Sr. Network Security Platform Engineer

Category/Area of Expertise: IT & Technology
Job Requisition: 479906
Address: USA-NC-Salisbury-2085 Harrison Road
Store Code: Infrastructure-Network (5118708)

Ahold Delhaize USA, a division of global food retailer Ahold Delhaize, is part of the U.S. family of brands, which includes five leading omnichannel grocery brands - Food Lion, Giant Food, The GIANT Company, Hannaford and Stop & Shop. Our associates support the brands with a wide range of services, including Finance, Legal, Sustainability, Commercial, Digital and E-commerce, Technology and more.

Primary Purpose:

The Sr. Network Security Platform Engineer (Platform IV) will lead the engineering, delivery, and operations of ADUSA's network security platforms with a key focus on zero trust architecture, next-generation firewalls, and secure connectivity across the enterprise. This role is responsible for the technical design, implementation, and management of mission-critical network security infrastructure spanning ADUSA's data centers, cloud environments, retail locations, corporate offices, and distribution centers.

The Sr. Network Security Platform Engineer will drive the multi-year strategy to transform ADUSA's network security posture, championing zero trust principles and ensuring all network traffic is inspected, segmented, and secured in alignment with PCI-DSS, HIPAA, and other regulatory compliance frameworks. This role has overall responsibility for the delivery of secure connectivity, threat mitigation, incident response coordination, firewall and proxy platform management, and policy enforcement across all brands.

This role ensures that network security infrastructure can meet and exceed the performance, availability, and compliance requirements set by the business. The Sr. Network Security Platform Engineer will oversee security operations, vulnerability remediation, and continuous improvement of all network security platforms while participating in day-to-day operations and troubleshooting efforts. This role will work closely with network platform teams, architecture, risk, cyber defense and compliance, and application security teams to create robust security implementation and operations strategies. The engineer will bring deep expertise in enterprise network security, firewall management, cloud security, and regulatory compliance, maintaining technical alignment with all stakeholders for seamless and secure network operations.

• Lead the design, engineering, and operations of ADUSA's network security platforms including next-generation firewalls (Palo Alto, Fortinet), secure web gateways, and cloud security solutions (Zscaler ZIA/ZPA), ensuring high availability, performance, and compliance across all environments.
• Architect and implement zero trust network security frameworks across the enterprise, defining and enforcing micro-segmentation, least-privilege access policies, identity-based authentication, and continuous verification strategies to minimize the attack surface.
• Manage and maintain firewall rule sets, security policies, NAT configurations, and VPN infrastructure across Palo Alto and Fortinet platforms, ensuring policies are optimized, documented, and aligned with PCI-DSS, HIPAA, and corporate security standards.
• Oversee Zscaler cloud security platform administration including ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access), managing URL filtering, SSL inspection, DLP policies, cloud firewall rules, and application access policies for all users and locations.
• Drive compliance initiatives by implementing and maintaining network security controls required for PCI-DSS, HIPAA, SOX, and other regulatory frameworks; lead audit preparation activities, evidence collection, and remediation of security findings.
• Act as a subject matter expert in network security design and architecture, evaluating emerging threats and technologies, and providing recommendations to the Network Architecture team for continuous improvement of the security posture.
• Participate in security incident response and forensic analysis, working with the SOC, threat intelligence, and risk teams to investigate network-based threats, contain breaches, and implement preventive controls.
• Develop and maintain network security automation to streamline firewall provisioning, policy deployment, configuration compliance checks, and security reporting across all platforms.
• Review and establish security documentation, standard operating procedures, and runbooks; ensure these standards are maintained and audit-ready at all times.
• Act as a point of escalation to external ADUSA managed service providers and internal teams in the incident management process, assisting in reviewing security incident and problem data, performing root cause analysis, and driving continuous improvement.
• Monitor and manage the security device lifecycle, including firmware maintenance, certificate management, and license compliance for all firewalls, proxies, IDS/IPS, and related network security infrastructure.
• Manage and influence analysis of business requirements to ensure that network security solutions meet established policies, risk tolerance, and compliance controls while enabling business agility.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Network Engineering, or a related field (or equivalent work experience)
• 8+ years of progressive experience in network security engineering, with deep hands-on expertise in enterprise firewall platforms (Palo Alto Networks, Fortinet FortiGate)
• Strong experience with Zscaler cloud security platforms (ZIA, ZPA) including deployment, policy management, SSL inspection, and troubleshooting
• Demonstrated experience designing and implementing zero trust network architectures in large-scale enterprise environments
• Deep knowledge of PCI-DSS and HIPAA compliance requirements as they relate to network security controls, segmentation, and audit readiness
• Strong expertise in network security design and architecture including DMZ design, network segmentation, micro-segmentation, VPN technologies (IPSec, SSL), and secure remote access solutions
• Experience with security information and event management (SIEM) platforms, and network monitoring tools such as Panorama, FortiManager, FortiAnalyzer, and SolarWinds
• Proficiency in automation and scripting for network security device management, policy deployment, and compliance reporting
• Very good technical foundation in networking (CCNA/CCNP level equivalent) with strong knowledge of L2/L3 technologies, routing protocols (BGP, OSPF), and switching
• Experience with cloud security architectures including AWS, Azure, cloud-based firewalls, and hybrid connectivity security
• Strong communication skills with the ability to translate complex security concepts to technical and non-technical stakeholders
• Experience working in a large-scale retail, distribution, or multi-site enterprise environment

• Holds one or more industry certifications: PCNSE (Palo Alto Networks), NSE 7/8 (Fortinet), ZCCA/ZCCP (Zscaler), CISSP, CCNP Security, CCIE Security
• Experience with network access control (NAC), 802.1X, and identity-based network segmentation solutions
• Experience with IDS/IPS platforms, DDoS mitigation, and advanced threat protection technologies
• Experience working in an Agile (SAFe) environment
• Familiarity with DevSecOps practices and integrating network security into CI/CD pipelines
• Experience with Infoblox DDI, F5 load balancers, and Arista/Cisco ACI in the context of security policy enforcement and micro-segmentation.