Lead Network Security Engineer - ZTNA

Job Requirements

Lead Network Security Engineer (ZTNA & Zero Trust Access)

Experience: 10–15 years

Employment Type: Full-time

Role Overview

We are seeking a Lead Network Security Engineer – ZTNA & Zero Trust Access to design and operate identity-driven access controls in a regulated banking environment.

This role focuses on Zero Trust Network Access (ZTNA) for users, vendors, and applications, while working closely with teams responsible for SWG, firewalls, and Web/API Protection.

Key Responsibilities

Primary Focus – ZTNA

• Design and implement ZTNA-based access models for internal users, third parties, and partners.
• Reduce dependency on traditional VPNs by deploying identity-aware, device-aware access controls.
• Integrate ZTNA with identity providers, endpoint posture, and risk-based access policies.
• Support secure access to on-prem and cloud-hosted applications.
  
  

• Monitor ZTNA access logs and anomalies; integrate with SIEM and SOC workflows.
• Participate in incident response related to unauthorized access or identity misuse.
• Ensure ZTNA implementation aligns with regulatory and audit requirements.
• Maintain architecture documentation and SOPs.
  
  

• Hands-on experience implementing ZTNA / Zero Trust access architectures.
• Strong understanding of identity-based access, authentication, and authorization models.
• Knowledge of network fundamentals to troubleshoot access and connectivity issues.
• Ability to troubleshoot network and security issues in complex environments.
• Strong understanding of cloud security principles, including SaaS, IaaS, and PaaS.
• Knowledge of security frameworks such as ISO 27001, NIST, or GDPR is a plus.
• Hands-on experience with networking protocols such as HTTP, HTTPS, DNS, and
• TCP/IP.
• Strong communication skills and the ability to collaborate with teams across various functions.
• Certifications in network security (e.g., CCSP, CISSP, CompTIA Security+, or equivalent) are a plus.
• Experience operating security controls in regulated environments.
  
  

• Exposure to Secure Web Gateway (SWG) platforms.
• Understanding of network firewalls and perimeter security.
• Familiarity with Web & API Protection / WAF.
• Experience with endpoint posture, EDR, and device trust models.
• Awareness of SASE / SSE architectures.