Engineering Security Lead and DevSecOps Champion, Zaandam

Join us in leading the transformation of security at Albert Heijn and setting new industry standards.

The Engineering Manager for Security bridges engineering teams, Compliance&Insights, Incident Command, Disaster Recovery&SRE, legal, and the business, so that security becomes a shared capability rather than a siloed function.

The role has two integrated dimensions: enabling teams to be more secure through training, threat modelling, and hands‑on support; and influencing and designing policy standards and strategy that give the organisation a coherent security posture. Both require influencing without authority and building relationships in a fast‑moving engineering organisation.

We believe the most effective security function is one that other teams actively want to engage with. It requires being genuinely helpful, building relationships early, and earning the right to set standards by understanding the constraints teams face.

The ideal candidate sees security not as a separate discipline but as emerging from engineering teams doing good work, supported by clear frameworks, good tooling, and a security team that makes it easy to do the right thing.

Responsibilities

Own the implementation of security at NL: tooling, the team, culture, and local adaptations.

Implement and mature the security culture across the organisation.

Implement (DevSecOps) capabilities with the development pipeline.

Ensure streamlined vulnerability response processes and activities.

Ensure security baseline compliance.

Support during security incidents.

Align to required security standards: group‑level policies, global control frameworks, and group CISO direction.

Represent NL in group security forums and feed local learnings back up.

When global policy conflicts with local engineering reality, flag, escalates, and proposes a resolution (do not ignore or blindly comply).

Qualifications

Solid grounding in application security, cloud security and SDLC security practices.

Hands‑on experience with security tooling (SAST, DAST, SCA, secrets scanning, CSPM).

Familiarity with threat modelling frameworks (STRIDE, PASTA) and experience facilitating sessions with engineering teams.

Understanding of vulnerability management lifecycle and ability to drive remediation at scale across a distributed organisation.

Ability to influence without authority; to earn cooperation by credibility and relationships.

Strong communication skills across audiences.

Experience defining and implementing security governance frameworks that teams actually follow.

Experience building security champion programmes that create genuine cultural change, not just a list of names.

Benefits

Annual salary up to€130k including holiday allowance and flexible bonus, depending on level of seniority.

Minimum 20 days paid vacation, optionally 12.5 extra days that can be converted to discounts or cash.

Flexible working hours.

Access to a challenging training curriculum– AH Tech Academy.

Excellent pension plan with employer contribution of 4.5× the employee contribution.

Travel allowance or NS‑business card for travelling to and from Zaandam by train.

Discounts on various insurance policies.

10% staff discount on groceries in all Albert Heijn stores, up to€300 per year.

A free Mijn Albert Heijn Premium membership with many benefits.

A company laptop and telephone.

Ready to contribute to our mission? If you are ready to play an active role in changing the food retail landscape, hop on board and join us on our expedition.

#J-18808-Ljbffr