Network Security Engineer L3

Safran Group

Irving, TX
Education
Benefits
Skills
Qualifications
Apply
10,000+ Similar Jobs

Job details

Domain

Performance and Support

Job field / Job profile

IT - Telecom network technician

Job title

Network Security Engineer L3

Employment type

Permanent

Professional category

Employees / Staff

Part time / Full time

Full-time

Job description

The Network Security Engineer L3 is a hands-on technical role within Safran USA's (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical — configuring, troubleshooting, and maintaining the network stack directly — working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment.

Key Responsibilities

Datacenter & Campus Networking

  • Configure and maintain network services and assets across core, distribution, access, and DMZ layers.
  • Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites.
  • Ensure proper network segmentation and boundary protection within datacenter and WAN environments.
  • Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed.
  • Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures.

Network Security & Restricted Environments

  • Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager.
  • Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints.
  • Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners.
  • Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records.

CMMC 2.0 Compliance Support

  • Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP).
  • Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation.
  • Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications.

Operations, Knowledge Transfer & Collaboration

  • Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process.
  • Document standard operating procedures, change records, and incident post-mortems in the ITSM platform.
  • Apply Safran security and network policies and standards as directed by the Group network team.
  • Coordinate technical actions with teams located at Safran headquarters (France) and in India.
  • Define and organize knowledge transfer activities to L1 and L2 support teams.

But what else? (advantages, specificities, etc.)

Technology Stack & Platform Exposure

The following table reflects the platforms in the SUSA environment. Candidates are not expected to hold deep expertise across every row — strong routing/switching fundamentals and at least one security platform anchor are the core requirement. Other skills will be developed on the job.

Routing & Switching ★ Cisco Catalyst / Nexus | BGP / OSPF / EIGRP | VLANs / STP / QoS | L2/L3 troubleshooting | Datacenter fabric

Firewall / NGFW ★ Palo Alto Networks (PA Series) | Fortinet FortiGate | Cisco Firepower (FTD / FMC) | Panorama | Policy & NAT management

Zero Trust / SWG Zscaler ZIA / ZPA | Forcepoint Web Security | Tunnel configuration | User traffic policies

WAF F5 / Fortinet / Cloudflare WAF | OWASP Top 10 rule tuning | Application traffic inspection | Alert response

Network Access Control Cisco ISE | 802.1X Authentication | RADIUS / TACACS+ | Posture assessment

WAN & Connectivity MPLS circuit management | Site-to-site VPN | Internet breakout | ISP coordination

Cloud Networking AWS VPC basics | Security groups | Site-to-site VPN | Hybrid connectivity

Monitoring & Tools SolarWinds NPM / NTA | NetFlow / SNMP / Syslog | Wireshark | Change & incident management

Candidate skills & requirements

Qualifications

Required

  • 8+ years of network engineering experience with a clear focus on network security operations.
  • Strong expertise in routing and switching, preferably in datacenter environments.
  • Solid knowledge of TCP/IP, BGP, OSPF, VLANs, redundancy, and QoS.
  • Experience administering enterprise firewalls (any major platform).
  • Proven ability to troubleshoot complex L2/L3 network issues.
  • Experience working in security- or compliance-driven environments.

Preferred

  • Cisco CCNP certification (or equivalent routing/switching depth).
  • Hands-on knowledge of at least one firewall platform: Palo Alto Networks, Fortinet, or Cisco Firepower.
  • Familiarity with Zscaler ZIA/ZPA, WAF platforms, or Forcepoint.
  • Basic AWS networking knowledge (VPC, security groups, site-to-site VPN).
  • Exposure to Python or Ansible for routine network automation tasks.
  • Familiarity with CMMC, NIST 800-171, or similar regulatory frameworks.
  • Background in manufacturing, aerospace, or defense-adjacent IT environments.

Core Competencies

  • Security-first engineering mindset — designs with defense-in-depth as the default.
  • Collaborative team player — works effectively with peers in France and across SUSA IT teams.
  • Operational discipline — follows change management processes and keeps documentation current.
  • Problem-solving under pressure — methodical troubleshooting during network incidents.
  • Ownership & accountability — drives issues to resolution without requiring escalation.

Team & Reporting Context

This role reports to the Cloud & Infrastructure Manager, Safran USA IT, and works day-to-day with:

  • Cloud & Infrastructure team peers (server, storage, datacenter operations)
  • CMMC compliance team (network diagram and SSP support)
  • End User Services / helpdesk (NAC, VPN, and wireless escalations)
  • Safran IT network administrators in France and India (peer coordination on standards, cross-site connectivity, shared platform configurations, and shift-left activities)
  • SUSA subsidiary IT contacts and service stakeholders

Annual salary

TBD

General information

Entity

Safran is an international high-technology group, operating in the aviation (propulsion, equipment and interiors), defense and space markets. Its core purpose is to contribute to a safer, more sustainable world, where air transport is more environmentally friendly, comfortable and accessible. Safran has a global presence, with 100,000 employees and sales of 27.3 billion euros in 2024, and holds, alone or in partnership, world or regional leadership positions in its core markets.

Safran is in the 2nd place in the aerospace and defense industry in TIME magazine's "World's best companies 2024" ranking.

Reference number

2026-175806

Read Full Description
Apply
Jobs at Safran Group
Similar Jobs
Confirmed 7 days ago. Posted 7 days ago.

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
Managing a Software Career
Demand for (Artificial) Intelligence: Jobs for Engineers & Scientists
Is it Really 10 Times Harder to Get Into Google Than Goldman Sachs?
How to Master the Technical Interview at Google and Facebook
Customer Success