The Manager, Security Engineering is responsible for planning, coordinating, and supervising all activities related to UNFI’s security tooling ecosystem to ensure a resilient, high‑performing, and Zero‑Trust‑aligned security posture. This role leads a team of security tooling engineers, setting goals and objectives, managing performance and deliverables, and developing and mentoring talent to support UNFI’s security strategy.
The Manager partners closely with internal stakeholders and MSP/BAU teams to ensure that security tools—across identity, endpoint, cloud, network, and monitoring platforms—are deployed, operated, and maintained in accordance with UNFI standards. This position ensures quality, consistency, and operational effectiveness by providing direction, enforcing engineering best practices, driving Zero Trust adoption, and overseeing continuous improvement across outsourced support teams.

Core Responsibilities:

• Define long‑term Network Security strategies and roadmaps and present them to senior IT leadership, ensuring alignment to UNFI’s enterprise security vision. Participate in the annual capital planning process to secure funding necessary to execute strategic initiatives.
• Oversee the design and engineering of all Network Security solutions, ensuring that architectures and implementations meet current and future enterprise requirements while aligning with Zero Trust principles.
• Serve as the Subject Matter Expert (SME) for network security tools and services (including Zscaler, CrowdStrike, Sectigo, and other Zero Trust technologies), providing deep technical guidance across engineering, operations, and project teams.
• Research, evaluate, and recommend new security technologies, leading proofs of concept (POCs) and feasibility assessments to validate functionality, scalability, operability, and business value.
• Define and maintain UNFI’s network security architecture, ensuring solutions are deployed according to industry best practices, align with platform and product team requirements, and support end‑to‑end Zero Trust adoption.
• Partner with Network Security Operations and MSP/BAU teams to establish robust operational processes—including turnover, knowledge transfer, runbooks, monitoring standards, and recovery procedures—ensuring consistent delivery quality and operational readiness.
• Ensure all firewall, segmentation, and security rulesets are designed and deployed in compliance with UNFI security standards, enforcing governance and quality across both internal engineers and MSP partners.
• Apply extensive technical expertise to drive decision‑making and resolve highly complex engineering and operational challenges in a fast‑paced, hybrid enterprise environment.
• Participate in vendor evaluations, contract negotiations, and selection processes, providing input that represents the needs and priorities of the Network Security Engineering function.
• Create and maintain functional and technical design documentation, ensuring engineering deliverables are clear, supportable, and aligned to project and operational requirements.
• Develop and standardize simple, repeatable deployment processes that increase velocity, improve consistency, and reduce operational risk across all security tooling and network security infrastructures.
• Collaborate cross‑functionally with platform, product, security, and infrastructure teams to ensure solutions integrate effectively and support UNFI’s strategic business and security objectives.
• Accountable for all aspects of managing the team including setting goals and objectives, managing performance, developing associates, staffing, promotions and salary administration, manages performance utilizing organization’s performance management system, practices and tools, applying them to developing and improving individual, team, and organizational performance.
• Lead the Network Security Engineering team, providing direction, coaching, and mentorship to ensure high‑quality engineering output, adherence to UNFI standards, and development of a strong technical talent pipeline.
• Provide oversight and governance of the Managed Service Provider’s network security operations teams (BAU), ensuring all daily operational changes are executed in compliance with UNFI security policies, standards, and change‑management requirements.
• Coach and mentor team members and technical staff on their assigned project tasks.
• Function at a strategic level providing direction to team but also roll up sleeves to maintain deep product/project knowledge to be able to effectively respond to questions/issues as they arise and counsel senior management appropriately
• Performs other relevant duties as required.

Education/Certifications:

• Bachelor’s degree in computer science or a related discipline desired, or relevant Network Security Engineering and management work experience

Experience:

• 7+ years of progressive experience in Network Security engineering, architecture, or operations within complex hybrid enterprise environments.
• 5+ years of experience leading technical teams, including security engineering, network engineering, or security tooling teams, with demonstrated success mentoring staff and driving high‑performance outcomes.
• Experience governing or overseeing Managed Service Providers (MSPs) delivering network security or security tooling services, including performance management, SLA compliance, operational quality oversight, and adherence to enterprise standards.
• Proven experience designing and deploying Zero Trust–aligned security architectures, including identity, endpoint, network segmentation, cloud security controls, and secure access technologies.
• Hands‑on engineering or architecture experience with modern security platforms, such as Zscaler, CrowdStrike, Sectigo, identity & access management tools, cloud‑native security controls, and other enterprise Zero Trust technologies.
• Demonstrated experience defining long‑term security strategies and roadmaps, presenting to senior leadership, and influencing multi‑year investment planning.
• Experience leading POCs, feasibility studies, and technology evaluations to assess new solutions and validate functional, operational, and financial fit for enterprise adoption.
• Strong background in firewall technologies, network security controls, segmentation, and secure network design, including rule governance and policy lifecycle management.
• Proven ability to collaborate across engineering, operations, product, infrastructure, and security teams, ensuring alignment of designs, operational readiness, and successful project delivery.
• Experience developing technical documentation, including design specifications, engineering standards, operational runbooks, and deployment processes.
• Demonstrated ability to solve highly complex technical problems, driving root cause analysis, risk reduction, and resilient system design.
• Experience participating in vendor selection and contract negotiations related to network security, cloud security, or managed services.

Knowledge/Skills/Abilities:

• Deep knowledge of network security architecture and engineering principles, including firewalls, segmentation, secure access, network policy design, and secure connectivity patterns across hybrid cloud/on‑prem environments.
• Strong understanding of Zero Trust security concepts, including identity‑based access controls, micro‑segmentation, secure remote access, continuous verification, and cloud‑delivered security services.
• Expertise with modern security tooling ecosystems, such as Zscaler (ZIA/ZPA), CrowdStrike, Sectigo, identity and certificate lifecycle management solutions, cloud‑native security controls, and enterprise logging/monitoring platforms.
• Advanced ability to analyze, design, and validate network security solutions, ensuring alignment to industry best practices, regulatory expectations, and organizational standards.
• Strong leadership skills, with the ability to mentor security engineers, influence cross‑functional teams, and drive engineering excellence in a fast‑paced, highly technical environment.
• Demonstrated ability to provide governance and oversight of Managed Service Provider (MSP) operations, ensuring adherence to SLAs, operational discipline, engineering standards, and change‑management processes.
• Exceptional problem‑solving skills, with the ability to diagnose and resolve highly complex technical issues that span multiple systems, tools, and teams.
• Excellent communication and interpersonal skills, including the ability to translate complex technical concepts for non‑technical audiences, collaborate effectively with internal stakeholders, and communicate expectations clearly to MSP partners.
• Strong analytical and strategic planning abilities, including evaluating new technologies, conducting feasibility and impact assessments, and contributing to long‑term security strategy and roadmap development.
• Ability to develop clear, comprehensive technical documentation, including architecture diagrams, runbooks, design specifications, engineering standards, and operational workflows.
• Proven capability to establish and enforce engineering best practices, including configuration standards, deployment patterns, quality controls, and repeatable processes that improve operational stability and delivery velocity.
• High degree of initiative and ownership, with the ability to drive outcomes independently, make data‑driven decisions, and ensure security engineering objectives are met.
• Ability to manage multiple priorities, handle shifting demands, and work effectively across engineering, operations, product, security, MSP, and vendor teams.

Remote Role:

• This position is classified as remote where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.

Office Roles:

• Most work is performed in a temperature‑controlled office environment.
• Incumbent may sit for long periods of time at a desk or computer terminal.
• While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear.
• Incumbent may use calculators, keyboards, telephones, and other office equipment in the course of a normal workday.
• Stooping, bending, twisting, and reaching may be required in the completion of job duties.

The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties and skills required of personnel so classified may vary within each department and/or location.