GMS-Senior-Zscaler And CheckPoint

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

Infra Security – Zscaler, Check Point_Senior

We are looking for Infra Sec specialist who will be responsible for day-to-day operations, administration, troubleshooting, and optimization of Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Check Point firewalls in a production enterprise environment. The role includes policy management, secure access enablement, incident troubleshooting, performance tuning, upgrades, change execution, and compliance support across on-prem and cloud connectivity.

Key Responsibilities:

• Administer and support Zscaler Internet Access (ZIA) features:
• URL Filtering, Web Security, SSL inspection, Malware protection, Advanced Threat features (as licensed)
• Cloud firewall policies, bandwidth control, DLP policy support (if applicable)
  
  

• Administer and support Zscaler Private Access (ZPA):
• App Segmentation, App Connector configuration, Server Group/Segment Group policies
• Identity-based access enforcement, posture checks (if enabled), user access troubleshooting
  
  

• Configure and maintain traffic forwarding methods:
• GRE/IPsec tunnels, PAC files, Zscaler Client Connector, proxy chaining (as applicable)
  
  

• Troubleshoot Zscaler access issues:
• Authentication failures, policy mismatch, SSL inspection problems, application latency and connectivity issues
• Analyze Zscaler logs (web insights, audit logs, connector logs) and coordinate with ISP/Network teams
  
  

• Integrate with enterprise identity/security tooling:
• SAML/SSO integration (Azure AD/Okta), SCIM provisioning, certificate management
• Log streaming to SIEM (e.g., Sentinel/Splunk/QRadar) and alert tuning
• Perform policy reviews, rulebase cleanup, and implement least privilege access patterns.
  
  

• Manage Check Point Security Gateways and Management:
• Policy creation/maintenance (NAT, Access Control, Application Control, IPS, Anti-Bot/AV as licensed)
• Object management, service groups, VPN communities, route-based vs domain-based VPN
  
  

• Administer Check Point VPNs:
• Site-to-site IPsec VPN, remote access VPN (if used), certificate-based authentication
  
  

• Perform troubleshooting and performance analysis:
• VPN tunnel instability, packet drops, asymmetric routing, NAT issues, throughput constraints
• Use tools: SmartConsole, SmartView/Logs, tcpdump, fw monitor, cpinfo, debugs
  
  

• Handle firewall lifecycle activities:
• Backup/restore, upgrades/patching, hotfix installation, cluster management (HA/VSX if applicable)
  
  

• Implement security best practices:
• Rulebase optimization, threat prevention tuning, logging strategy, segmentation and zone design
  

Preferred Requirements:

• Over 4 years of experience in Infrastructure Security, Network Security, or Cloud Security.
• Solid hands-on with ZIA policy administration and troubleshooting
• Working knowledge of ZPA application access design and troubleshooting
• Experience with Zscaler Client Connector, PAC files, GRE/IPsec forwarding
• Understanding of SSL inspection, certificate chains, and browser/app compatibility
• Hands-on policy management using Check Point SmartConsole
• Strong understanding of NAT, VPN, routing, clustering/HA basics
• Strong troubleshooting using fw monitor, logs, packet captures, debug utilities
• Knowledge of threat prevention blades (IPS/AV/Anti-Bot) is a plus
• Hands-on knowledge on Cisco ASA firewall is also preferred.
  
  

Qualifications:

• Bachelor’s degree in Engineering/Computer Science or equivalent experience
  
  

Industry certifications (preferred):

• Zscaler (ZIA/ZPA admin certifications) – preferred
• Check Point CCSA/CCSE – preferred
• Network fundamentals: CCNA (nice to have), CCNP Security
• Strong communication skills with ability to explain issues to stakeholders and coordinate across teams
• Willingness to work in 24x7 shift
  
  

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

---