[Remote] Principal Cybersecurity Cloud Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Dayforce is a global human capital management company headquartered in Toronto and Minneapolis. They are seeking a Principal Cloud Security Engineer to lead the implementation of security controls across multiple cloud environments, primarily Azure and AWS, while ensuring compliance with regulatory requirements and collaborating with product and platform teams.ResponsibilitiesLead CNAPP implementation: Plan and execute end-to-end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert-to-action workflowsHarden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicableDevSecOps & IaC governance: Embed security into CI/CD and Terraform workflows (pre-merge checks, plan/policy gates, artifact signing, SBOMs/attestations) and establish reusable modules and policy-as-code patterns to prevent misconfigurations before deploying; enforce baselines at plan timeCompliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooksCloud security architecture & blueprint: Own and evolve the cloud security reference architecture (standardized landing zones, identity and access patterns, network segmentation, encryption standards, logging/monitoring baselines, and guardrails) for Azure (primary) and AWS (in scope); advise product and platform teams on secure designs, lead design reviews, and mentor engineersIncident & posture improvement: Partner with SecOps and AppSec teams to triage findings, evaluate risks, recommend remediation steps, and drive measurable improvements across vulnerabilities, identities, data, and workloadsExecutive advisory: Communicate risk, trade-offs, and roadmaps to senior leadership; influence prioritization through clear metrics and business outcomesBuild automated guardrails and drift detection/auto-remediation using Terraform (and/or Bicep/ARM where applicable), integrating controls into CI/CD to consistently enforce secure defaultsKubernetes/AKS security: Partner with platform teams to harden AKS (RBAC, network policies, workload identity), implement admission controls, and operationalize Wiz Sensors and CNAPP findings into engineering workflows and secure runtime baselinesSkillsBachelor's degree in Computer Science, Engineering, or related field (or equivalent experience)10+ years in security engineering/architecture with significant cloud security experience (SaaS or technology companies preferred)Deep, hands-on expertise with CNAPP (Wiz or equivalent) deployment at scale, policy design, tuning, automation; and Microsoft Defender for Cloud (policies, plans, recommendations, regulatory compliance, alerting)DevSecOps / CI/CD: integrating security tests and gates in GitHub Actions (or similar), artifact/image scanning, and automated compliance evidence; securing pipeline identities, secrets, and supply chain integrityInfrastructure as Code (IaC): production-grade Terraform Enterprise/Terraform Cloud (modules, registries, workspaces), plan-time checks, and drift controlPolicy engineering: designing and implementing cloud security policies (Azure Policy initiatives; OPA/Sentinel policy-as-code) and mapping to frameworks (NIST, CIS)Azure security (Entra ID/AAD, RBAC, networking, Key Vault, monitoring)Multi-cloud, hands-on experience with Azure and AWS servicesContainer and Kubernetes security: cluster hardening, workload identity/RBAC, network policies, admission controls, image signing/verification, runtime protection, and container registries (ACR/ECR, JFrog Artifactory)Security automation: scripting (e.g., Python/PowerShell) to build guardrails, detections, and toolingExperience establishing and reporting KRIs/KPIs and improving cloud security posture at scale using data-driven metrics (e.g., NIST, CIS, STIG)Experience delivering cloud implementations in regulated environments, including U.S. Government / U.S. Public Sector requirements (FedRAMP, NIST SP 800-53) and Canadian Government / Public Sector requirements (PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) — including control mapping, automation, and continuous monitoringExcellent stakeholder skills—operate as a trusted advisor to product, platform, compliance, and executive teamsSelf-starter who can work independently, communicate clearly, and drive cross-functional outcomes with a bias for automation and measurable posture improvementProven track record operating as a Cloud Security Architect across CNAPP, Wiz, Terraform, and CI/CD pipeline architectures—defining cloud policies, integrating cloud-native and CNAPP controls, and leveraging their control frameworks for continuous complianceHands-on experience securing Kubernetes (AKS) using Wiz Sensor tooling (deployment, operations, and integration with detection and remediation workflows)Microsoft AZ-500, SC-100, SC-200 certifications strongly preferredOne of the security certifications, such as CISSP or CCSPDevOps experience with infrastructure, cloud, and application pipelinesHands-on experience with container and image scanning; SAST, DAST; and penetration testing toolsKnowledge of large language models (LLMs) and hands-on experience designing and building generative-AI–powered agentsExperience with Python, Java, .NET, C#, Rego, and YAMLBenefitsExcellent time away from work programsComprehensive wellness initiativesRecognition through competitive pay and benefitsVolunteer days and our charity, Dayforce CaresCompany OverviewDayforce is a time and attendance application that helps businesses automate clocking and streamline employee payroll. It was founded in 2008, and is headquartered in Toronto, Ontario, CAN, with a workforce of 5001-10000 employees. Its website is http://www.dayforce.com.Company H1B SponsorshipDayforce has a track record of offering H1B sponsorships, with 1 in 2026, 2 in 2025, 3 in 2024. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Southwest Airlines Virtual Assistant Careers – [part Time / Remote]

Remote

[Remote] Tax Advisor / Client Success Manager

Remote

Yelp Careers Remove Spam Comments Remover

Remote

Nursing Clinical Education Coordinator

Remote

CART Captioning (Bay Area)

Remote

Experienced Customer Service Representative – Aviation Industry Expertise

Remote

Entry Level: Patient Records Coordinator – Specialty Pharmacy **REMOTE**/No Experience/Degree Required

Remote

Solutions Engineering Post Sales

Remote

Join Our REMOTE Team & Thrive!

Remote

Product Manager – Veeva Link Workflow

Remote
← Back