Principal Cybersecurity Cloud Engineer

Skip to Content Sign In Principal Cybersecurity Cloud Engineer Req #23454 Pennsylvania, USA• Virginia, USA• Massachusetts, USA• Maine, USA• Vermont, USA• New Hampshire, USA• West Virginia, USA• Maryland, USA• Delaware, USA• Georgia, USA• Washington, DC, USA• Connecticut, USA• New York, USA• Ohio, USA• United States• South Carolina, USA• Rhode Island, USA• New Jersey, USA• North Carolina, USA Apply Share Job Description Posted Thursday, March 12, 2026 at 9:00 PM | Expires Friday, May 15, 2026 at 8:59 PM Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. About the role The Cloud Security team is seeking a Principal Cloud Security Engineer to serve as a hands-on technical expert and trusted advisor across our cloud programs. Our team owns the security of multiple cloud environments—primarily Azure and AWS—and the implementation of security controls to meet regulatory requirements across geographies. Beyond identifying issues, we partner closely with product and platform teams to design and deliver secure cloud-based solutions. You will lead CNAPP implementation, harden our Azure and AWS footprint, embed security into CI/CD and Terraform workflows, and support our path to FedRAMP, PBMM, and other public-sector compliance programs. In this role, you will develop and drive the implementation of our Cloud Security Architecture and CNAPP architecture—defining secure-by-default reference patterns, guardrails, and scalable control implementations for Azure (primary) and AWS (in scope). You will partner with platform engineering, SRE, product, and compliance teams to translate architectural intent into actionable engineering work and measurable posture improvements. You will map regulatory requirements (e.g., FedRAMP, NIST SP 800-53, PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) to cloud security capabilities such as identity and access management, network segmentation, encryption and key management, logging/monitoring, vulnerability management, container/Kubernetes security, and continuous compliance. You will then engineer, implement, and operationalize these controls using cloud-native services and Wiz (policies, sensors, and workflows), integrated into Terraform and CI/CD pipelines with policy-as-code, drift detection, and automated evidence where feasible. You’ll thrive in a dynamic, fast-paced environment, operate as a self-starter, work independently, and stay relentlessly results-oriented. What You'll Do Lead CNAPP implementation: Plan and execute end-to-end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert-to-action workflows. Harden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicable. DevSecOps & IaC governance: Embed security into CI/CD and Terraform workflows (pre-merge checks, plan/policy gates, artifact signing, SBOMs/attestations) and establish reusable modules and policy-as-code patterns to prevent misconfigurations before deploying; enforce baselines at plan time. Compliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooks. Cloud security architecture & blueprint: Own and evolve the cloud security reference architecture (standardized landing zones, identity and access patterns, network segmentation, encryption st ... (truncated, view full listing at source)