Cornerstone

About the Opportunity

The Dayforce Product Security team is responsible for the security of Dayforce products. We enhance product security by finding, fixing, and preventing security flaws across the Dayforce family of products, including Dayforce, Dayforce Wallet, and others.

We build the tooling and run the programs that improve the security of our people-first cloud platform. Beyond simply pointing out issues, we solve problems through close partnership with Product, Development, and CloudOps teams.

As such, we are looking for a Principal Cloud Security Architect with strong technical and leadership skills, a background in public cloud and infrastructure security, and a bias for automation. A passion for solving complex cloud security challenges in a fast-moving, agile environment is essential. The ideal candidate is comfortable working across the company and enjoys finding innovative ways to mitigate risk while protecting the data of more than five million users of Dayforce products.

Responsibilities

Strategic Leadership

• Provide strategic leadership and vision for the cloud security architecture, ensuring alignment with business and technology strategy.
• Lead the development and execution of a comprehensive multi-cloud (Azure primary; AWS in scope) security strategy.

Cloud Security Blueprint

• Own the definition and implementation of the cloud security blueprint—standardized landing zones, identity and access patterns, network segmentation, encryption standards, logging/monitoring baselines, and guardrails.
• Maintain an architecture framework that addresses current and emerging threats.

Governance and Compliance

• Oversee cloud governance and technical compliance design and enforcement (Azure and AWS).
• Ensure services comply with industry standards, regulations, and best practices by implementing policy-as-code (e.g., Azure Policy, AWS Organizations/SCPs) and continuous monitoring and auditing.

Security SME

• Act as the security subject matter expert for cloud and SaaS environments, owning the identification and remediation of security deficiencies.
• Drive maturity beyond compliance by leading threat modeling, control selection, and risk decisions for cloud workloads.

Automation and Tooling

• Design, build, and maintain automated guardrails and template configurations using Terraform and Bicep.
• Implement drift detection and auto-remediation pipelines; integrate controls into CI/CD to consistently enforce secure defaults.

Best Practices and Guidance

• Create and deliver best-practice recommendations, reference architectures, guidance, sample code, and technical presentations.
• Publish high-quality security documentation and enablement materials for engineering and operations teams.

Collaboration and Partnership

• Partner closely with Product, Development, SRE, and CloudOps to refine cloud security capabilities through collaborative roadmaps, design reviews, and reusable templates/modules.
• Build strong relationships with stakeholders to drive adoption.

Security Specifications

• Define high-level and detailed security specifications for identity, secrets and key management, data protection, network security, logging/telemetry, and incident response in the cloud.
• Ensure security is integrated into the design of all cloud solutions.

DevSecOps Enablement

• “Shift left” common security tasks by integrating scanning, testing, and policy checks into developer workflows and pipelines (containers, IaC, secrets, dependencies).
• Promote image signing/provenance and SBOM practices for cloud workloads.

Service Catalog Contribution

• Contribute secure, compliant cloud-native modules and patterns to the internal service catalog (e.g., hardened Terraform/Bicep modules, reference repos).
• Ensure services are reviewed regularly and updated for new threats and controls.

Security Controls Implementation

• Collaborate with engineering and operations to implement and automate cloud security controls and processes (e.g., CSPM/CNAPP, CIEM, KMS/Key Vault, WAF, endpoint and container protections, SIEM integration).
• Develop and maintain cloud-native monitoring and reporting solutions.

Culture and Training

• Foster a security-first culture by partnering with engineering teams to balance performance, reliability, cost, and security.
• Develop and deliver training to raise awareness of cloud security best practices and paved-road adoption.

Qualifications

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
• 10+ years of experience in software development, DevOps, or technical cybersecurity roles, with a strong emphasis on cloud security.
• 5+ years in a senior Security Engineering or cloud DevOps role.
• Extensive experience in Azure and AWS, including security of cloud-native applications and services.
• Deep expertise in infrastructure-as-code security, including Terraform and Bicep (ARM experience a plus).
• Proven track record of partnering with software engineering organizations to influence design and drive secure adoption.
• Experience working in a diverse global organization.
• Proficiency in programming/scripting such as Python, PowerShell, and Bash (Go a plus).
• Expertise in Kubernetes and container security (admission controls, image scanning, secrets management).
• Comprehensive knowledge of microservices architectures and cloud networking.
• Strong knowledge of enterprise architecture concepts and tools.
• In-depth understanding of cloud architecture and how applications/data are managed and secured in the cloud, including hybrid integration patterns.
• Expertise with Azure & AWS security services, Docker, and Kubernetes.
• Minimum of 3 years operating in compliant environments such as PCI DSS (v4.0), ISO/IEC 27001:2022, SOC 2, HITRUST, FedRAMP, or similarly regulated industries.

Preferred Qualifications

• Advanced security certifications such as CISSP, GSEC, Azure Solutions Architect, Azure Security Engineer/Technologies, and/or AWS Security Specialty.
• Significant DevOps experience with infrastructure, cloud, and application pipelines (GitHub/GitLab/Azure DevOps).
• Experience running operational teams and managing large-scale security programs/projects.
• Strong leadership and team management skills with the ability to inspire and motivate others.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical audiences.