What are the responsibilities and job description for the Network Security Engineer L3 (H/F) - SAFRAN USA INC. position at AEROCONTACT?
Safran est un groupe international de haute technologie opérant dans les domaines de l'aéronautique (propulsion, équipements et intérieurs), de l'espace et de la défense. Sa mission : contribuer durablement à un monde plus sûr, où le transport aérien devient toujours plus respectueux de l'environnement, plus confortable et plus accessible. Implanté sur tous les continents, le Groupe emploie 100 000 collaborateurs pour un chiffre d'affaires de 27,3 milliards d'euros en 2024, et occupe, seul ou en partenariat, des positions de premier plan mondial ou européen sur ses marchés. Safran est la 2ème entreprise du secteur aéronautique et défense du classement « World's Best Companies 2024 » du magazine TIME.
Mission description
The Network Security Engineer L3 is a hands-on technical role within Safran USA's (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical configuring, troubleshooting, and maintaining the network stack directly working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment. Key Responsibilities Datacenter & Campus Networking Configure and maintain network services and assets across core, distribution, access, and DMZ layers. Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites. Ensure proper network segmentation and boundary protection within datacenter and WAN environments. Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed. Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures. Network Security & Restricted Environments Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager. Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints. Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners. Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records. CMMC 2.0 Compliance Support Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP). Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation. Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications. Operations, Knowledge Transfer & Collaboration Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process. Document standard operating procedures, change records, and incident post-mortems in the ITSM platform. Apply Safran security and network policies and standards as directed by the Group network team. Coordinate technical actions with teams located at Safran headquarters (France) and in India. Define and organize knowledge transfer activities to L1 and L2 support teams.
Qualifications Required 8 years of network engineering experience with a clear focus on network security operations. Strong expertise in routing and switching, preferably in datacenter environments. Solid knowledge of TCP/IP, BGP, OSPF, VLANs, redundancy, and QoS. Experience administering enterprise firewalls (any major platform). Proven ability to troubleshoot complex L2/L3 network issues. Experience working in security- or compliance-driven environments. Preferred Cisco CCNP certification (or equivalent routing/switching depth). Hands-on knowledge of at least one firewall platform: Palo Alto Networks, Fortinet, or Cisco Firepower. Familiarity with Zscaler ZIA/ZPA, WAF platforms, or Forcepoint. Basic AWS networking knowledge (VPC, security groups, site-to-site VPN). Exposure to Python or Ansible for routine network automation tasks. Familiarity with CMMC, NIST 800-171, or similar regulatory frameworks. Background in manufacturing, aerospace, or defense-adjacent IT environments. Core Competencies Security-first engineering mindset designs with defense-in-depth as the default. Collaborative team player works effectively with peers in France and across SUSA IT teams. Operational discipline follows change management processes and keeps documentation current. Problem-solving under pressure methodical troubleshooting during network incidents. Ownership & accountability drives issues to resolution without requiring escalation. Team & Reporting Context This role reports to the Cloud & Infrastructure Manager, Safran USA IT, and works day-to-day with: Cloud & Infrastructure team peers (server, storage, datacenter operations) CMMC compliance team (network diagram and SSP support) End User Services / helpdesk (NAC, VPN, and wireless escalations) Safran IT network administrators in France and India (peer coordination on standards, cross-site connectivity, shared platform configurations, and shift-left activities) SUSA subsidiary IT contacts and service stakeholders
Mission description
The Network Security Engineer L3 is a hands-on technical role within Safran USA's (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical configuring, troubleshooting, and maintaining the network stack directly working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment. Key Responsibilities Datacenter & Campus Networking Configure and maintain network services and assets across core, distribution, access, and DMZ layers. Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites. Ensure proper network segmentation and boundary protection within datacenter and WAN environments. Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed. Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures. Network Security & Restricted Environments Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager. Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints. Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners. Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records. CMMC 2.0 Compliance Support Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP). Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation. Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications. Operations, Knowledge Transfer & Collaboration Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process. Document standard operating procedures, change records, and incident post-mortems in the ITSM platform. Apply Safran security and network policies and standards as directed by the Group network team. Coordinate technical actions with teams located at Safran headquarters (France) and in India. Define and organize knowledge transfer activities to L1 and L2 support teams.
Qualifications Required 8 years of network engineering experience with a clear focus on network security operations. Strong expertise in routing and switching, preferably in datacenter environments. Solid knowledge of TCP/IP, BGP, OSPF, VLANs, redundancy, and QoS. Experience administering enterprise firewalls (any major platform). Proven ability to troubleshoot complex L2/L3 network issues. Experience working in security- or compliance-driven environments. Preferred Cisco CCNP certification (or equivalent routing/switching depth). Hands-on knowledge of at least one firewall platform: Palo Alto Networks, Fortinet, or Cisco Firepower. Familiarity with Zscaler ZIA/ZPA, WAF platforms, or Forcepoint. Basic AWS networking knowledge (VPC, security groups, site-to-site VPN). Exposure to Python or Ansible for routine network automation tasks. Familiarity with CMMC, NIST 800-171, or similar regulatory frameworks. Background in manufacturing, aerospace, or defense-adjacent IT environments. Core Competencies Security-first engineering mindset designs with defense-in-depth as the default. Collaborative team player works effectively with peers in France and across SUSA IT teams. Operational discipline follows change management processes and keeps documentation current. Problem-solving under pressure methodical troubleshooting during network incidents. Ownership & accountability drives issues to resolution without requiring escalation. Team & Reporting Context This role reports to the Cloud & Infrastructure Manager, Safran USA IT, and works day-to-day with: Cloud & Infrastructure team peers (server, storage, datacenter operations) CMMC compliance team (network diagram and SSP support) End User Services / helpdesk (NAC, VPN, and wireless escalations) Safran IT network administrators in France and India (peer coordination on standards, cross-site connectivity, shared platform configurations, and shift-left activities) SUSA subsidiary IT contacts and service stakeholders