• Develop and implement the organization’s information security strategy, policies, and governance frameworks aligned with business and legal requirements. • Lead risk assessments, vulnerability management, and enterprise security risk mitigation initiatives. • Ensure compliance with industry standards and regulatory frameworks such as SOC 2, ISO 27001, GDPR, NIST, and CIS. • Oversee day-to-day security operations, including threat monitoring, vulnerability management, detection, and incident response processes. • Ensure the security of cloud environments, networks, applications, and internal infrastructure, including controls such as firewalls, encryption, and identity management. • Partner with IT, engineering, DevOps, product, and legal teams to integrate security into systems and development processes. • Lead and mentor security engineers and analysts, promote security awareness, and report security posture and risks to executive leadership.

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. About the role The Cloud Security team is seeking a Principal Cloud Security Engineer to serve as a hands-on technical expert and trusted advisor across our cloud programs. Our team owns the security of multiple cloud environments—primarily Azure and AWS—and the implementation of security controls to meet regulatory requirements across geographies. Beyond identifying issues, we partner closely with product and platform teams to design and deliver secure cloud-based solutions. You will lead CNAPP implementation, harden our Azure and AWS footprint, embed security into CI/CD and Terraform workflows, and support our path to FedRAMP, PBMM, and other public-sector compliance programs. In this role, you will develop and drive the implementation of our Cloud Security Architecture and CNAPP architecture—defining secure-by-default reference patterns, guardrails, and scalable control implementations for Azure (primary) and AWS (in scope). You will partner with platform engineering, SRE, product, and compliance teams to translate architectural intent into actionable engineering work and measurable posture improvements. You will map regulatory requirements (e.g., FedRAMP, NIST SP 800-53, PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) to cloud security capabilities such as identity and access management, network segmentation, encryption and key management, logging/monitoring, vulnerability management, container/Kubernetes security, and continuous compliance. You will then engineer, implement, and operationalize these controls using cloud-native services and Wiz (policies, sensors, and workflows), integrated into Terraform and CI/CD pipelines with policy-as-code, drift detection, and automated evidence where feasible. You’ll thrive in a dynamic, fast-paced environment, operate as a self-starter, work independently, and stay relentlessly results-oriented. What You'll Do - Lead CNAPP implementation: Plan and execute end-to-end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert-to-action workflows. - Harden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicable. - DevSecOps & IaC governance: Embed security into CI/CD and Terraform workflows (pre-merge checks, plan/policy gates, artifact signing, SBOMs/attestations) and establish reusable modules and policy-as-code patterns to prevent misconfigurations before deploying; enforce baselines at plan time. - Compliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooks. - Cloud security architecture & blueprint: Own and evolve the cloud security reference architecture (standardized landing zones, identity and access patterns, network segmentation, encryption standards, logging/monitoring baselines, and guardrails) for Azure (primary) and AWS (in scope); advise product and platform teams on secure designs, lead design reviews, and mentor engineers. - Incident & posture improvement: Partner with SecOps and AppSec teams to triage findings, evaluate risks, recommend remediation steps, and drive measurable improvements across vulnerabilities, identities, data, and workloads. - Executive advisory: Communicate risk, trade-offs, and roadmaps to senior leadership; influence prioritization through clear metrics and business outcomes. - Build automated guardrails and drift detection/auto-remediation using Terraform (and/or Bicep/ARM where applicable), integrating controls into CI/CD to consistently enforce secure defaults. - Kubernetes/AKS security: Partner with platform teams to harden AKS (RBAC, network policies, workload identity), implement admission controls, and operationalize Wiz Sensors and CNAPP findings into engineering workflows and secure runtime baselines. What You Bring - Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience). - 10+ years in security engineering/architecture with significant cloud security experience (SaaS or technology companies preferred). - Deep, hands-on expertise with: - CNAPP (Wiz or equivalent) deployment at scale, policy design, tuning, automation; and Microsoft Defender for Cloud (policies, plans, recommendations, regulatory compliance, alerting). - DevSecOps / CI/CD: integrating security tests and gates in GitHub Actions (or similar), artifact/image scanning, and automated compliance evidence; securing pipeline identities, secrets, and supply chain integrity. - Infrastructure as Code (IaC): production-grade Terraform Enterprise/Terraform Cloud (modules, registries, workspaces), plan-time checks, and drift control. - Policy engineering: designing and implementing cloud security policies (Azure Policy initiatives; OPA/Sentinel policy-as-code) and mapping to frameworks (NIST, CIS). - Azure security (Entra ID/AAD, RBAC, networking, Key Vault, monitoring). - Multi-cloud, hands-on experience with Azure and AWS services. - Container and Kubernetes security: cluster hardening, workload identity/RBAC, network policies, admission controls, image signing/verification, runtime protection, and container registries (ACR/ECR, JFrog Artifactory). - Security automation: scripting (e.g., Python/PowerShell) to build guardrails, detections, and tooling. - Experience establishing and reporting KRIs/KPIs and improving cloud security posture at scale using data-driven metrics (e.g., NIST, CIS, STIG). - Experience delivering cloud implementations in regulated environments, including U.S. Government / U.S. Public Sector requirements (FedRAMP, NIST SP 800-53) and Canadian Government / Public Sector requirements (PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) — including control mapping, automation, and continuous monitoring. - Excellent stakeholder skills—operate as a trusted advisor to product, platform, compliance, and executive teams. - Self-starter who can work independently, communicate clearly, and drive cross-functional outcomes with a bias for automation and measurable posture improvement. - Proven track record operating as a Cloud Security Architect across CNAPP, Wiz, Terraform, and CI/CD pipeline architectures—defining cloud policies, integrating cloud-native and CNAPP controls, and leveraging their control frameworks for continuous compliance. - Hands-on experience securing Kubernetes (AKS) using Wiz Sensor tooling (deployment, operations, and integration with detection and remediation workflows). Preferred Qualifications - Microsoft AZ-500, SC-100, SC-200 certifications strongly preferred. - One of the security certifications, such as CISSP or CCSP. - DevOps experience with infrastructure, cloud, and application pipelines. - Hands-on experience with container and image scanning; SAST, DAST; and penetration testing tools. - Knowledge of large language models (LLMs) and hands-on experience designing and building generative-AI–powered agents. - Experience with Python, Java, .NET, C#, Rego, and YAML. #LI-REMOTE What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. About the role The Cloud Security team is seeking a Principal Cloud Security Engineer to serve as a hands-on technical expert and trusted advisor across our cloud programs. Our team owns the security of multiple cloud environments—primarily Azure and AWS—and the implementation of security controls to meet regulatory requirements across geographies. Beyond identifying issues, we partner closely with product and platform teams to design and deliver secure cloud-based solutions. You will lead CNAPP implementation, harden our Azure and AWS footprint, embed security into CI/CD and Terraform workflows, and support our path to FedRAMP, PBMM, and other public-sector compliance programs. In this role, you will develop and drive the implementation of our Cloud Security Architecture and CNAPP architecture—defining secure-by-default reference patterns, guardrails, and scalable control implementations for Azure (primary) and AWS (in scope). You will partner with platform engineering, SRE, product, and compliance teams to translate architectural intent into actionable engineering work and measurable posture improvements. You will map regulatory requirements (e.g., FedRAMP, NIST SP 800-53, PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) to cloud security capabilities such as identity and access management, network segmentation, encryption and key management, logging/monitoring, vulnerability management, container/Kubernetes security, and continuous compliance. You will then engineer, implement, and operationalize these controls using cloud-native services and Wiz (policies, sensors, and workflows), integrated into Terraform and CI/CD pipelines with policy-as-code, drift detection, and automated evidence where feasible. You’ll thrive in a dynamic, fast-paced environment, operate as a self-starter, work independently, and stay relentlessly results-oriented. What You'll Do - Lead CNAPP implementation: Plan and execute end-to-end rollout of Wiz (and related CNAPP tooling) across Azure (and select AWS), including policy design, tuning, and alert-to-action workflows. - Harden clouds at scale: Design and enforce guardrails (Azure Policy, Defender for Cloud plans, identity controls, network segmentation, logging/monitoring) and extend patterns to AWS where applicable. - DevSecOps & IaC governance: Embed security into CI/CD and Terraform workflows (pre-merge checks, plan/policy gates, artifact signing, SBOMs/attestations) and establish reusable modules and policy-as-code patterns to prevent misconfigurations before deploying; enforce baselines at plan time. - Compliance engineering: Translate FedRAMP, CIS, and other frameworks into technical controls, automated evidence, continuous monitoring, and remediation playbooks. - Cloud security architecture & blueprint: Own and evolve the cloud security reference architecture (standardized landing zones, identity and access patterns, network segmentation, encryption standards, logging/monitoring baselines, and guardrails) for Azure (primary) and AWS (in scope); advise product and platform teams on secure designs, lead design reviews, and mentor engineers. - Incident & posture improvement: Partner with SecOps and AppSec teams to triage findings, evaluate risks, recommend remediation steps, and drive measurable improvements across vulnerabilities, identities, data, and workloads. - Executive advisory: Communicate risk, trade-offs, and roadmaps to senior leadership; influence prioritization through clear metrics and business outcomes. - Build automated guardrails and drift detection/auto-remediation using Terraform (and/or Bicep/ARM where applicable), integrating controls into CI/CD to consistently enforce secure defaults. - Kubernetes/AKS security: Partner with platform teams to harden AKS (RBAC, network policies, workload identity), implement admission controls, and operationalize Wiz Sensors and CNAPP findings into engineering workflows and secure runtime baselines. What You Bring - Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience). - 10+ years in security engineering/architecture with significant cloud security experience (SaaS or technology companies preferred). - Deep, hands-on expertise with: - CNAPP (Wiz or equivalent) deployment at scale, policy design, tuning, automation; and Microsoft Defender for Cloud (policies, plans, recommendations, regulatory compliance, alerting). - DevSecOps / CI/CD: integrating security tests and gates in GitHub Actions (or similar), artifact/image scanning, and automated compliance evidence; securing pipeline identities, secrets, and supply chain integrity. - Infrastructure as Code (IaC): production-grade Terraform Enterprise/Terraform Cloud (modules, registries, workspaces), plan-time checks, and drift control. - Policy engineering: designing and implementing cloud security policies (Azure Policy initiatives; OPA/Sentinel policy-as-code) and mapping to frameworks (NIST, CIS). - Azure security (Entra ID/AAD, RBAC, networking, Key Vault, monitoring). - Multi-cloud, hands-on experience with Azure and AWS services. - Container and Kubernetes security: cluster hardening, workload identity/RBAC, network policies, admission controls, image signing/verification, runtime protection, and container registries (ACR/ECR, JFrog Artifactory). - Security automation: scripting (e.g., Python/PowerShell) to build guardrails, detections, and tooling. - Experience establishing and reporting KRIs/KPIs and improving cloud security posture at scale using data-driven metrics (e.g., NIST, CIS, STIG). - Experience delivering cloud implementations in regulated environments, including U.S. Government / U.S. Public Sector requirements (FedRAMP, NIST SP 800-53) and Canadian Government / Public Sector requirements (PBMM, GC Cloud Guardrails, ITSG-33 or equivalent) — including control mapping, automation, and continuous monitoring. - Excellent stakeholder skills—operate as a trusted advisor to product, platform, compliance, and executive teams. - Self-starter who can work independently, communicate clearly, and drive cross-functional outcomes with a bias for automation and measurable posture improvement. - Proven track record operating as a Cloud Security Architect across CNAPP, Wiz, Terraform, and CI/CD pipeline architectures—defining cloud policies, integrating cloud-native and CNAPP controls, and leveraging their control frameworks for continuous compliance. - Hands-on experience securing Kubernetes (AKS) using Wiz Sensor tooling (deployment, operations, and integration with detection and remediation workflows). Preferred Qualifications - Microsoft AZ-500, SC-100, SC-200 certifications strongly preferred. - One of the security certifications, such as CISSP or CCSP. - DevOps experience with infrastructure, cloud, and application pipelines. - Hands-on experience with container and image scanning; SAST, DAST; and penetration testing tools. - Knowledge of large language models (LLMs) and hands-on experience designing and building generative-AI–powered agents. - Experience with Python, Java, .NET, C#, Rego, and YAML. What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

Description *This position is contingent on a future opening with Gunnison. Salary: $155,000-$165,000 Work location: Remote. Candidates must be local to the DC area in case of on-site meetings in Rockville, Maryland. The ICAM Lead directs the strategy, operation, and continuous improvement of an organization’s Identity, Credential, and Access Management ecosystem, overseeing identity lifecycle processes, credential technologies (including PKI, PIV-like tokens, and one-time-password systems), and both logical and physical access controls. This role provides expert guidance on authentication and authorization architectures, maintains and enhances identity platforms such as identity governance systems and directory services, ensures alignment with federal-level security standards and industry best practices, leads Tier 3 troubleshooting and root-cause analysis for complex access issues, and collaborates across cybersecurity, infrastructure, and application teams to integrate ICAM capabilities into broader enterprise architectures, Zero Trust initiatives, and ongoing modernization efforts. Requirements - US Citizenship required - Experience successfully interpreting and applying FIPS 201, HSPD-12, OMB memorandums, NIST publications, and CIO Council papers to active ICAM services covering more than 5,000 users spread throughout the United States. - Experience applying general subject matter expertise and consultative support related specifically to ICAM functions, technologies, approaches, and industry direction. - Knowledge of how to translate ICAM expertise into successfully resolving Tier 3 ICAM Support Incidents. - Experience with and advanced technical knowledge of PKI, including SSL certificates. - Experience with and advanced technical knowledge of authentication technologies including Windows integrated authentication, OTP, and federated authentication solutions. - Experience performing proactive Federal Agency level ICAM architecture planning and implementation activities. - A high-level of experience and skill relevant to the role - Strong project management skills; experience in organizing, planning, and executing large-scale projects from the envisioning stage through to implementation, involving internal personnel, Contractors, and vendors; ability to analyze project needs and determine resources needed to meet objectives in a fast paced, high pressure and relatively complex technical environment - Strong analytical and problem-solving skills - Strong teamwork and interpersonal skills and the ability to communicate with all management levels - High standards of respect for individuals, excellence, and service to the customer Clearance Requirement: Ability to obtain and maintain a Public Trust clearance. The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements. Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include: - 3 weeks of Personal Leave your first year - 11 paid Holidays each year - 5 days of Flexible Time Off each year - 401(k) company match at 50% up to 10% of your salary - Medical, Dental and Vision Insurance - Life and Disability Insurance - Public Transportation Subsidies - Certifications and Training Allowance - $2,500/year! Why Join Gunnison? - Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation. - Quality is our top priority. - Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer. - There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow. - We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding. - We hire for careers at Gunnison, not to fill a position. Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time. In 1994 Gunnison began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.