Key skills
PythonBashAWSAzureTerraformKubernetesGitHub ActionsAnsibleVaultAKSArgoCDPackerAzure DevOpsGrafanaGitHubGitOpsCI/CDMentoring
About this role
Dayforce is a global human capital management company headquartered in Minneapolis, Minnesota, seeking a highly skilled Principal Cloud Infrastructure Engineer. This role involves designing, implementing, and scaling cloud infrastructure, driving Infrastructure as Code best practices, and mentoring engineers to elevate platform engineering practices.
Responsibilities:
- Architect and deliver reusable Terraform modules and automation workflows for deploying Azure and AWS infrastructure at scale across multi-tenant environments
- Drive Terraform Cloud workspace strategy including state management, drift detection, variable management, and Sentinel policy enforcement
- Design and maintain Azure Compute Gallery (ACG) image build pipelines using Packer (HCL) and Ansible, including multi-region replication and cross-tenant image promotion workflows
- Implement OIDC federation for secure, secretless authentication between GitHub Actions and Azure/AWS
- Own and improve GitHub Actions pipelines with self-hosted runners as the primary CI/CD platform — no Azure DevOps
- Implement and mature GitOps workflows using ArgoCD for Kubernetes workloads running on AKS
- Build and maintain automation tooling in Python and Bash supporting image promotion, compliance scanning, and deployment orchestration
- Lead compliance scanning integration using Wiz, replacing legacy OpenSCAP tooling, and drive remediation workflows aligned to NIST 800-53 and PBMM (PROTECT B) frameworks
- Conduct risk assessments, threat modeling, and vulnerability management for cloud workloads across Hub and spoke tenant architectures
- Implement and manage HashiCorp Vault for secrets brokering across CI/CD pipelines and infrastructure deployments
- Set technical direction through architecture reviews, code reviews, and documentation that elevates platform engineering practice
- Mentor engineers on IaC patterns, security posture, and DevSecOps principles
- Partner with security, product, and engineering teams to ensure infrastructure is secure, scalable, and operationally excellent
Requirements:
- Must be a US citizen, naturalized citizen, green card holder or permanent resident and authorized to work without sponsorship
- 8+ years in cloud infrastructure, DevOps, or platform engineering roles with demonstrated senior or principal-level scope
- Advanced proficiency with Terraform and Terraform Cloud — modules, workspaces, state, policy enforcement
- Hands-on experience with Packer (HCL templates) and Ansible for automated image builds
- Deep experience with GitHub Actions CI/CD including self-hosted runners and OIDC-based authentication to cloud providers
- Strong Azure expertise — AKS, ACR, Azure Compute Gallery, networking, RBAC, identity, and security
- Experience with HashiCorp Vault for secrets management in enterprise environments
- Proficient in Python and Bash for infrastructure automation and tooling
- Familiarity with compliance frameworks such as NIST 800-53 or Canadian PBMM (PROTECT B)
- Experience with Wiz or equivalent CSPM/compliance scanning platforms
- Experience with ArgoCD and GitOps patterns on Kubernetes (AKS)
- Grafana dashboard development for infrastructure observability
- AWS infrastructure experience alongside Azure