GMS - Senior - Zscaler And CheckPoint

Infra Security – Zscaler, Check Point_Senior

We are looking for Infra Sec specialist who will be responsible for day-to-day operations, administration, troubleshooting, and optimization of Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Check Point firewalls in a production enterprise environment. The role includes policy management, secure access enablement, incident troubleshooting, performance tuning, upgrades, change execution, and compliance support across on-prem and cloud connectivity.

Key Responsibilities:

Administer and support Zscaler Internet Access (ZIA) features:

• URL Filtering, Web Security, SSL inspection, Malware protection, Advanced Threat features (as licensed)
• Cloud firewall policies, bandwidth control, DLP policy support (if applicable)

Administer and support Zscaler Private Access (ZPA):

• App Segmentation, App Connector configuration, Server Group/Segment Group policies
• Identity-based access enforcement, posture checks (if enabled), user access troubleshooting

Configure and maintain traffic forwarding methods:

• GRE/IPsec tunnels, PAC files, Zscaler Client Connector, proxy chaining (as applicable)

Troubleshoot Zscaler access issues:

• Authentication failures, policy mismatch, SSL inspection problems, application latency and connectivity issues
• Analyze Zscaler logs (web insights, audit logs, connector logs) and coordinate with ISP/Network teams

Integrate with enterprise identity/security tooling:

• SAML/SSO integration (Azure AD/Okta), SCIM provisioning, certificate management
• Log streaming to SIEM (e.g., Sentinel/Splunk/QRadar) and alert tuning
• Perform policy reviews, rulebase cleanup, and implement least privilege access patterns.

Manage Check Point Security Gateways and Management:

• Policy creation/maintenance (NAT, Access Control, Application Control, IPS, Anti-Bot/AV as licensed)
• Object management, service groups, VPN communities, route-based vs domain-based VPN

Administer Check Point VPNs:

• Site-to-site IPsec VPN, remote access VPN (if used), certificate-based authentication

Perform troubleshooting and performance analysis:

• VPN tunnel instability, packet drops, asymmetric routing, NAT issues, throughput constraints
• Use tools: SmartConsole, SmartView/Logs, tcpdump, fw monitor, cpinfo, debugs

Handle firewall lifecycle activities:

• Backup/restore, upgrades/patching, hotfix installation, cluster management (HA/VSX if applicable)

Implement security best practices:

• Rulebase optimization, threat prevention tuning, logging strategy, segmentation and zone design

Preferred Requirements:

• Over 4 years of experience in Infrastructure Security, Network Security, or Cloud Security.
• Solid hands-on with ZIA policy administration and troubleshooting
• Working knowledge of ZPA application access design and troubleshooting
• Experience with Zscaler Client Connector, PAC files, GRE/IPsec forwarding
• Understanding of SSL inspection, certificate chains, and browser/app compatibility
• Hands-on policy management using Check Point SmartConsole
• Strong understanding of NAT, VPN, routing, clustering/HA basics
• Strong troubleshooting using fw monitor, logs, packet captures, debug utilities
• Knowledge of threat prevention blades (IPS/AV/Anti-Bot) is a plus
• Hands-on knowledge on Cisco ASA firewall is also preferred.

Qualifications:

• Bachelor’s degree in Engineering/Computer Science or equivalent experience Industry certifications (preferred):
• Zscaler (ZIA/ZPA admin certifications) – preferred
• Check Point CCSA/CCSE – preferred
• Network fundamentals: CCNA (nice to have), CCNP Security
• Strong communication skills with ability to explain issues to stakeholders and coordinate across teams
• Willingness to work in 24x7 shift