Engineering Manager Security

How you can make a difference

Join us in leading the transformation of security at Albert Heijn and setting new industry standards.

The Engineering Manager for Security is the person who brings groups together, bridging engineering teams, the Compliance & Insights domain, Incident Command, Disaster Recovery & SRE, legal, and the business, so that security becomes a shared capability rather than a siloed function.

The role has two integrated dimensions: enabling teams to be more secure through training, threat modelling, and hands-on support; and helping to influence and design the policy standards and strategy that give the organisation a coherent security posture. Both require the same skill — the ability to influence without authority and build relationships across a complex, fast-moving engineering organisation.

We believe the most effective security function is one that other teams actively want to engage with. That means being genuinely helpful, building relationships before you need them, and earning the right to set standards by demonstrating that you understand the constraints teams are working within.

The person we are looking for does not see security as a discipline that exists apart from engineering — they see it as something that emerges from engineering teams doing good work, supported by clear frameworks, good tooling, and a security team that makes it easy to do the right thing.

This is how you will reinvent food retail.

1. Own how security is implemented at NL: the tooling, the team, the culture, the local adaptations

• Responsible for security controls implementation
• Help design, implement and mature the security culture across the organisation
• Implement DevSecOps capabilities with development pipeline
• Ensure streamlined vulnerability response processes and activities
• Ensure security baseline compliance
• Support during security incidents

1. Align to what security standards are required: group-level policies, global control frameworks, and any group CISO direction
2. Represent NL in group security forums and feed local learnings back up
3. When global policy conflicts with local engineering reality, you are the person who flags it, escalates it, and proposes a resolution, not just silently ignoring it or blindly complying

Your new team and office.

Together with your team of Security Officers you will work on inspiring projects to accelerate our transition into a hybrid Food & Tech company. We want to leverage data and technology to future-proof food shopping and give our customers access to healthy food more easily available for everyone. At Albert Heijn, you team up with inspiring peers in the data, digital and tech domains. A community of diverse individuals who share a common goal: to create digital solutions that make (online) shopping simpler and more inspiring. Are you ready to reinvent the way millions of people buy and enjoy their food? We invest heavily in data, digital and tech. And that includes investing in your career!

Don’t check all the boxes? Don’t worry, we probably don’t either 😉.

What we offer.

• An annual salary up to 130K including holiday allowance and a flexible bonus, depending on your level of seniority and experience
• A minimum of 20 days paid vacation, optionally 12.5 days extra, which you can take as time off, convert into discounts, or sell for cash
• Flexible working hours
• Access to a challenging training curriculum – AH Tech Academy
• An excellent pension plan where we as an employer contribute 4,5 more than you as an employee
• A travel allowance or a NS-business card for traveling to and from Zaandam by train
• Attractive discounts on various insurance policies
• 10% staff discount on groceries in all Albert Heijn stores, to a maximum of €300 per year
• A free Mijn Albert Heijn Premium membership with many benefits
• A company laptop and telephone

The recipe for maximum impact

• Solid grounding in application security, cloud security and SDLC security practices
• Hands-on experience with security tooling [SAST, DAST, SCA, secrets scanning, CSPM]
• Familiarity with threat modelling frameworks (STRIDE, PASTA) and experience facilitating sessions with engineering teams
• Understanding of vulnerability management lifecycle and how to drive remediation at scale across a distributed organisation
• The ability to influence without authority. You don't need a mandate to make things happen; you earn cooperation through credibility and relationships
• Strong communication skills across audiences — you can talk CVEs with an engineer and business risk with a CFO, and both conversations land
• Experience defining and implementing security governance frameworks that teams actually follow, because they understand the why, and it makes it easy
• Experience building security champion programmes that create genuine cultural change, not just a list of names

“We need to offer the best digital experience: that's our goal!”

Robert Němec, Solution Architecture Manager

“An endless race we must win”

Christy Elgee, Manager of Cyber Defense and Operations, Ahold Delhaize USA