Talent.com
Lead Enterprise SASE Security Engineer (Netskope Focus)
Lead Enterprise SASE Security Engineer (Netskope Focus)Revel IT • San Antonio, Texas
Lead Enterprise SASE Security Engineer (Netskope Focus)

Lead Enterprise SASE Security Engineer (Netskope Focus)

Revel IT • San Antonio, Texas
1 day ago
Job type
  • Full-time
Job description

Job Description

OUR GOAL :

Treat our consultants and clients the way we would like others to treat us!Interested in joining our team? Check out the opportunity below and apply today!

A  Lead Enterprise SASE Security Engineer (Netskope Focus) is needed for a contract opportunity in San Antonio, TX. The role will be the technical owner responsible for the deployment, and operationalization of a global Secure Access Service Edge (SASE) architecture, with  Netskope  serving as the core Security Service Edge (SSE) platform. This role requires an expert-level, hands-on engineer capable of leading a transition from legacy network security to a Zero Trust, cloud-delivered model.

Location :  Combination of onsite and remote. Candidate must be working onsite 3 days / week at the office in San Antonio, TX or Tysons, VA.

Key Responsibilities

ZTNA and Zero Trust Architecture (Core Migration Focus)

  • Define and Engineer ZTNA Policies :  Lead the transition to identity-centric security by defining ZTNA Internal Application Policies per specific user group (., leveraging Netskope Private Access) to enforce least-privilege access and eliminate unauthorized lateral movement.
  • Legacy Policy Migration :  Design a “Tag Oriented” SASE Unified Security Policy strategy. Crucially, avoid a one-to-one migration of existing legacy firewall rules, instead focusing on consolidation and normalization using cloud-native attributes (user identity, device posture, app category).
  • SSL Inspection Optimization :  Conduct a comprehensive review of the SSL Exclusion current state on legacy firewalls. Validate the necessity of each exclusion and ensure minimal security blind spots while maintaining application functionality during the transition to Netskope’s SSL decryption at cloud scale.
  • Rule Set Hardening :  Lead the Legacy FW Policies / Web Category Cleanup initiative, eliminating redundant, unused, or overly permissive rules to ensure the final SASE policy set is streamlined, efficient, and aligns with Zero Trust principles.
  • Documentation – document design and configuration methods / standards associated to the SASE deployment.

Deployment and Operational Leadership

  • Lead the end-to-end deployment of the Netskope platform across the global enterprise, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), DLP Policy, and Zero Trust Network Access (ZTNA), Remote browser Isolation (RBI).
  • Integrate Netskope with Identity Providers (IdP) (Ping / Azure AD) and Endpoint Detection and Response (EDR) solutions to enforce contextual, adaptive access policies based on real-time device health.
  • Provide Tier 3 technical troubleshooting support and escalation for complex issues related to the Netskope Client, traffic steering, and policy enforcement across diverse endpoints (Windows, MacOS).

    • Must Haves :

  • 5+ years of hands-on experience in security engineering roles, with at least 3+ years focused specifically on SASE / SSE deployment at an Enterprise scale.
  • Deep, hands-on experience with Netskope Security Cloud (SWG, CASB, ZTNA) OR extensive experience with a competing platform (., Zscaler ZIA / ZPA, Palo Alto Networks Prisma Access).
  • Strong background with networking principles (OSI layers 1-7), SD-WAN, and traditional network firewalls.
  • Strong hands-on skills with creating automations using Python or other scripting language.
  • Expert knowledge of Next-Generation Firewall (NGFW) policy creation / cleanup and the best practices for migrating from IP-based to application / identity-based policies.

    • Preferred / Strong Asset :

  • Certification such as Netskope Cloud Security Certification(NCCSE / NCCA) or Zscaler Certified Cloud Administrator / Professional.
  • Proven experience leading a full migration from a legacy firewall vendor (., Check Point, Cisco) to a SASE platform.
  • Experience integrating SASE with a major SD-WAN vendor (., Cisco Viptela, Silver Peak, Fortinet SD-WAN) for optimal traffic steering.
  • Experience using Python to interact with security APIs for automated reporting, configuration management, and event remediation.
  • Proven ability to review and optimize network traffic flows and SSL / TLS decryption policies for a high-volume cloud environment.

    • Reference :  1042599

    Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. At Revel IT, we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the description, we encourage you to apply anyway. You might be the right candidate for this or our other open roles!

    Revel IT is an Equal Opportunity Employer. Revel IT does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

    #gdr4900

    Job ID : 1042599

    Create a job alert for this search

    Security Engineer Security • San Antonio, Texas