Network Security Engineer

Job details

Domain

Performance and Support

Job field / Job profile

IT - Telecom network technician


Job title

Network Security Engineer

Employment type

Permanent

Professional category

Employees / Staff

Part time / Full time

Full-time

Job description

The Network Security Engineer L3 is a hands-on technical role within Safran USA's (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical - configuring, troubleshooting, and maintaining the network stack directly - working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment.

Key Responsibilities
Datacenter & Campus Networking
• Configure and maintain network services and assets across core, distribution, access, and DMZ layers.
• Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites.
• Ensure proper network segmentation and boundary protection within datacenter and WAN environments.
• Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed.
• Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures.

Network Security & Restricted Environments
• Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager.
• Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints.
• Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners.
• Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records.
CMMC 2.0 Compliance Support
• Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP).
• Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation.
• Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications.

Operations, Knowledge Transfer & Collaboration
• Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process.
• Document standard operating procedures, change records, and incident post-mortems in the ITSM platform.
• Apply Safran security and network policies and standards as directed by the Group network team.
• Coordinate technical actions with teams located at Safran headquarters (France) and in India.
• Define and organize knowledge transfer activities to L1 and L2 support teams.

But what else? (advantages, specificities, etc.)

Technology Stack & Platform Exposure
The following table reflects the platforms in the SUSA environment. Candidates are not expected to hold deep expertise across every row - strong routing/switching fundamentals and at least one security platform anchor are the core requirement. Other skills will be developed on the job.

Routing & Switching Cisco Catalyst / Nexus | BGP / OSPF / EIGRP | VLANs / STP / QoS | L2/L3 troubleshooting | Datacenter fabric
Firewall / NGFW Palo Alto Networks (PA Series) | Fortinet FortiGate | Cisco Firepower (FTD / FMC) | Panorama | Policy & NAT management
Zero Trust / SWG Zscaler ZIA / ZPA | Forcepoint Web Security | Tunnel configuration | User traffic policies
WAF F5 / Fortinet / Cloudflare WAF | OWASP Top 10 rule tuning | Application traffic inspection | Alert response
Network Access Control Cisco ISE | 802.1X Authentication | RADIUS / TACACS+ | Posture assessment
WAN & Connectivity MPLS circuit management | Site-to-site VPN | Internet breakout | ISP coordination
Cloud Networking AWS VPC basics | Security groups | Site-to-site VPN | Hybrid connectivity
Monitoring & Tools SolarWinds NPM / NTA | NetFlow / SNMP / Syslog | Wireshark | Change & incident management

Candidate skills & requirements

Qualifications
Required
• 8+ years of network engineering experience with a clear focus on network security operations.
• Strong expertise in routing and switching, preferably in datacenter environments.
• Solid knowledge of TCP/IP, BGP, OSPF, VLANs, redundancy, and QoS.
• Experience administering enterprise firewalls (any major platform).
• Proven ability to troubleshoot complex L2/L3 network issues.
• Experience working in security- or compliance-driven environments.

Preferred
• Cisco CCNP certification (or equivalent routing/switching depth).
• Hands-on knowledge of at least one firewall platform: Palo Alto Networks, Fortinet, or Cisco Firepower.
• Familiarity with Zscaler ZIA/ZPA, WAF platforms, or Forcepoint.
• Basic AWS networking knowledge (VPC, security groups, site-to-site VPN).
• Exposure to Python or Ansible for routine network automation tasks.
• Familiarity with CMMC, NIST 800-171, or similar regulatory frameworks.
• Background in manufacturing, aerospace, or defense-adjacent IT environments.

Core Competencies
• Security-first engineering mindset - designs with defense-in-depth as the default.
• Collaborative team player - works effectively with peers in France and across SUSA IT teams.
• Operational discipline - follows change management processes and keeps documentation current.
• Problem-solving under pressure - methodical troubleshooting during network incidents.
• Ownership & accountability - drives issues to resolution without requiring escalation.

Team & Reporting Context
This role reports to the Cloud & Infrastructure Manager, Safran USA IT, and works day-to-day with:
• Cloud & Infrastructure team peers (server, storage, datacenter operations)
• CMMC compliance team (network diagram and SSP support)
• End User Services / helpdesk (NAC, VPN, and wireless escalations)
• Safran IT network administrators in France and India (peer coordination on standards, cross-site connectivity, shared platform configurations, and shift-left activities)
• SUSA subsidiary IT contacts and service stakeholders

Annual salary

TBD

Job location

Job location

North America, United States, Texas

City (-ies)

2201 W. Royal Lane Irving, TX 75063 Irving

Applicant criteria

Minimum education level achieved

Bachelor's Degree

Minimum experience level required

More than 5 years

Additional Languages preferred

English (Fluent)

ITAR Controlled Position: Select "Yes" if role requires U.S. citizenship/permanent residency

Yes