Job Description

:
We are seeking a hands-on engineer to automate Zscaler Internet Access (ZIA) configuration management, consolidate and convert proxy PAC files into standardized, automated configurations, and build Python-based scripts and web admin tools to orchestrate ZIA via API. This role focuses on reducing direct portal administration, enforcing governance, and maintaining audit-ready change records (e.g., requester metadata, justification, review/recertification) suitable for regulatory audits (e.g., ECB).
Key Responsibilities
1) ZIA Automation & Tooling

• Design, build, and maintain Python-based automation scripts and web-based admin tools (e.g., Flask/FastAPI + simple UI) to manage ZIA via Zscaler ZIA APIs (policy objects, URL categories, exceptions/bypasses, locations, forwarding rules, SSL bypass, etc.).
• Implement role-based workflows that reduce reliance on Zscaler portal access, enabling controlled changes through internal tools.
• Integrate approval workflows (e.g., ServiceNow/Jira) and automatically capture audit metadata (requester, ticket ID, justification, approver, effective/expiry dates, review cadence).
• Enforce guardrails (validation rules, policy linting) to prevent unsafe or non-compliant configurations.

2) PAC File Analysis, Consolidation & Conversion

• Analyze existing proxy PAC files from multiple countries/regions (functions such as FindProxyForURL, shExpMatch, dnsDomainIs, isInNet).
• Normalize and merge PAC logic into meaningful, reusable configuration blocks (geo/routing, category-based exceptions, SSL bypass, App traffic steering).
• Convert the current manual PAC into a standardized, automated PAC generated by the internal tooling; ensure browser compatibility and performance (Chrome/Edge/Firefox, WPAD considerations).
• Establish testing harnesses and regression suites to validate PAC behavior and avoid routing loops or performance degradation.

3) Configuration Migration & Synchronization

• Extract and transfer current ZIA portal configuration into the automation tool's data model (objects, policies, exceptions, locations, users/groups).
• Implement bi-directional synchronization and drift detection (portal vs. tool), with versioning, rollbacks, and change logs.
• Define data schemas (JSON/YAML) for consistent configuration serialization and easy CI/CD integration.

4) Governance, Auditability & Compliance

• Build auditable change records enriched with contextual metadata (who requested, when, why, scope, expiry, last review) to meet regulatory expectations (e.g., ECB).
• Implement time-bound exceptions, automated recertification workflows, and attestation reports (e.g., "exceptions aging," "ownerless entries," "last access/use").
• Ensure segregation of duties, RBAC, least privilege, and immutable logs with retention policies aligned to internal compliance standards.
• Produce evidence for audits (change approvals, impact assessment, testing results) and coordinate with Risk/Compliance teams.

5) Operations, Reliability & Support

• Own the runbook for automation tools and PAC lifecycle management (build, test, deploy).
• Provide L3 support for automation issues, policy application failures, and PAC anomalies; conduct root cause analysis and implement corrective actions.
• Monitor API rate limits, handle retries/backoffs, and instrument the tool with observability (metrics, logs, s).
• Partner with Network, IAM, and Security Engineering teams for SSO integration (SAML/OIDC), scoped credentials, and secrets management.

6) Documentation & Enablement

• Maintain developer and admin documentation, architectural diagrams, API usage guides, and standard operating procedures.
• Conduct knowledge transfer sessions and train Zscaler administrators, regional IT, and InfoSec on the new workflow and governance model.

Required Skills & Qualifications

• Hands-on Zscaler ZIA experience: policy management (URL filtering, SSL inspection/bypass, forwarding), exceptions, locations, departments/groups.
• PAC file expertise: authoring, refactoring, and testing PAC logic across browsers; WPAD/DHCP/DNS discovery methods; performance tuning.
• Python (advanced): building robust automation (requests/httpx), CLI tools, and web services (Flask/FastAPI), with unit/integration testing (pytest).
• Web tooling: REST API design/consumption, JSON/YAML modeling, basic front-end (HTML/CSS/JS) for admin portals; familiarity with React/Vue is a plus.
• Networking & security fundamentals: TCP/IP, DNS, HTTP/HTTPS, proxies, SSL/TLS, GRE/IPsec tunnels, egress routing, split-tunnel concepts.
• DevOps & SDLC: Git, CI/CD (Azure DevOps/GitHub Actions), artifact versioning, environment promotion, containerization (Docker), secrets management.
• Governance & audit: RBAC, approval workflows, change control, evidence generation, logs retention; experience working with regulated environments (e.g., ECB/financial services).
• Data & observability: logging/metrics (Splunk/ELK/Prometheus), error handling, rate limiting, retry strategies.
• Clear communication, documentation, and stakeholder management skills.

Preferred Qualifications

• Zscaler certifications (e.g., Zscaler Certified Administrator - ZIA).
• Experience integrating with ServiceNow/Jira for request/approval workflows and CMDB references.
• Experience with SSO (SAML/OIDC), OAuth2/JWT, and fine-grained access control.
• Familiarity with policy-as-code concepts and linting (pre-commit hooks, schema validation).
• Knowledge of databases (PostgreSQL/MySQL) for storing config, audit logs, and metadata.
• Experience in financial services or other highly regulated industries.

Skills:
zscaler internet access/ZIA, python, PAC
About Company:
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact--touching billions of lives in the process.

Skills Required