectively within this role. Being able to think outside the box, being able to drill down to the root core requirement and being able to recommend solutions which meet the most complex of requirements across various stakeholders is essential, to deliver scalable and robust solutions. Stakeholder Management Being able to engage with various stakeholders across the business, including but not limited to, Enterprise Network Services colleagues, infrastructure architects, enterprise architects, security engineers and architects, as well as representatives from the various FIL business units is necessary, in order to capture strategy, requirements and general intent / outcome, and allow this to be embedded into Enterprise Network Services assured and engineered solutions. Being able to manage the requirements of stakeholders, the expectations of stakeholders, and the delivery of stakeholder expressed outcome is necessary to ensure stakeholders are continuously informed and kept up to date, as the Engineering function progresses the scheme of work, relating to the stakeholder\'s original requirement.