Network Security Engineer III job in Salisbury

The Sr. Network Security Engineer will lead the engineering, delivery, and operations of ADUSA's network security platforms with a key focus on zero trust architecture, next-generation firewalls, and secure connectivity across the enterprise. This role is responsible for the technical design, implementation, and management of mission-critical network security infrastructure spanning ADUSA's data centers, cloud environments, retail locations, corporate offices, and distribution centers., The Sr. Network Security Engineer will drive the multi-year strategy to transform ADUSA's network security posture, championing zero trust principles and ensuring all network traffic is inspected, segmented, and secured in alignment with PCI-DSS, HIPAA, and other regulatory compliance frameworks. This role has overall responsibility for the delivery of secure connectivity, threat mitigation, incident response coordination, firewall and proxy platform management, and policy enforcement across all brands., * Lead the design, engineering, and operations of ADUSA's network security platforms including next-generation firewalls (Palo Alto, Fortinet), secure web gateways, and cloud security solutions (Zscaler ZIA/ZPA), ensuring high availability, performance, and compliance across all environments.

• Architect and implement zero trust network security frameworks across the enterprise, defining and enforcing micro-segmentation, least-privilege access policies, identity-based authentication, and continuous verification strategies to minimize the attack surface.
• Manage and maintain firewall rule sets, security policies, NAT configurations, and VPN infrastructure across Palo Alto and Fortinet platforms, ensuring policies are optimized, documented, and aligned with PCI-DSS, HIPAA, and corporate security standards.
• Oversee Zscaler cloud security platform administration including ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access), managing URL filtering, SSL inspection, DLP policies, cloud firewall rules, and application access policies for all users and locations.
• Drive compliance initiatives by implementing and maintaining network security controls required for PCI-DSS, HIPAA, SOX, and other regulatory frameworks lead audit preparation activities, evidence collection, and remediation of security findings.
• Act as a subject matter expert in network security design and architecture, evaluating emerging threats and technologies, and providing recommendations to the Network Architecture team for continuous improvement of the security posture.
• Participate in security incident response and forensic analysis, working with the SOC, threat intelligence, and risk teams to investigate network-based threats, contain breaches, and implement preventive controls.
• Develop and maintain network security automation to streamline firewall provisioning, policy deployment, configuration compliance checks, and security reporting across all platforms.
• Review and establish security documentation, standard operating procedures, and runbooks ensure these standards are maintained and audit-ready at all times.
• Act as a point of escalation to external ADUSA managed service providers and internal teams in the incident management process, assisting in reviewing security incident and problem data, performing root cause analysis, and driving continuous improvement.
• Monitor and manage the security device lifecycle, including firmware maintenance, certificate management, and license compliance for all firewalls, proxies, IDS/IPS, and related network security infrastructure.
• Manage and influence analysis of business requirements to ensure that network security solutions meet established policies, risk tolerance, and compliance controls while enabling business agility.

• Bachelor's degree or equivalent years of work experience.
• 5+ years of progressive experience in network security engineering, with deep hands-on expertise in enterprise firewall platforms (Palo Alto Networks, Fortinet FortiGate)
• Strong experience with Zscaler cloud security platforms (ZIA, ZPA) including deployment, policy management, SSL inspection, and troubleshooting
• Demonstrated experience designing and implementing zero trust network architectures in large-scale enterprise environments
• Knowledge of PCI-DSS and HIPAA compliance requirements as they relate to network security controls, segmentation, and audit readiness
• Strong experience in network security design and architecture including DMZ design, network segmentation, micro-segmentation, VPN technologies (IPSec, SSL), and secure remote access solutions
• Experience with security information and event management (SIEM) platforms, and network monitoring tools such as Panorama, FortiManager, FortiAnalyzer, and SolarWinds
• Proficiency in automation and scripting for network security device management, policy deployment, and compliance reporting
• Solid technical foundation in networking (CCNA/CCNP level equivalent) with strong knowledge of L2/L3 technologies, routing protocols (BGP, OSPF), and switching
• Experience with cloud security architectures including AWS, Azure, cloud-based firewalls, and hybrid connectivity security, * Holds one or more industry certifications: PCNSE (Palo Alto Networks), NSE 7/8 (Fortinet), ZCCA/ZCCP (Zscaler), CISSP, CCNP Security, CCIE Security
• Experience with network access control (NAC), 802.1X, and identity-based network segmentation solutions
• Experience with IDS/IPS platforms, DDoS mitigation, and advanced threat protection technologies
• Experience working in an Agile (SAFe) environment
• Familiarity with DevSecOps practices and integrating network security into CI/CD pipelines
• Experience with Infoblox DDI, F5 load balancers, and Arista/Cisco ACI in the context of security policy enforcement and micro-segmentation.

Salary Range: $125,040 - $187,560

All ADUSA job offers take multiple factors into consideration including, but not limited to salary range, internal equity, a candidate's qualifications, geographic region, job-related knowledge and skills.

This position is eligible for an incentive bonus based on company performance as provided by the plan terms and governing documents.

#LI-CW1 #LI-Hybrid

The Ahold Delhaize Group sets global strategies frameworks, facilitates the sharing of best practice and encourages economies of scale. Great examples include sharing technology and digital know-how, so we can continue to lead in online and in-store retailing, setting global targets for healthy and sustainable products-including reducing food waste, use of plastics and making our products healthier to use and eat, and championing development for our future leaders-from learning about the digital mindset to leading our stores of the future.

Under the federal Transparency in Coverage rule, group health plans are required to make publicly available machine-readable files that include in-network rates and out-of-network allowed amounts and billed charges. Click the link to view the in-network rates and out-of-network allowed amounts and billed charges under the welfare benefits plan in which Ahold Delhaize Group participates

Ahold Delhaize Group is one of the world's largest food retail groups and a leader in both supermarkets and e-Commerce. Its family of great, local brands serves more than 50 million customers each week in Europe, the United States and Indonesia. Together, these brands employ more than 420,000 associates in more than 7,000 grocery and specialty stores. Our Ahold Delhaize Group is based in Zaandam in the Netherlands, but Ahold Delhaize Group associates also work in all the countries we serve. This team supports all our great local brands in finance, HR, IT, legal, communications, sustainable retailing, and other key functions.