Title: Senior Zero Trust Engineer

State Role Title: Salary Non-Specified

Hiring Range: $134,996 - $165,000

Pay Band: UG

Agency: Virginia Retirement System

Location: Virginia Retirement System

Agency Website: www.varetire.org/careers

Recruitment Type: General Public - G

Job Duties

The Virginia Retirement System (VRS) is seeking a highly skilled Senior Zero Trust Solutions Engineer to design, implement, and manage advanced security frameworks rooted in the Zero Trust model. This pivotal role requires deep expertise in next-generation firewalls, Secure Access Service Edge (SASE), network segmentation, and identity-based access controls.

As a key member of our security team, you will collaborate across departments to enforce privacy and security policies, manage Zero Trust access to critical resources and services, and integrate with a wide array of security tools to ensure comprehensive protection across our network.

Zero Trust:
• Architect Zero Trust solutions based on requirements, including network segmentation, identity and access management (IAM), application controls, and data protection mechanisms.
• Lead the technical deployment and configuration of Zero Trust security tools and policies, ensuring proper integration with existing infrastructure.
• Remains current on Zero Trust concepts like "never trust, always verify," micro-segmentation, least privilege access, and continuous authentication.
Palo Alto:
• Architect and deploy Palo Alto firewalls in complex environments, including segmentation, application control, and security policies.
• Configuring advanced firewall features like URL filtering, intrusion prevention, and malware protection along with policy updates, firmware upgrades, and performance optimization.
• Troubleshoots network connectivity issues related to firewall configurations.
• Collaborate with other teams to integrate Palo Alto solutions with broader security infrastructure.
• Stay current with emerging cybersecurity threats and Palo Alto features to maintain best practices including application control, and advanced threat prevention.

Zscaler:
• Design, implement, and manage Zscaler security solutions to protect the enterprise.
• Monitor and manage security configurations for Zscaler services.
• Collaborate across the enterprise to ensure secure deployment and management of ZTNA
• Respond to and investigate security incidents and breaches involving Zscaler solutions.
• Implement and manage security policies and configurations within the Zscaler platform.
• Provide guidance and training to internal teams on Zscaler security best practices.
• Keep current with Zscaler security trends, threats, and technologies including Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA).

Security Operations:
• Respond to security incidents as a member of the incident response team.
• Review daily threats, identify risks, ensure appropriate mitigations are applied.
• Perform intrusion detection activities and risk mitigation.
• Work with IT team members to develop policies, enhance security standards, and harden IT systems.
• Implement appropriate countermeasures required based on alerts and security scans.
• Stay current on emerging security technologies and industry vulnerability bulletins
• Document results and recommendations from security reviews.
• Ensure the Confidentiality, Integrity and Availability of systems and services through proactive monitoring and response.
• Participate in Disaster Recovery Planning.
• Provide mentorship and training to junior team members.
• Evaluate effectiveness of services provided and recommend changes in procedures to meet security best practices.
• Ensure security tools are fully configured and providing operational value as part of a continuous improve process.
• Collaborate with technology leadership to develop KPI’s for security alerts and response
• Participate in on-call rotation that provides technology support outside of normal business hours.
• All other duties as assigned.

Minimum Qualifications

Bachelor’s degree in computer science or a closely related field.

Ten (10) years of experience implementing information security architectures and best practices including complex security technologies as part of a Zero Trust Network Access (ZTNA).


Project management, troubleshooting complex problems, incident handling, customer service. Ability to solve technical problems through discovery and analysis; develop and manage detailed and accurate work plans and appropriately communicate work plan risks and impacts to management; and provide, maintain, and follow technical documentation.

Excellent verbal and written communication skills. Ability to prioritize work against competing priorities with minimal guidance and coaching, complete complex projects independently with minimal oversight and direction. Ability to work effectively in a fast-paced environment where priorities change rapidly.

Working knowledge of Splunk SIEM, IPS, Web Vulnerability Scanners, Penetration Testing Tools, Layer 2/3 Networking, NDR/EDR, Vulnerability Assessment Tools, Event Correlation, Network Scanning Tools and Log Management.

Additional Considerations

Experience in the following areas is a plus: Disaster Recovery, Scripting AI, SASE, Cloud Security and MSP relationship management.

Preferred Certifications: Palo Alto Networks Certified Network Security Engineer (PCNSE) and Zscaler Digital Transformation Administrator (ZDTA).

Special Instructions

Please Note: The Virginia Retirement System (VRS) does not offer employment-based visa sponsorship. Applicants must be legally authorized to work in the United States without current or future sponsorship.

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Contact Information

Name: Human Resources

Email: careers@varetire.org

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.