Network Engineer – Aviation Sector (Security & Firewall Integration)

General Job Description

As a Network Engineer within the aviation sector, you are responsible for designing, implementing, managing, and optimizing complex network and security infrastructures that meet the highest standards for safety, availability, and compliance. You work within an international, highly secure IT landscape where connectivity, data integrity, and network segmentation are crucial for safe aviation operations and business continuity.

The focus is on firewall management, policy automation, and integration using Check Point, Fortinet, and Tufin, supported by knowledge of F5 load balancers, Zscaler cloud security, and other network components.

Main Responsibilities

Network and Security Management

• Manage, configure, and optimize Check Point and Fortinet firewalls within complex environments (data centers, DMZs, remote sites, OT/SCADA environments).
• Analyze, implement, and test firewall rulesets and security policies in accordance with aviation safety standards (ISO 27001, NIST, EASA Part-IS).
• Maintain and integrate Tufin SecureTrack, SecureChange, and SecureApp for policy automation, compliance, and change management.
• Implement firewall integrations with SIEM, NAC, and monitoring platforms.

Network Design and Architecture

• Design robust, scalable network solutions including LAN/WAN, VPN, SD-WAN, and segmentation architectures.
• Integrate security controls within network designs with an emphasis on Zero Trust and defense-in-depth principles.
• Collaborate with architects, SOC teams, and OT departments to ensure secure data flows between IT and aviation systems.

Load Balancing & Cloud Security

• Configure and manage F5 (LTM/ASM/AFM) for application delivery, SSL offloading, and DDoS protection.
• Integrate Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for secure cloud and remote connectivity.

Automation, Integration, and Compliance

• Utilize Tufin to automate network and firewall changes, monitor compliance, and streamline policy management.
• Develop scripts (Python, Ansible) for automation of configuration and reporting.
• Prepare network documentation, security baselines, and audit reports for internal and external controls.

Incident Response & Troubleshooting

• Support the SOC during incidents, perform root cause analyses, and resolve network issues with minimal impact.
• Analyze log data and network traffic to identify threats, misconfigurations, or performance issues.

Purpose of the Role

The Network Engineer ensures that all network connections within the aviation environment are secure, stable, and compliant, with a focus on firewall management, automation, and integration within a complex multi-vendor infrastructure. You're making a significant impact in enhancing safety and continuity in aviation operations!

Technical Expertise

Check Point: R80.x management, policy management, SmartConsole, VSX, VPNs, and cluster configurations.

Fortinet: FortiGate management (CLI/GUI), SD-WAN, FortiManager/FortiAnalyzer, IPsec/SSL VPN.

Tufin: SecureTrack, SecureChange, policy compliance, integration with multi-vendor firewalls.

F5: Load balancing, iRules, SSL offload, and application firewalling (ASM/AFM).

Zscaler: ZIA, ZPA, policy configuration and integration with on-premises security.

Networking Knowledge: Good knowledge of routing & switching (BGP, OSPF, VLANs, VRFs).

Automation Experience: Experience with network automation (Ansible, Python) is a strong plus.

Certifications (Preferred)

• Check Point CCSA / CCSE
• Fortinet NSE 4–7
• Tufin Certified Security Expert
• F5 Certified BIG-IP Administrator (F5-CA)
• Zscaler Certified Cloud Professional (ZCCP)
• Cisco CCNP / CCIE or equivalent level

Personal Competencies

• Analytical skills, structured and accurate.
• Able to work within critical infrastructures with strict change control processes.
• Communicative, both towards technical and management levels.
• Stress-resistant and capable of setting priorities under operational pressure.
• Team player with a strong sense of responsibility and an eye for security and compliance.

Education

HBO/WO in Computer Science, Network Technology, Cybersecurity, or comparable.

At least 3–5 years of experience as a network/security engineer in enterprise or critical infrastructure environments (preferably within aviation, defense, or industrial sectors).

Welcome to the Team!

You work within a highly secure aviation environment with strict segmentation between IT and operational systems (OT). It's an exciting opportunity to be part of a multidisciplinary team that plays a crucial role in:

• Availability: Ensuring that our systems are always up and running!
• Security: Keeping our operations safe from any threats.
• Compliance: Making sure we meet all regulations and standards.

This network supports aviation operations, both on-premises and in hybrid cloud environments. Your contributions are invaluable, and together, we can achieve great things!

Working conditions: This job role offers a balanced split between operational (run) and project (build) work, with a distribution of 75% operational and 25% project-related tasks. To minimize the impact on business operations, some changes may be scheduled outside of regular business hours.

Do you want this too? Do you aspire to be the best version of yourself? We are delighted to support your development and invest in an environment where continuous learning is encouraged. We provide you with the freedom to innovate and take initiative. By offering numerous growth opportunities, we help you exceed your own expectations and excel in your work, enabling you to grow both personally and professionally.

Moreover, you can expect the following benefits based on a 36 or 40-hour working week:

• An Employee Benefit Budget equivalent to 10% of your monthly income, which you can use according to your preferences. This budget allows you to purchase additional holiday days or make additional contributions to your pension.
• Flexible working hours and the possibility of location-independent work, depending on the team's planning.
• 100% reimbursement of commuting costs if you travel using public transportation. If you commute by car or motorcycle, you can opt for a commuting allowance.
• A pension scheme with a contribution rate of only 5% from your side.

Let's get to know each other.

Are you the person we are looking for? The new colleague who wants to strengthen our client's team and make a difference for yourself, our customers, and society? We would love to receive your application for this vacancy.

Please note: Even if you don't meet all the criteria mentioned in the profile, but you believe you can fulfill the role effectively, we encourage you to apply. We invest in your growth and development.

Responses to applications are handled in accordance with our vacancy management process.

If you have any questions about the application process, ww will be happy to assist you via email (info@if-solutions.nl) office +31 10 210 87 90 or through the provided application link.

Screening is a standard part of the application process. We assess candidates based on the screening procedures followed by our client to ensure that new employees are reliable and suitable for their roles.

For this vacancy, an individual assessment and skills testing may be included as part of the application process.

We believe that everyone is unique, and it is precisely these differences that help us become an even better bank. That's why we are curious to know more about you.