Jobs · Information Technology · Massachusetts

Principal Cybersecurity Engineer

Ahold Delhaize USA · Quincy, MA · 1 wk ago
HybridInformation Technology$109k–$163k/yrFull-time

About the role

The Principal Security Engineer is a senior technical leader who sets the vision, architecture, and standards for enterprise security across infrastructure, applications, data, and cloud platforms.

Responsibilities

  • Set enterprise security architecture, reference patterns, and guardrails for cloud, network, platform, and application domains, including hybrid and on-premises infrastructure.
  • Design scalable controls and "secure by default" blueprints that teams reuse to accelerate delivery and reduce technical debt.
  • Drive security as code practices, integrating automated controls into CI/CD pipelines and cloud native workflows.
  • Lead threat modeling, risk assessments, and security design reviews for complex initiatives and critical systems.
  • Orchestrate incident response for high severity events, ensuring rapid triage, root cause analysis, and durable remediation.
  • Standardize vulnerability management across infrastructure and software layers, prioritizing remediation based on risk and business impact.
  • Integrate identity, access, and secrets management into platform and application architectures, aligning to least privilege and zero trust principles.
  • Guide performance monitoring, logging, and detection engineering to improve signal quality and reduce mean time to detect/respond.
  • Partner with Technology, Compliance, and business leaders to embed security into evaluation, selection, installation, and configuration of products.
  • Collaborate with teams supporting enterprise networks, on-prem data centers, and distributed operational environments to ensure secure connectivity, segmentation, and baseline enforcement.
  • Help define and maintain security baselines for servers, platforms, and cloud services, including hardening standards for hybrid infrastructure.
  • Mentor engineers at all levels; elevate secure coding, testing, automation, and operational excellence across teams.
  • Influence roadmap priorities using data, metrics, and risk quantification to support informed trade off decisions.
  • Evangelize modern engineering practices (Agile/Kanban/Lean), ensuring security enhances-not hinders-developer and customer experience.
  • May be called upon to support critical escalations and must be available during urgent IT incidents as needed.

Qualifications

  • Bachelor's degree or equivalent years of work experience.
  • 10+ years in progressive experience in cybersecurity, with significant experience in security engineering and architecture roles.
  • Demonstrated leadership in enterprise security architecture for cloud platforms (e.g., Azure, AWS, or GCP), networks, and platforms, including hybrid and on-premises environments.
  • Proven depth in identity and access management, key and secrets management, and zero trust concepts.
  • Strong proficiency with infrastructure as code (e.g., Terraform or Bicep), configuration management, and policy as code.
  • Expertise in security information and event management (SIEM), endpoint detection and response, and detection engineering.
  • Advanced skills in scripting/automation (e.g., Python or PowerShell) to codify controls, tests, and runbooks.
  • Excellent communication and executive influencing skills; able to translate risk and complexity into clear, actionable decisions.
  • Experience working in distributed or multi-site operational environments is a plus.

Preferred Qualifications

  • Experience building platform security capabilities (e.g., cloud security posture management, workload protection, container security).
  • Hands on knowledge of application security (secure SDLC, dependency scanning, and runtime protections).
  • Familiarity with PCI DSS, SOX, HIPAA, or similar frameworks; practical experience operationalizing compliance.
  • Industry certifications (e.g., CISSP, CCSP, GIAC, OSCP) or equivalent portfolio of work.
  • Experience with segmentation design, network architecture, or securing retail or regulated operational environments.

Similar jobs