Cloud Infrastructure Engineer Prin

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. 

Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce.

Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. 

Must be a US citizen, naturalized citizen, green card holder or permanent resident and authorized to work without sponsorship

About the opportunity 

We are seeking a highly skilled Principal Cloud Infrastructure Engineer with deep expertise in Terraform/Terraform Cloud, Azure, AWS, and CI/CD automation to join our Cloud Infrastructure Engineering and Automation (CIEA) team. In this senior individual contributor role, you will serve as a technical authority in designing, implementing, and scaling cloud infrastructure that powers Dayforce's next-generation cloud-native platforms.

You will drive Infrastructure as Code (IaC) best practices across multi-tenant environments, lead image build pipeline strategy, and establish engineering standards that enable secure, consistent, and reliable deployments at enterprise scale. This role demands someone who operates with autonomy, influences architecture decisions, and elevates the engineers around them.

What you'll get to do

Infrastructure Design & Automation

• Architect and deliver reusable Terraform modules and automation workflows for deploying Azure and AWS infrastructure at scale across multi-tenant environments.
• Drive Terraform Cloud workspace strategy including state management, drift detection, variable management, and Sentinel policy enforcement.
• Design and maintain Azure Compute Gallery (ACG) image build pipelines using Packer (HCL) and Ansible, including multi-region replication and cross-tenant image promotion workflows.
• Implement OIDC federation for secure, secretless authentication between GitHub Actions and Azure/AWS.

CI/CD & Platform Engineering

• Own and improve GitHub Actions pipelines with self-hosted runners as the primary CI/CD platform — no Azure DevOps.
• Implement and mature GitOps workflows using ArgoCD for Kubernetes workloads running on AKS.
• Build and maintain automation tooling in Python and Bash supporting image promotion, compliance scanning, and deployment orchestration.

Security & Compliance

• Lead compliance scanning integration using Wiz, replacing legacy OpenSCAP tooling, and drive remediation workflows aligned to NIST 800-53 and PBMM (PROTECT B) frameworks.
• Conduct risk assessments, threat modeling, and vulnerability management for cloud workloads across Hub and spoke tenant architectures.
• Implement and manage HashiCorp Vault for secrets brokering across CI/CD pipelines and infrastructure deployments.

Standards & Mentorship

• Set technical direction through architecture reviews, code reviews, and documentation that elevates platform engineering practice.
• Mentor engineers on IaC patterns, security posture, and DevSecOps principles.
• Partner with security, product, and engineering teams to ensure infrastructure is secure, scalable, and operationally excellent.

Skills and experience we value

• 8+ years in cloud infrastructure, DevOps, or platform engineering roles with demonstrated senior or principal-level scope.
• Advanced proficiency with Terraform and Terraform Cloud — modules, workspaces, state, policy enforcement.
• Hands-on experience with Packer (HCL templates) and Ansible for automated image builds.
• Deep experience with GitHub Actions CI/CD including self-hosted runners and OIDC-based authentication to cloud providers.
• Strong Azure expertise — AKS, ACR, Azure Compute Gallery, networking, RBAC, identity, and security.
• Experience with HashiCorp Vault for secrets management in enterprise environments.
• Proficient in Python and Bash for infrastructure automation and tooling.
• Familiarity with compliance frameworks such as NIST 800-53 or Canadian PBMM (PROTECT B).
• Experience with Wiz or equivalent CSPM/compliance scanning platforms.

What would make you really stand out

• Experience with ArgoCD and GitOps patterns on Kubernetes (AKS).
• Grafana dashboard development for infrastructure observability.
• AWS infrastructure experience alongside Azure.