Analyst III Defense Operations

Primary Purpose

Ahold Delhaize Group’s Threat Defense Operations (TDO) team is seeking an analyst to support detection engineering and threat monitoring capabilities. The TDO team is responsible for maintaining and enhancing detection and response logic within Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms across a global environment. This role contributes to improving the organization’s ability to detect and respond to evolving cyber threats by leveraging threat intelligence and continuously refining detection use cases.

The position includes structured mentorship from senior team members to support professional growth and technical development.

• Collaborate with Cyber Threat Intelligence (CTI), Advanced Cyber Engineering (ACE), and Incident Response (IR) teams to incorporate emerging threat intelligence into detection capabilities.
• Assist in developing, tuning, and maintaining detection logic within SIEM and EDR platforms to improve threat visibility and reduce false positives.
• Support the ingestion, parsing, and normalization of log data to ensure accurate and consistent data within the SIEM.
• Participate in validation and testing of detection controls to confirm effectiveness against real-world attack techniques.
• Provide audit and compliance support by gathering and delivering required evidence related to detection and monitoring controls.
• Create, update, and maintain technical and process documentation for detection use cases, workflows, and operational procedures.
• Monitor updates to threat actor tactics, techniques, and procedures (TTPs) and assist in aligning detection strategies with the MITRE ATT&CK framework.
• Work under the guidance of senior team members to develop technical skills and understanding of defensive operations.
• Perform other duties and responsibilities as assigned to support team objectives.

• 1–3 years of experience in cybersecurity, IT, or a related field, or equivalent hands‑on training
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience
• Foundational understanding of cybersecurity concepts (e.g., networking basics, logs, threats, and common attack patterns)
• Exposure to SIEM, EDR, or log analysis concepts through academic, lab, or professional experience.
• Strong analytical and problem‑solving skills with attention to detail
• Strong written and verbal communication skills in English

• Exposure to query languages (e.g., KQL, SPL, SQL) or willingness to learn.
• Basic understanding of Dev Ops or Infrastructure-as-Code concepts (e.g., Terraform) and interest in automation.
• Familiarity with the MITRE ATT&CK framework.
• Experience in a Security Operations Center (SOC), Managed Security Service Provider (MSSP), internship, or hands‑on lab environment.
• Exposure to SIEM platforms (e.g., Microsoft Sentinel, Splunk) or endpoint detection tools.
• Experience in grocery retail.

We are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.