Primary PurposeAhold Delhaize Group's Threat Defense Operations (TDO) team is seeking an experienced cybersecurity professional to lead the development and optimization of detection and response capabilities. TDO is responsible for designing, implementing, and maintaining detection logic across Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms within a global environment. This role plays a critical part in improving the organization's ability to detect, analyze, and respond to advanced cyber threats by integrating threat intelligence, automation, and engineering best practices. The position also contributes to advancing detection maturity and mentoring team members.Duties & ResponsibilitiesCollaborate with Cyber Threat Intelligence (CTI), Advanced Cyber Engineering (ACE), and Incident Response (IR) teams to operationalize threat intelligence into high-fidelity detection use casesLead the creation and implementation of automation solutions to enhance detection, response, and operational efficiency (e.g., detection-as-code, SOAR workflows)Perform advanced testing and validation of detection controls to ensure effectiveness against real-world adversary tactics and techniquesContinuously tune and optimize detection rules and analytics to improve signal quality and reduce alert fatigueMaintain and enhance SIEM data pipelines, including parsing, enrichment, and normalization of log sourcesMonitor emerging threat actor tactics, techniques, and procedures (TTPs) and align detection strategies with frameworks such as MITRE ATT&CProvide audit and compliance support by producing evidence and ensuring detection processes meet regulatory and internal standardsDevelop and maintain comprehensive documentation, including detection logic, runbooks, and operational proceduresProvide technical guidance and mentorship to junior and mid-level analysts, contributing to team development and knowledge sharingParticipate in incident investigations and provide subject matter expertise in threat detection and analysisQualifications3–5 years of experience in cybersecurity, with a focus on threat detection, SOC operations, or incident responseBachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experienceStrong experience developing and tuning detection logic within SIEM and/or EDR platformsAdvanced proficiency in Kusto Query Language (KQL) or similar query languages (e.g., SPL, SQL)Experience with Infrastructure-as-Code (IaC) and DevOps practices (e.g., Terraform, Git-based workflows)Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience leveraging frameworks such as MITRE ATT&CKExperience building or supporting automation within security operations (e.g., scripting, SOAR, or workflow automation)Strong analytical, problem-solving, and troubleshooting skillsExcellent written and verbal communication skillsPreferred QualificationsRelevant advanced cybersecurity certifications (e.g., GIAC, CISSP, GCIA, GCIH, or similar)Experience with detection engineering practices (e.g., detection-as-code, CI/CD pipelines for security content)Experience in cloud security environments (e.g., AWS, Azure, GCP) and cloud-native detection strategiesExperience performing threat hunting and advanced incident investigationsExperience working in large-scale or global enterprise environmentsWe are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.#J-18808-Ljbffr
Primary PurposeAhold Delhaize Group's Threat Defense Operations (TDO) team is seeking an experienced cybersecurity professional to lead the development and optimization of detection and response capabilities. TDO is responsible for designing, implementing, and maintaining detection logic across Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms within a global environment. This role plays a critical part in improving the organization's ability to detect, analyze, and respond to advanced cyber threats by integrating threat intelligence, automation, and engineering best practices. The position also contributes to advancing detection maturity and mentoring team members.Duties & ResponsibilitiesCollaborate with Cyber Threat Intelligence (CTI), Advanced Cyber Engineering (ACE), and Incident Response (IR) teams to operationalize threat intelligence into high-fidelity detection use casesLead the creation and implementation of automation solutions to enhance detection, response, and operational efficiency (e.g., detection-as-code, SOAR workflows)Perform advanced testing and validation of detection controls to ensure effectiveness against real-world adversary tactics and techniquesContinuously tune and optimize detection rules and analytics to improve signal quality and reduce alert fatigueMaintain and enhance SIEM data pipelines, including parsing, enrichment, and normalization of log sourcesMonitor emerging threat actor tactics, techniques, and procedures (TTPs) and align detection strategies with frameworks such as MITRE ATT&CProvide audit and compliance support by producing evidence and ensuring detection processes meet regulatory and internal standardsDevelop and maintain comprehensive documentation, including detection logic, runbooks, and operational proceduresProvide technical guidance and mentorship to junior and mid-level analysts, contributing to team development and knowledge sharingParticipate in incident investigations and provide subject matter expertise in threat detection and analysisQualifications3–5 years of experience in cybersecurity, with a focus on threat detection, SOC operations, or incident responseBachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experienceStrong experience developing and tuning detection logic within SIEM and/or EDR platformsAdvanced proficiency in Kusto Query Language (KQL) or similar query languages (e.g., SPL, SQL)Experience with Infrastructure-as-Code (IaC) and DevOps practices (e.g., Terraform, Git-based workflows)Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience leveraging frameworks such as MITRE ATT&CKExperience building or supporting automation within security operations (e.g., scripting, SOAR, or workflow automation)Strong analytical, problem-solving, and troubleshooting skillsExcellent written and verbal communication skillsPreferred QualificationsRelevant advanced cybersecurity certifications (e.g., GIAC, CISSP, GCIA, GCIH, or similar)Experience with detection engineering practices (e.g., detection-as-code, CI/CD pipelines for security content)Experience in cloud security environments (e.g., AWS, Azure, GCP) and cloud-native detection strategiesExperience performing threat hunting and advanced incident investigationsExperience working in large-scale or global enterprise environmentsWe are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.#J-18808-Ljbffr
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Unit Supply Specialist - Start Your Career with the US Army
- Kissimmee, Florida
- U.S. Army Reserve
- Jul 06, 2026
-
Aircrew Rescue Swimmer & Navy Diver
- Conover, North Carolina
- U.S. Navy
- Jul 06, 2026
-
Military Analyst (5687)
- Orlando, Florida
- Three Saints Bay
- Jul 06, 2026
-
Cybersecurity Support Analyst - Active Secret Clearance
- Arlington, Virginia
- International Executive Service Corps
- Jul 06, 2026
-
Intelligence Analyst
- Chicago, Illinois
- Contact Government Services, LLC
- Jul 06, 2026
-
Large Enterprise Account Executive - Local Government
- New York, New York
- Workday
- Jul 06, 2026