Network Security Engineer

Network Security Engineer Job details

Reference number:

Domain:
Performance and Support

Job field / Job profile: IT - Telecom network technician

Job title:

Network Security Engineer

Employment type:

Permanent

Professional category:
Employees / Staff

Part time / Full time:
Full-time

The Network Security Engineer L3 is a hands- on technical role within Safran USA's IT Shared Services organization. This position is responsible for day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all U.S. subsidiary entities. The engineer is expected to be deeply technical – configuring, troubleshooting, and maintaining the network stack directly – working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment.

Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the U.S. environment.

• Configure and maintain network services and assets across core, distribution, access, and DMZ layers.
• Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites.
• Ensure proper network segmentation and boundary protection within datacenter and WAN environments.
• Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed.
• Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures.

• Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager.
• Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints.
• Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners.
• Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records.

• Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP).
• Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation.
• Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications.

• Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process.
• Document standard operating procedures, change records, and incident post-mortems in the ITSM platform.
• Apply Safran security and network policies and standards as directed by the Group network team.
• Coordinate technical actions with teams located at Safran headquarters (France) and in India.
• Define and organize knowledge transfer activities to L1 and L2 support teams.

The following table reflects the platforms in the SUSA environment. Candidates need not hold deep expertise across every row – strong routing/switching fundamentals and at least one security platform anchor are the core requirement. Other skills will be developed on the job.

• Routing & Switching:
  Cisco Catalyst / Nexus, BGP / OSPF / EIGRP, VLANs / STP / QoS, L2/L3 troubleshooting, Datacenter fabric.
• Firewall / NGFW:
  Palo Alto Networks (PA Series), Fortinet Forti Gate, Cisco Firepower (FTD / FMC), Panorama, Policy & NAT management.
• Zero Trust / SWG:
  Zscaler ZIA / ZPA, Forcepoint Web Security, Tunnel configuration, User traffic policies.
• WAF: F5 / Fortinet / Cloudflare WAF, OWASP Top 10 rule tuning, Application traffic inspection, Alert response.
• Network Access Control:
  Cisco ISE, 802.1X Authentication, RADIUS / TACACS+, Posture assessment.
• WAN & Connectivity: MPLS circuit management, Site‑to‑site VPN, Internet breakout, ISP…