What do we offer?
- Hybrid working
- Wellbeing initiatives
- Cross brand career options
What do you bring?
- A positive attitude
- True tech-savvy
- A solution-oriented attitude
Why Ahold Delhaize?
- International & cross cultural collaboration
- Inclusive & caring culture
- Shape a healthier tomorrow
How you can make a difference
Ahold Delhaize Group is one of the world's largest food retail groups and a leader in both supermarkets and e-Commerce. Its family of great, local brands serves more than 50 million customers each week in Europe, the United States and Indonesia. Together, these brands employ more than 420,000 associates in more than 7,000 grocery and specialty stores. Our Ahold Delhaize Group is based in Zaandam in the Netherlands, but Ahold Delhaize Group associates also work in all the countries we serve. This team supports all our great local brands in finance, HR, IT, legal, communications, sustainable retailing, and other key functions.Â
Â
Primary Purpose
Â
Ahold Delhaize Group’s Threat Defense Operations (TDO) team is seeking an experienced cybersecurity professional to lead the development and optimization of detection and response capabilities. TDO is responsible for designing, implementing, and maintaining detection logic across Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms within a global environment. This role plays a critical part in improving the organization’s ability to detect, analyze, and respond to advanced cyber threats by integrating threat intelligence, automation, and engineering best practices. The position also contributes to advancing detection maturity and mentoring team members.
Â
Duties & Responsibilities
Â
- Collaborate with Cyber Threat Intelligence (CTI), Advanced Cyber Engineering (ACE), and Incident Response (IR) teams to operationalize threat intelligence into high-fidelity detection use cases
- Lead the creation and implementation of automation solutions to enhance detection, response, and operational efficiency (e.g., detection-as-code, SOAR workflows)
- Perform advanced testing and validation of detection controls to ensure effectiveness against real-world adversary tactics and techniques
- Continuously tune and optimize detection rules and analytics to improve signal quality and reduce alert fatigue
- Maintain and enhance SIEM data pipelines, including parsing, enrichment, and normalization of log sources
- Monitor emerging threat actor tactics, techniques, and procedures (TTPs) and align detection strategies with frameworks such as MITRE ATT&C
- Provide audit and compliance support by producing evidence and ensuring detection processes meet regulatory and internal standards
- Develop and maintain comprehensive documentation, including detection logic, runbooks, and operational procedures
- Provide technical guidance and mentorship to junior and mid-level analysts, contributing to team development and knowledge sharing
- Participate in incident investigations and provide subject matter expertise in threat detection and analysis
Â
Â
Qualifications
Â
- 3–5 years of experience in cybersecurity, with a focus on threat detection, SOC operations, or incident response
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience
- Strong experience developing and tuning detection logic within SIEM and/or EDR platforms
- Advanced proficiency in Kusto Query Language (KQL) or similar query languages (e.g., SPL, SQL)
- Experience with Infrastructure-as-Code (IaC) and DevOps practices (e.g., Terraform, Git-based workflows)
- Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience leveraging frameworks such as MITRE ATT&CK
- Experience building or supporting automation within security operations (e.g., scripting, SOAR, or workflow automation)
- Strong analytical, problem-solving, and troubleshooting skills
- Excellent written and verbal communication skills
Â
Preferred Qualifications
Â
- Relevant advanced cybersecurity certifications (e.g., GIAC, CISSP, GCIA, GCIH, or similar)
- Experience with detection engineering practices (e.g., detection-as-code, CI/CD pipelines for security content)
- Experience in cloud security environments (e.g., AWS, Azure, GCP) and cloud-native detection strategies
- Experience performing threat hunting and advanced incident investigations
- Experience working in large-scale or global enterprise environments
Â
The Ahold Delhaize Group sets global strategies frameworks, facilitates the sharing of best practice and encourages economies of scale. Great examples include sharing technology and digital know-how, so we can continue to lead in online and in-store retailing, setting global targets for healthy and sustainable products-including reducing food waste, use of plastics and making our products healthier to use and eat, and championing development for our future leaders-from learning about the digital mindset to leading our stores of the future.Â
We are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.