Principal Cybersecurity Engineer

Category/Area of Expertise: IT & Technology
Job Requisition: 478731
Address: USA-IL-Chicago-300 South Riverside Plaza
Store Code: Infrastructure (5162840)
Ahold Delhaize USA, a division of global food retailer Ahold Delhaize, is part of the U.S. family of brands, which includes five leading omnichannel grocery brands - Food Lion, Giant Food, The GIANT Company, Hannaford and Stop & Shop. Our associates support the brands with a wide range of services, including Finance, Legal, Sustainability, Commercial, Digital and E-commerce, Technology and more.
The Principal Security Engineer is a senior technical leader who sets the vision, architecture, and standards for enterprise security across infrastructure, applications, data, and cloud platforms. This role defines security patterns, embeds security as code in delivery pipelines, and guides teams to design, build, test, deploy, and support secure solutions that are resilient, performant, user centric, and compliant. This includes securing hybrid environments that span on-premises data centers, Azure cloud services, and distributed operational environments such as retail stores and regional facilities.
Our flexible/ hybrid work schedule includes 3 in-person days at one of our core locations and 2 remote days. Our core office locations include Salisbury, NC and Quincy, MA.
Applicants must be currently authorized to work in the United States on a full-time basis.
Duties & Responsibilities

• Set enterprise security architecture, reference patterns, and guardrails for cloud, network, platform, and application domains, including hybrid and on-premises infrastructure.
• Design scalable controls and "secure by default" blueprints that teams reuse to accelerate delivery and reduce technical debt.
• Drive security as code practices, integrating automated controls into CI/CD pipelines and cloud native workflows.
• Lead threat modeling, risk assessments, and security design reviews for complex initiatives and critical systems. Orchestrate incident response for high severity events, ensuring rapid triage, root cause analysis, and durable remediation.
• Standardize vulnerability management across infrastructure and software layers, prioritizing remediation based on risk and business impact.
• Integrate identity, access, and secrets management into platform and application architectures, aligning to least privilege and zero trust principles.
• Guide performance monitoring, logging, and detection engineering to improve signal quality and reduce mean time to detect/respond.
• Partner with Technology, Compliance, and business leaders to embed security into evaluation, selection, installation, and configuration of products.
• Collaborate with teams supporting enterprise networks, on-prem data centers, and distributed operational environments to ensure secure connectivity, segmentation, and baseline enforcement.
• Support governance of Azure services, subscriptions, connectivity, and administrative models.
• Help define and maintain security baselines for servers, platforms, and cloud services, including hardening standards for hybrid infrastructure.
• Mentor engineers at all levels; elevate secure coding, testing, automation, and operational excellence across teams.
• Influence roadmap priorities using data, metrics, and risk quantification to support informed trade off decisions.
• Evangelize modern engineering practices (Agile/Kanban/Lean), ensuring security enhances-not hinders-developer and customer experience.
• May be called upon to support critical escalations and must be available during urgent IT incidents as needed.

Qualifications

• Bachelor's degree or equivalent years of work experience.
• 10+ years in progressive experience in cybersecurity, with significant experience in security engineering and architecture roles.
• Demonstrated leadership in enterprise security architecture for cloud platforms (e.g., Azure, AWS, or GCP), networks, and platforms, including hybrid and on-premises environments.
• Proven depth in identity and access management, key and secrets management, and zero trust concepts.
• Strong proficiency with infrastructure as code (e.g., Terraform or Bicep), configuration management, and policy as code.
• Expertise in security information and event management (SIEM), endpoint detection and response, and detection engineering.
• Advanced skills in scripting/automation (e.g., Python or PowerShell) to codify controls, tests, and runbooks.
• Excellent communication and executive influencing skills; able to translate risk and complexity into clear, actionable decisions.
• Experience working in distributed or multi-site operational environments is a plus.

Preferred Qualifications

• Experience building platform security capabilities (e.g., cloud security posture management, workload protection, container security).
• Hands on knowledge of application security (secure SDLC, dependency scanning, and runtime protections).
• Familiarity with PCI DSS, SOX, HIPAA, or similar frameworks; practical experience operationalizing compliance.
• Industry certifications (e.g., CISSP, CCSP, GIAC, OSCP) or equivalent portfolio of work
• Experience with segmentation design, network architecture, or securing retail or regulated operational environments.

#DICEJobs #LI-hybrid #LI-SS1
Salary Ranges
ME/NC/PA/SC Salary Range: $108,880 - $163,320
IL/MA/MD/NY Salary Range: $125,200 - $187,800
Actual compensation offered to a candidate may vary based on their unique qualifications and experience, internal equity, and market conditions. Final compensation decisions will be made in accordance with company policies and applicable laws.
At Ahold Delhaize USA, we provide services to one of the largest portfolios of grocery companies in the nation, and we're actively seeking top talent.
Our team shares a common motivation to drive change, take ownership and enable our brands to better care for their customers. We thrive on supporting great local grocery brands and their strategies.
Our associates are the heartbeat of our organization. We are committed to offering a welcoming work environment where all associates can succeed and thrive. Guided by our values of courage, care, teamwork, integrity (and even a little humor), we are dedicated to being a great place to work.
We believe in collaboration, curiosity, and continuous learning in all that we think, create and do. While building a culture where personal and professional growth are just as important as business growth, we invest in our people, empowering them to learn, grow and deliver at all levels of the business.
#BI-Hybrid