Network Security Engineer L3

Network Security Engineer L3

Published 03.30.2026

Company : Safran Job field : IT Location : Irving , Texas , United States Contract type : Permanent Contract duration : Full-time Required degree : Bachelors Degree Required experience : More than 5 years Professional status : Employees / Staff Spoken language(s) : English Fluent Salary range : TBD

# 2026-175806

Apply Apply with one click Any questions ?

Published 03.30.2026

Job Description

The Network Security Engineer L3 is a hands-on technical role within Safran USAs (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical - configuring, troubleshooting, and maintaining the network stack directly - working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment.

Key Responsibilities

Datacenter & Campus Networking

• Configure and maintain network services and assets across core, distribution, access, and DMZ layers.
• Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites.
• Ensure proper network segmentation and boundary protection within datacenter and WAN environments.
• Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed.
• Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures.

Network Security & Restricted Environments

• Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager.
• Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints.
• Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners.
• Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records.

CMMC 2.0 Compliance Support

• Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP).
• Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation.
• Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications.

Operations, Knowledge Transfer & Collaboration

• Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process.
• Document standard operating procedures, change records, and incident post-mortems in the ITSM platform.
• Apply Safran security and network policies and standards as directed by the Group network team.
• Coordinate technical actions with teams located at Safran headquarters (France) and in India.
• Define and organize knowledge transfer activities to L1 and L2 support teams.

Job Requirements

Qualifications

Required

• 8+ years of network engineering experience with a clear focus on network security operations.
• Strong expertise in routing and switching, preferably in datacenter environments.
• Solid knowledge of TCP/IP, BGP, OSPF, VLANs, redundancy, and QoS.
• Experience administering enterprise firewalls (any major platform).
• Proven ability to troubleshoot complex L2/L3 network issues.
• Experience working in security- or compliance-driven environments.

Preferred

• Cisco CCNP certification (or equivalent routing/switching depth).
• Hands-on knowledge of at least one firewall platform: Palo Alto Networks, Fortinet, or Cisco Firepower.
• Familiarity with Zscaler ZIA/ZPA, WAF platforms, or Forcepoint.
• Basic AWS networking knowledge (VPC, security groups, site-to-site VPN).
• Exposure to Python or Ansible for routine network automation tasks.
• Familiarity with CMMC, NIST 800-171, or similar regulatory frameworks.
• Background in manufacturing, aerospace, or defense-adjacent IT environments.

Core Competencies

• Security-first engineering mindset - designs with defense-in-depth as the default.
• Collaborative team player - works effectively with peers in France and across SUSA IT teams.
• Operational discipline - follows change management processes and keeps documentation current.
• Problem-solving under pressure - methodical troubleshooting during network incidents.
• Ownership & accountability - drives issues to resolution without requiring escalation.

Team & Reporting Context

This role reports to the Cloud & Infrastructure Manager, Safran USA IT, and works day-to-day with:

• Cloud & Infrastructure team peers (server, storage, datacenter operations)
• CMMC compliance team (network diagram and SSP support)
• End User Services / helpdesk (NAC, VPN, and wireless escalations)
• Safran IT network administrators in France and India (peer coordination on standards, cross-site connectivity, shared platform configurations, and shift-left activities)
• SUSA subsidiary IT contacts and service stakeholders

But what else? (advantages, specific features, etc.)

Technology Stack & Platform Exposure

The following table reflects the platforms in the SUSA environment. Candidates are not expected to hold deep expertise across every row - strong routing/switching fundamentals and at least one security platform anchor are the core requirement. Other skills will be developed on the job.

Routing & Switching Cisco Catalyst / Nexus | BGP / OSPF / EIGRP | VLANs / STP / QoS | L2/L3 troubleshooting | Datacenter fabric

Firewall / NGFW Palo Alto Networks (PA Series) | Fortinet FortiGate | Cisco Firepower (FTD / FMC) | Panorama | Policy & NAT management

Zero Trust / SWG Zscaler ZIA / ZPA | Forcepoint Web Security | Tunnel configuration | User traffic policies

WAF F5 / Fortinet / Cloudflare WAF | OWASP Top 10 rule tuning | Application traffic inspection | Alert response

Network Access Control Cisco ISE | 802.1X Authentication | RADIUS / TACACS+ | Posture assessment

WAN & Connectivity MPLS circuit management | Site-to-site VPN | Internet breakout | ISP coordination

Cloud Networking AWS VPC basics | Security groups | Site-to-site VPN | Hybrid connectivity

Monitoring & Tools SolarWinds NPM / NTA | NetFlow / SNMP / Syslog | Wireshark | Change & incident management

Company Information

Safran is an international high-technology group, operating in the aviation (propulsion, equipment and interiors), defense and space markets. Its core purpose is to contribute to a safer, more sustainable world, where air transport is more environmentally friendly, comfortable and accessible. Safran has a global presence, with 100,000 employees and sales of 27.3 billion euros in 2024, and holds, alone or in partnership, world or regional leadership positions in its core markets.

Safran is in the 2nd place in the aerospace and defense industry in TIME magazines "Worlds best companies 2024" ranking.

Locate your future workplace

2201 W. Royal Lane Irving, TX 75063

Irving

Texas United States

Copy Address

03.25.2026 IT

Cloud & Infrastructure Manager (Hybrid - Cloud + On-Prem)

Permanent

Irving, Texas

03.01.2026 IT

Cyber Operations Manager

Permanent

Irving, Texas

02.14.2026 IT

Director of Cyber Security

Permanent

Irving, Texas

See All

100,000

employees worldwide

27

Number of countries where Safran is located

35

business area families