Tmobile home internet and Zscaler

They don't exactly "throttle" VPN's... I can use some just fine and still break 40mbps (my throughput is typically 40-70, depending on varying factors).

it is more that you are sort of tunneling within a tunnel.

The TMO "tunnel" is already nerfing packet sizes and resulting in screwy routing and DNS issues, then your client side VPN tunnel doubles down on that.

Try testing to a different site.  It can sometimes give very different results.  For example, my "home" location for speedtest.net is usually Charlotte, NC--that is just over a 2 hour drive from me in Florence, SC, and that area is usually very congested in general.  I can test 40 there, but turn right around and get 70 to Seattle, WA--on the opposite side of the country!  I have even broken 100 to Montreal while only pulling in 40-50 to more local sites.  The point is, there are inherent routing issues with their peering/routing in general that need to be addressed.

Your company's VPN may be setting MTU (or MSS) too high for the limit of TMO's tunnel.  One of those being too large will cause packets to have to be split into smaller pieces to get through, the other can cause packets to get discarded.  Alternatively, it could be setting it really low and not optimizing the throughput potential that is there. Either can impact throughput to varying degress...  it all depends on how often the exceptions occur.

Get in touch with your company's support chain to make them aware that the TMO service is typically defaulting to an MTU of 1420, MSS of 1380... they may be able to tweak settings to better optimize packet sizes to rule that issue out.

Deleted... stupid editor was stuck on bold and would not let me highlight/reset it

T-Mobile usually throttles VPN traffic.  For some reason, they haven't figure out a way to isolate the traffic from the modem separately from actual cellular data connections, which is why VPN traffic is throttled.