Ahold Delhaize USA · 9 hours ago
Sr. Network Security Platform Engineer
Quincy, MA
Full-time
Hybrid
Senior Level, Lead/Staff
$147K/yr - $220K/yr
8+ years expAhold Delhaize USA, a division of global food retailer Ahold Delhaize, is seeking a Sr. Network Security Platform Engineer to lead the engineering, delivery, and operations of their network security platforms. This role focuses on zero trust architecture, next-generation firewalls, and secure connectivity across the enterprise, ensuring compliance with regulatory frameworks.
RetailFood and BeverageGrocerySales
No H1B
Responsibilities
Lead the design, engineering, and operations of ADUSA's network security platforms including next-generation firewalls (Palo Alto, Fortinet), secure web gateways, and cloud security solutions (Zscaler ZIA/ZPA), ensuring high availability, performance, and compliance across all environments
Architect and implement zero trust network security frameworks across the enterprise, defining and enforcing micro-segmentation, least-privilege access policies, identity-based authentication, and continuous verification strategies to minimize the attack surface
Manage and maintain firewall rule sets, security policies, NAT configurations, and VPN infrastructure across Palo Alto and Fortinet platforms, ensuring policies are optimized, documented, and aligned with PCI-DSS, HIPAA, and corporate security standards
Oversee Zscaler cloud security platform administration including ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access), managing URL filtering, SSL inspection, DLP policies, cloud firewall rules, and application access policies for all users and locations
Drive compliance initiatives by implementing and maintaining network security controls required for PCI-DSS, HIPAA, SOX, and other regulatory frameworks; lead audit preparation activities, evidence collection, and remediation of security findings
Act as a subject matter expert in network security design and architecture, evaluating emerging threats and technologies, and providing recommendations to the Network Architecture team for continuous improvement of the security posture
Participate in security incident response and forensic analysis, working with the SOC, threat intelligence, and risk teams to investigate network-based threats, contain breaches, and implement preventive controls
Develop and maintain network security automation to streamline firewall provisioning, policy deployment, configuration compliance checks, and security reporting across all platforms
Review and establish security documentation, standard operating procedures, and runbooks; ensure these standards are maintained and audit-ready at all times
Act as a point of escalation to external ADUSA managed service providers and internal teams in the incident management process, assisting in reviewing security incident and problem data, performing root cause analysis, and driving continuous improvement
Monitor and manage the security device lifecycle, including firmware maintenance, certificate management, and license compliance for all firewalls, proxies, IDS/IPS, and related network security infrastructure
Manage and influence analysis of business requirements to ensure that network security solutions meet established policies, risk tolerance, and compliance controls while enabling business agility
Qualification
Required
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Network Engineering, or a related field (or equivalent work experience)
8+ years of progressive experience in network security engineering, with deep hands-on expertise in enterprise firewall platforms (Palo Alto Networks, Fortinet FortiGate)
Strong experience with Zscaler cloud security platforms (ZIA, ZPA) including deployment, policy management, SSL inspection, and troubleshooting
Demonstrated experience designing and implementing zero trust network architectures in large-scale enterprise environments
Deep knowledge of PCI-DSS and HIPAA compliance requirements as they relate to network security controls, segmentation, and audit readiness
Strong expertise in network security design and architecture including DMZ design, network segmentation, micro-segmentation, VPN technologies (IPSec, SSL), and secure remote access solutions
Experience with security information and event management (SIEM) platforms, and network monitoring tools such as Panorama, FortiManager, FortiAnalyzer, and SolarWinds
Proficiency in automation and scripting for network security device management, policy deployment, and compliance reporting
Very good technical foundation in networking (CCNA/CCNP level equivalent) with strong knowledge of L2/L3 technologies, routing protocols (BGP, OSPF), and switching
Experience with cloud security architectures including AWS, Azure, cloud-based firewalls, and hybrid connectivity security
Strong communication skills with the ability to translate complex security concepts to technical and non-technical stakeholders
Experience working in a large-scale retail, distribution, or multi-site enterprise environment
Preferred
Holds one or more industry certifications: PCNSE (Palo Alto Networks), NSE 7/8 (Fortinet), ZCCA/ZCCP (Zscaler), CISSP, CCNP Security, CCIE Security
Experience with network access control (NAC), 802.1X, and identity-based network segmentation solutions
Experience with IDS/IPS platforms, DDoS mitigation, and advanced threat protection technologies
Experience working in an Agile (SAFe) environment
Familiarity with DevSecOps practices and integrating network security into CI/CD pipelines
Experience with Infoblox DDI, F5 load balancers, and Arista/Cisco ACI in the context of security policy enforcement and micro-segmentation
Benefits
This position is eligible for an incentive bonus based on company performance as provided by the plan terms and governing documents.
Company
Ahold Delhaize USA
Ahold Delhaize USA provides retail media solutions for brands to advertise to grocery shoppers across ADUSA brands using data-driven tools.
10001+ employees
Funding
Current Stage
Late StageRecent News
GlobeNewswire
2026-01-16
2025-12-30
Company data provided by crunchbase