Principal Cybersecurity Engineer

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota. They are seeking a Principal Cybersecurity Engineer with strong expertise in Identity and Access Management (IAM) to support and secure a FedRAMP ATO–authorized environment, focusing on designing and implementing Privileged Access Management and Identity Governance solutions.

Responsibilities:

• Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just-in-time access
• Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role-based access control
• Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ID) and non-identity systems, including ServiceNow, SIEM/SOAR platforms, and other enterprise applications
• Manage and secure identities in Microsoft Entra ID (Azure AD), including: Conditional Access policies, MFA and passwordless authentication, Privileged Identity Management (PIM), External and workforce identities
• Develop and maintain PowerShell automation for IAM, PAM, and compliance workflows
• Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls
• Integrate IAM solutions with cloud platforms, SaaS applications, and on-prem systems
• Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC)
• Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs, webhooks, and scripted integrations
• Implement and operate security controls aligned with NIST 800-53 Moderate
• Support FedRAMP ATO audits, assessments, and continuous monitoring activities
• Produce and maintain technical documentation, SOPs, and evidence artifacts
• Participate in vulnerability remediation, access reviews, and incident response related to identity security

Requirements:

• 5+ years engineering experience with IAM capabilities / technologies such as IGA, PAM, and IAM
• Hands-on experience designing, implementing, and operating Privileged Access Management (PAM) and Identity Governance & Administration (IGA) solutions
• Deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra ID, Azure Automation and automation using PowerShell
• Experience calling API's and using modern scripting languages to support secure, scalable, and compliant cloud environments
• Ability to obtain and maintain Public Trust clearance
• Expert knowledge and hands-on technical experience with MS Entra, Onprem Delinea PAM, IAM, and One Identity IGA solutions
• Expert knowledge and hands-on technical experience with automation calling API's
• Expert knowledge of SSO, MFA, RBAC, MS Entra PIM
• Highly proficient in automation scripting languages such as PowerShell
• Superior communication skills (written and verbal) with an ability to articulate complex topics in a business understandable manner at all levels in an enterprise
• Ability to prioritize workload and consistently meet deadlines in a fast-paced environment
• Produce and maintain technical documentation, SOPs, and evidence artifacts
• Participate in vulnerability remediation, access reviews, and incident response related to identity security
• Familiarity with Proofpoint email security platforms, including identity-based threat protection and user risk signals
• Experience implementing and managing FIDO2 / hardware security keys (e.g., YubiKeys) for phishing-resistant authentication
• Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are highly desirable
• Bachelor's degree is a plus