Principal Cybersecurity Engineer
Ahold Delhaize USA · Quincy, MA · 1 wk ago
HybridInformation Technology$109k–$163k/yrFull-time
About the role
The Principal Security Engineer is a senior technical leader who sets the vision, architecture, and standards for enterprise security across infrastructure, applications, data, and cloud platforms.
Responsibilities
- Set enterprise security architecture, reference patterns, and guardrails for cloud, network, platform, and application domains, including hybrid and on-premises infrastructure.
- Design scalable controls and "secure by default" blueprints that teams reuse to accelerate delivery and reduce technical debt.
- Drive security as code practices, integrating automated controls into CI/CD pipelines and cloud native workflows.
- Lead threat modeling, risk assessments, and security design reviews for complex initiatives and critical systems.
- Orchestrate incident response for high severity events, ensuring rapid triage, root cause analysis, and durable remediation.
- Standardize vulnerability management across infrastructure and software layers, prioritizing remediation based on risk and business impact.
- Integrate identity, access, and secrets management into platform and application architectures, aligning to least privilege and zero trust principles.
- Guide performance monitoring, logging, and detection engineering to improve signal quality and reduce mean time to detect/respond.
- Partner with Technology, Compliance, and business leaders to embed security into evaluation, selection, installation, and configuration of products.
- Collaborate with teams supporting enterprise networks, on-prem data centers, and distributed operational environments to ensure secure connectivity, segmentation, and baseline enforcement.
- Help define and maintain security baselines for servers, platforms, and cloud services, including hardening standards for hybrid infrastructure.
- Mentor engineers at all levels; elevate secure coding, testing, automation, and operational excellence across teams.
- Influence roadmap priorities using data, metrics, and risk quantification to support informed trade off decisions.
- Evangelize modern engineering practices (Agile/Kanban/Lean), ensuring security enhances-not hinders-developer and customer experience.
- May be called upon to support critical escalations and must be available during urgent IT incidents as needed.
Qualifications
- Bachelor's degree or equivalent years of work experience.
- 10+ years in progressive experience in cybersecurity, with significant experience in security engineering and architecture roles.
- Demonstrated leadership in enterprise security architecture for cloud platforms (e.g., Azure, AWS, or GCP), networks, and platforms, including hybrid and on-premises environments.
- Proven depth in identity and access management, key and secrets management, and zero trust concepts.
- Strong proficiency with infrastructure as code (e.g., Terraform or Bicep), configuration management, and policy as code.
- Expertise in security information and event management (SIEM), endpoint detection and response, and detection engineering.
- Advanced skills in scripting/automation (e.g., Python or PowerShell) to codify controls, tests, and runbooks.
- Excellent communication and executive influencing skills; able to translate risk and complexity into clear, actionable decisions.
- Experience working in distributed or multi-site operational environments is a plus.
Preferred Qualifications
- Experience building platform security capabilities (e.g., cloud security posture management, workload protection, container security).
- Hands on knowledge of application security (secure SDLC, dependency scanning, and runtime protections).
- Familiarity with PCI DSS, SOX, HIPAA, or similar frameworks; practical experience operationalizing compliance.
- Industry certifications (e.g., CISSP, CCSP, GIAC, OSCP) or equivalent portfolio of work.
- Experience with segmentation design, network architecture, or securing retail or regulated operational environments.