Netskope Technical Architect

Your responsibilities:

Work with teams to understand product requirements and build Internet Security policies to protect corporate endpoints.

Define, enable, and review Internet Security policies and traffic steering configurations using Secure Web Gateway (SWG) and Cloud Access Security Broker (CASB).

Analyse data exfiltration risks and design Data Loss Prevention (DLP) policies to mitigate threats.

Collaborate with Security Operations to enhance security requirements, apply ad-hoc site restrictions, and manage exception requests.

Apply advanced knowledge of SSL inspection to define secure decryption bypass policies without compromising protection.

Resolve DLP and SSL inspection issues by working closely with end users and SOC teams.

Administer and maintain the Netskope tenant, including upgrades and performance optimization.

Design and build a Quantum-ready Internal PKI, addressing gaps in existing infrastructure and integrating with Certificate Lifecycle Management solutions.

Define certificate templates and integrate cloud Hardware Security Modules (HSM) with Certificate Authorities for enhanced cryptographic security.

Establish infrastructure and rulesets for Zero Trust Network Access (ZTNA) and future VPN solutions.

Discover VPN-dependent applications and plan Firewall changes to support ZTNA implementation.

Collaborate with stakeholders and application support teams to deliver ZTNA solutions.

Support network segmentation projects with kill-switch requirements for cyber resilience.

Manage Proxy access control file changes and coordinate with network teams for implementation.

Partner with enterprise compute teams for deployment, upgrades, and maintenance of Internet Security tools on endpoints.

Manage EntraID enterprise apps required for Internet Security tools, ensuring SSO, SCIM, and IDP functionality.

Mentor L1/L2 engineers and contribute to security automation initiatives.

Your Profile

Essential skills/knowledge/experience:

Strong expertise in Internet Security architecture, including policy design, SSL inspection, and Data Loss Prevention strategies.

Proven ability to implement advanced security solutions, such as Secure Web Gateway, CASB, Netskope administration, and EntraID integration.

Skilled in PKI design and life cycle management, with knowledge of quantum-resistant cryptography and cloud HSM integration.

Experience in Zero Trust Network Access (ZTNA) implementation, network segmentation, and VPN migration planning.

Collaborative and detail-oriented, with a track record of working across security operations, networks, and enterprise compute teams to deliver robust, future-ready security frameworks.