What are the responsibilities and job description for the Network Security Engineer L3 position at Safran?
The Network Security Engineer L3 is a hands-on technical role within Safran USA's (SUSA) IT Shared Services organization. This position is responsible for the day-to-day operations, administration, and continuous improvement of the SUSA corporate network and datacenter infrastructure across all US subsidiary entities. The engineer is expected to be deeply technical - configuring, troubleshooting, and maintaining the network stack directly - working under the Cloud & Infrastructure Manager and collaborating with Safran IT network peers globally on standards alignment. Global network architecture and strategy remain the responsibility of the Safran Group team in France; this role is the hands-on owner of the US environment.
Key Responsibilities
Datacenter & Campus Networking
*Configure and maintain network services and assets across core, distribution, access, and DMZ layers.
*Administer enterprise firewall platforms: policy management, NAT, VPNs, and traffic segmentation across SUSA sites.
*Ensure proper network segmentation and boundary protection within datacenter and WAN environments.
*Act as the L3 escalation point for complex network and security incidents; coordinate with service providers and internal IT teams as needed.
*Maintain accurate and up-to-date network documentation: diagrams, standards, and operating procedures.
Network Security & Restricted Environments
*Administer Zscaler ZIA and ZPA: maintain tunnel configurations, user traffic policies, and access rules in coordination with the Cloud & Infrastructure Manager.
*Manage Forcepoint Web Security policies for web filtering on CUI-handling endpoints.
*Administer WAF policies (F5 / Fortinet / Cloudflare): maintain and tune rules to protect SUSA-hosted applications, respond to alerts, and coordinate rule updates with application owners.
*Conduct regular firewall rule reviews; maintain documented security zone matrices and policy change records.
CMMC 2.0 Compliance Support
*Maintain accurate SUSA network diagrams and data-flow documentation for use in the System Security Plan (SSP).
*Support the CMMC compliance team on network-related controls (NIST SP 800-171 domains 3.1, 3.13); provide technical input for assessments and POA&M remediation.
*Validate that network changes do not introduce unintended CUI exposure; coordinate with the compliance team before implementing boundary modifications.
Operations, Knowledge Transfer & Collaboration
*Manage hardware lifecycle and procurement; contribute network infrastructure inputs to the annual CAPEX/OPEX budget process.
*Document standard operating procedures, change records, and incident post-mortems in the ITSM platform.
*Apply Safran security and network policies and standards as directed by the Group network team.
*Coordinate technical actions with teams located at Safran headquarters (France) and in India.
*Define and organize knowledge transfer activities to L1 and L2 support teams.