Dayforce US, Inc.
Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region.
Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce.
Our brand promise - Makes Work Life Better ™ - Reflects our commitment to employees, customers, partners and communities globally.
About the opportunity
The Cloud Security team is seeking a Principal Cloud Security Engineer to serve as a hands‑on technical expert and trusted advisor across our cloud programs. Our team owns the security of multiple cloud environments—primarily Azure and AWS—and the implementation of security controls to meet regulatory requirements across geographies. Beyond identifying issues, we partner closely with product and platform teams to design and deliver secure cloud‑based solutions. You’ll drive CNAPP implementation, harden our Azure and AWS footprint, embed security into CI/CD and Terraform workflows, and drive our journey toward FedRAMP, PBMM, and other government‑related compliances. You’ll thrive in a dynamic, fast‑paced environment, operate as a self‑starter, work independently, and stay relentlessly results‑oriented. What you’ll get to do
Lead CNAPP implementation: Plan and execute end‑to‑end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert‑to‑action workflows. Harden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicable. DevSecOps & shift left: Embed IaC and image security into GitHub/Terraform Cloud pipelines (pre‑merge checks, plan/policy gates, artifact signing, SBOMs/attestations). Terraform security & governance: Establish reusable modules and policy‑as‑code patterns to prevent misconfigurations before deploying; enforce baselines at plan time. Compliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooks. Cloud security architecture: Advise product and platform teams on secure designs and patterns; become a trusted security advisor to product and cloud operations teams; contribute to design reviews; mentor junior cloud security engineers. Incident & posture improvement: Partner with SecOps and AppSec teams to triage findings, evaluate risks, recommend remediation steps, and drive measurable improvements across vulnerabilities, identities, data, and workloads. Executive advisory: Communicate risk, trade‑offs, and roadmaps to senior leadership; influence prioritization through clear metrics and business outcomes. Skills and experience we value
Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience). 10+ years in security engineering/architecture with significant cloud security experience (SaaS or technology companies preferred) Deep, hands‑on expertise with:
CNAPP (Wiz or equivalent) deployment at scale, policy design, tuning, automation. Microsoft Defender for Cloud — policies, plans, recommendations, regulatory compliance, alerting. DevSecOps / CI/CD — integrating security tests and gates in GitHub Actions (or similar), artifact/image scanning, automated compliance evidence. Infrastructure as Code (IaC) - production‑grade Terraform Enterprise/Terraform Cloud (modules, registries, workspaces), plan‑time checks, drift control. Policy engineering — designing and implementing cloud security policies (Azure Policy initiatives; OPA/Sentinel policy‑as‑code) and mapping to frameworks (NIST, CIS, FedRAMP). Azure security (Entra ID/AAD, RBAC, networking, Key Vault, monitoring). Multi‑cloud, hands‑on experience with Azure and AWS services. Container/Kubernetes security — hardening AKS/EKS, admission controls, image signing, runtime protection; registries (ACR/ECR, JFrog Artifactory). Security automation — scripting (e.g., Python/PowerShell) to build guardrails, detections, and tooling.
Experience establishing KRIs/KPIs and tuning policies against NIST, CIS, STIG. Proven track record improving cloud security posture at scale with data‑driven KPIs. Experience implementing FedRAMP, PBMM (and similar frameworks like GovRAMP, NIST SP 800‑53, ISO 27001, SOC 2)—technical control mapping, automation, and continuous monitoring. Excellent stakeholder skills—operate as a trusted advisor to product, platform, compliance, and executive teams. Self‑starter who can work independently with minimal guidance and drive cross‑functional outcomes. Results‑oriented, with a bias for automation, measurable posture improvement, and clear KPIs. What would make you really stand out
Microsoft AZ‑500, SC‑100, SC‑200 certifications strongly preferred. One of the security certifications, such as CISSP or CCSP. DevOps experience with infrastructure, cloud, and application pipelines. Hands‑on experience with container and image scanning; SAST, DAST; and penetration testing tools. Knowledge of large language models (LLMs) and hands‑on experience designing and building generative‑AI–powered agents. Experience with Python, Java, .NET, C#, Rego, and YAML. #LI‑REMOTE What’s in it for you
Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here:
https://www.dayforce.com/be-aware-of-recruiting-fraud
#J-18808-Ljbffr
The Cloud Security team is seeking a Principal Cloud Security Engineer to serve as a hands‑on technical expert and trusted advisor across our cloud programs. Our team owns the security of multiple cloud environments—primarily Azure and AWS—and the implementation of security controls to meet regulatory requirements across geographies. Beyond identifying issues, we partner closely with product and platform teams to design and deliver secure cloud‑based solutions. You’ll drive CNAPP implementation, harden our Azure and AWS footprint, embed security into CI/CD and Terraform workflows, and drive our journey toward FedRAMP, PBMM, and other government‑related compliances. You’ll thrive in a dynamic, fast‑paced environment, operate as a self‑starter, work independently, and stay relentlessly results‑oriented. What you’ll get to do
Lead CNAPP implementation: Plan and execute end‑to‑end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert‑to‑action workflows. Harden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicable. DevSecOps & shift left: Embed IaC and image security into GitHub/Terraform Cloud pipelines (pre‑merge checks, plan/policy gates, artifact signing, SBOMs/attestations). Terraform security & governance: Establish reusable modules and policy‑as‑code patterns to prevent misconfigurations before deploying; enforce baselines at plan time. Compliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooks. Cloud security architecture: Advise product and platform teams on secure designs and patterns; become a trusted security advisor to product and cloud operations teams; contribute to design reviews; mentor junior cloud security engineers. Incident & posture improvement: Partner with SecOps and AppSec teams to triage findings, evaluate risks, recommend remediation steps, and drive measurable improvements across vulnerabilities, identities, data, and workloads. Executive advisory: Communicate risk, trade‑offs, and roadmaps to senior leadership; influence prioritization through clear metrics and business outcomes. Skills and experience we value
Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience). 10+ years in security engineering/architecture with significant cloud security experience (SaaS or technology companies preferred) Deep, hands‑on expertise with:
CNAPP (Wiz or equivalent) deployment at scale, policy design, tuning, automation. Microsoft Defender for Cloud — policies, plans, recommendations, regulatory compliance, alerting. DevSecOps / CI/CD — integrating security tests and gates in GitHub Actions (or similar), artifact/image scanning, automated compliance evidence. Infrastructure as Code (IaC) - production‑grade Terraform Enterprise/Terraform Cloud (modules, registries, workspaces), plan‑time checks, drift control. Policy engineering — designing and implementing cloud security policies (Azure Policy initiatives; OPA/Sentinel policy‑as‑code) and mapping to frameworks (NIST, CIS, FedRAMP). Azure security (Entra ID/AAD, RBAC, networking, Key Vault, monitoring). Multi‑cloud, hands‑on experience with Azure and AWS services. Container/Kubernetes security — hardening AKS/EKS, admission controls, image signing, runtime protection; registries (ACR/ECR, JFrog Artifactory). Security automation — scripting (e.g., Python/PowerShell) to build guardrails, detections, and tooling.
Experience establishing KRIs/KPIs and tuning policies against NIST, CIS, STIG. Proven track record improving cloud security posture at scale with data‑driven KPIs. Experience implementing FedRAMP, PBMM (and similar frameworks like GovRAMP, NIST SP 800‑53, ISO 27001, SOC 2)—technical control mapping, automation, and continuous monitoring. Excellent stakeholder skills—operate as a trusted advisor to product, platform, compliance, and executive teams. Self‑starter who can work independently with minimal guidance and drive cross‑functional outcomes. Results‑oriented, with a bias for automation, measurable posture improvement, and clear KPIs. What would make you really stand out
Microsoft AZ‑500, SC‑100, SC‑200 certifications strongly preferred. One of the security certifications, such as CISSP or CCSP. DevOps experience with infrastructure, cloud, and application pipelines. Hands‑on experience with container and image scanning; SAST, DAST; and penetration testing tools. Knowledge of large language models (LLMs) and hands‑on experience designing and building generative‑AI–powered agents. Experience with Python, Java, .NET, C#, Rego, and YAML. #LI‑REMOTE What’s in it for you
Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here:
https://www.dayforce.com/be-aware-of-recruiting-fraud
#J-18808-Ljbffr