Sr. Network Security Platform Engineer

Introduction

Ahold Delhaize USA, a division of global food retailer Ahold Delhaize, is part of the U.S. family of brands, which also includes five leading omnichannel grocery brands – Food Lion, Giant Food, The GIANT Company, Hannaford and Stop & Shop. Ahold Delhaize USA associates support the brands with a wide range of services, including Finance, Legal, Sustainability, Commercial, Digital and E-commerce, Technology and more.

The Sr. Network Security Platform Engineer (Platform IV) will lead the engineering, delivery, and operations of ADUSA's network security platforms with a key focus on zero trust architecture, next-generation firewalls, and secure connectivity across the enterprise. This role is responsible for the technical design, implementation, and management of mission-critical network security infrastructure spanning ADUSA's data centers, cloud environments, retail locations, corporate offices, and distribution centers.

The Sr. Network Security Platform Engineer will drive the multi-year strategy to transform ADUSA's network security posture, championing zero trust principles and ensuring all network traffic is inspected, segmented, and secured in alignment with PCI-DSS, HIPAA, and other regulatory compliance frameworks. This role has overall responsibility for the delivery of secure connectivity, threat mitigation, incident response coordination, firewall and proxy platform management, and policy enforcement across all brands.

This role ensures that network security infrastructure can meet and exceed the performance, availability, and compliance requirements set by the business. The Sr. Network Security Platform Engineer will oversee security operations, vulnerability remediation, and continuous improvement of all network security platforms while participating in day-to-day operations and troubleshooting efforts. This role will work closely with network platform teams, architecture, risk, cyber defense and compliance, and application security teams to create robust security implementation and operations strategies.

The engineer will bring deep expertise in enterprise network security, firewall management, cloud security, and regulatory compliance, maintaining technical alignment with all stakeholders for seamless and secure network operations.

Our flexible/hybrid work schedule includes 3 in-person days at one of our core locations and 2 remote days. Our core office locations are Salisbury, NC & Quincy, MA.

Applicants must be currently authorized to work in the United States on a full-time basis.

• Lead the design, engineering, and operations of ADUSA's network security platforms including next-generation firewalls (Palo Alto, Fortinet), secure web gateways, and cloud security solutions (Zscaler ZIA/ZPA), ensuring high availability, performance, and compliance across all environments.
• Architect and implement zero trust network security frameworks across the enterprise, defining and enforcing micro‑segmentation, least-privilege access policies, identity‑based authentication, and continuous verification strategies to minimize the attack surface.
• Manage and maintain firewall rule sets, security policies, NAT configurations, and VPN infrastructure across Palo Alto and Fortinet platforms, ensuring policies are optimized, documented, and aligned with PCI-DSS, HIPAA, and corporate security standards.
• Oversee Zscaler cloud security platform administration including ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access), managing URL filtering, SSL inspection, DLP policies, cloud firewall rules, and application access policies for all users and locations.
• Drive compliance initiatives by implementing and maintaining network security controls required for PCI-DSS, HIPAA, SOX, and other regulatory frameworks; lead audit preparation activities, evidence collection, and remediation of security findings.
• Act as a subject‑matter expert in network security design and architecture, evaluating emerging threats and technologies, and providing recommendations to the Network Architecture team for continuous improvement of the security posture.
• Participate in security incident…