Job Description:
Note: Fidelity will not provide immigration sponsorship for this position.
The Role
We are seeking a Senior ZTNA (Zero Trust Network Access) Network Engineer to lead the engineering, deployment, and optimization of secure remote access solutions across the enterprise. This role will drive the transition from legacy VPN technologies to modern Zero Trust architectures, with a strong focus on Zscaler (ZPA/ZIA) and enterprise ZVPN initiatives.
You will design and implement secure, scalable, and resilient access solutions that enable seamless, secure connectivity to enterprise applications while eliminating implicit trust. This includes architecting Zero Trust segmentation, application-level access controls, and robust connectivity strategies for a global workforce. Responsibilities will include:
Lead design and implementation of ZTNA solutions (Zscaler ZPA/ZIA, ZVPN) to replace legacy VPN technologies
On call required rotation
Define and deliver modern Zero Trust architecture patterns, including application-level segmentation and identity-based access
Drive legacy VPN decommissioning and migration to ZTNA platforms
Develop and execute engineering roadmaps aligned to enterprise remote access strategy
Partner with security, infrastructure, and business units to ensure coordinated rollout and adoption
Document architecture, operational models, and implementation standards
Evaluate emerging ZTNA and secure access technologies and provide data-driven recommendations
Lead pilots and phased deployments, including testing, validation, and performance benchmarking
Act as a Tier-3 escalation lead for complex remote access and connectivity issues
Ensure high availability and resilience of remote access infrastructure in a 24x7 global environment
Assess and mitigate risks related to latency, scale, and user experience during migrations
The Expertise and Skills You Bring
6–10 years of network/security engineering experience, including 4+ years in ZTNA or remote access transformations
Bachelor’s degree in Computer Science, Information Technology, or related field
Hands-on experience with Zscaler (ZPA/ZIA) or comparable Zero Trust platforms
Proven success migrating legacy VPNs to Zero Trust, cloud-delivered access solutions
Deep expertise in ZTNA design, implementation, and Zero Trust principles (least privilege, continuous verification, no implicit trust)
Experience designing application segmentation and identity-based access policies
Strong knowledge of traffic steering, split tunneling, and secure access routing (ZVPN architectures)
Experience with load balancing, gateways, and access control layers
Advanced troubleshooting across network layers (L3–L7)
Familiarity with hybrid environments (on-prem, cloud, SaaS)
Ability to optimize latency, performance, and user experience in ZTNA environments
Experience with high availability, disaster recovery, and failover strategies in global, always-on environments
Experience with network automation tools (Python, Ansible, APIs)
Familiarity with endpoint management and deployment tools (Intune, SCCM)
Strong understanding of identity providers (Azure AD / Entra ID), SSO, and conditional access
Knowledge of PKI, certificates, and modern authentication methods
Experience integrating with SIEM, EDR, and security monitoring platforms
Strong ownership mindset with a focus on execution and delivery
Ability to thrive in fast-paced, ambiguous environments with competing priorities
Excellent communication skills across technical and business stakeholders
Proven ability to lead incident response and drive resolution under pressure
Preferred certifications: Zscaler (ZCCA / ZCCP / ZCSE), CCNP/CCIE (Security or Enterprise), CISSP (or equivalent), ITIL Foundation
The Team
You will be part of the Enterprise Cloud, Infrastructure, and Operations (ECIO) organization, playing a central role in transforming the enterprise’s remote access strategy from legacy VPN to Zero Trust. This is a high-visibility, high-impact team focused on ZVPN rollout and enterprise-wide adoption, legacy VPN decommissioning, and Zscaler-driven Zero Trust transformation.
The team operates in a global, 24x7 environment and partners closely with security, infrastructure, and business stakeholders. Together, you enable secure, seamless access to applications for a distributed workforce—reducing cyber risk, improving resilience, and supporting business continuity at scale.
Certifications:
Category:
Information TechnologyPlease be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.