This position leads the design, implementation, and optimization of the organization's Security Service Edge (SSE) and Secure Access Service Edge (SASE) platforms, with a primary focus on Netskope. The engineer drives Zero Trust adoption, modernizes secure access for a hybrid workforce, and partners with security, networking, and cloud teams to deliver a unified security architecture.

Job Responsibilities

· Architect and deploy Netskope SSE solutions including CASB, SWG, ZTNA, DLP, DSPM, Cloud Firewall, and Private Access.

· Lead enterprise-wide SASE design efforts integrating identity, networking, and cloud security controls.

· Develop and maintain Zero Trust access patterns for users, devices, and applications.

· Engineer secure access pathways and support migration from legacy VPN to ZTNA.

· Optimize traffic steering, client deployment, and policy routing across global environments.

· Build and tune DLP, threat protection, and access control policies.

· Integrate Netskope with identity providers (Azure AD, Okta), SIEM platforms, and endpoint security tools.

· Troubleshoot complex SSE/SASE issues and drive continuous performance improvements.

· Create operational runbooks, automation scripts, and monitoring dashboards.

· Serve as the subject‑matter expert for SSE/SASE and mentor junior engineers.

Job requirements

· 5–8+ years in security engineering, network engineering, or cloud security.

· 3+ years hands‑on experience with Netskope SSE (CASB, SWG, ZTNA, DLP, DSPM, Client Steering, Private Access).

· Strong understanding of SASE architectures, Zero Trust principles, and identity‑centric security.

· Proficiency with identity platforms (Azure AD, Okta), network protocols (DNS, TLS, HTTP/HTTPS, IPsec, GRE), and cloud platforms (AWS, Azure, GCP).

· Experience with SIEM tools such as Splunk, Sentinel, or QRadar.

· Familiarity with automation using Python, PowerShell, or Terraform.

· Strong communication skills and the ability to lead cross‑functional technical initiatives.

Preferred Qualifications

· Netskope certifications (NCSA, NCI, NPA).

· Experience with SD‑WAN technologies (Netskope, VeloCloud, & Fortinet).

· Background in DLP program development or data classification.

· Knowledge of Zero Trust frameworks such as NIST 800‑207.

· Experience supporting large, distributed enterprise environments.

Education

· Bachelor's Degree or at least 12 years' experience in related field