Cloud Infrastructure Engineer Prin

About The Position

Requirements

• 8+ years in cloud infrastructure, DevOps, or platform engineering roles with demonstrated senior or principal-level scope.
• Advanced proficiency with Terraform and Terraform Cloud — modules, workspaces, state, policy enforcement.
• Hands-on experience with Packer (HCL templates) and Ansible for automated image builds.
• Deep experience with GitHub Actions CI/CD including self-hosted runners and OIDC-based authentication to cloud providers.
• Strong Azure expertise — AKS, ACR, Azure Compute Gallery, networking, RBAC, identity, and security.
• Experience with HashiCorp Vault for secrets management in enterprise environments.
• Proficient in Python and Bash for infrastructure automation and tooling.
• Familiarity with compliance frameworks such as NIST 800-53 or Canadian PBMM (PROTECT B).
• Experience with Wiz or equivalent CSPM/compliance scanning platforms.

Nice To Haves

• Experience with ArgoCD and GitOps patterns on Kubernetes (AKS).
• Grafana dashboard development for infrastructure observability.
• AWS infrastructure experience alongside Azure.

Responsibilities

• Architect and deliver reusable Terraform modules and automation workflows for deploying Azure and AWS infrastructure at scale across multi-tenant environments.
• Drive Terraform Cloud workspace strategy including state management, drift detection, variable management, and Sentinel policy enforcement.
• Design and maintain Azure Compute Gallery (ACG) image build pipelines using Packer (HCL) and Ansible, including multi-region replication and cross-tenant image promotion workflows.
• Implement OIDC federation for secure, secretless authentication between GitHub Actions and Azure/AWS.
• Own and improve GitHub Actions pipelines with self-hosted runners as the primary CI/CD platform — no Azure DevOps.
• Implement and mature GitOps workflows using ArgoCD for Kubernetes workloads running on AKS.
• Build and maintain automation tooling in Python and Bash supporting image promotion, compliance scanning, and deployment orchestration.
• Lead compliance scanning integration using Wiz, replacing legacy OpenSCAP tooling, and drive remediation workflows aligned to NIST 800-53 and PBMM (PROTECT B) frameworks.
• Conduct risk assessments, threat modeling, and vulnerability management for cloud workloads across Hub and spoke tenant architectures.
• Implement and manage HashiCorp Vault for secrets brokering across CI/CD pipelines and infrastructure deployments.
• Set technical direction through architecture reviews, code reviews, and documentation that elevates platform engineering practice.
• Mentor engineers on IaC patterns, security posture, and DevSecOps principles.
• Partner with security, product, and engineering teams to ensure infrastructure is secure, scalable, and operationally excellent.

Benefits

• Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment.
• Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits.
• With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself.