Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region.
Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce.
Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally.
About the opportunity We are seeking a Security Engineer Prin with strong expertise in Identity and Access Management (IAM) to support and secure a FedRAMP ATO–authorized environment. The ideal candidate has hands-on experience designing, implementing, and operating Privileged Access Management (PAM) and Identity Governance & Administration (IGA) solutions while ensuring compliance with NIST 800-53 Moderate controls. This role requires deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra ID, Azure Automation and automation using PowerShell, calling API’s and modern scripting languages to support secure, scalable, and compliant cloud environments. What you'll get to do
Identity & Access Management
- Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just-in-time access.
- Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role-based access control.
- Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ID) and non-identity systems, including ServiceNow, SIEM/SOAR platforms, and other enterprise applications.
- Manage and secure identities in Microsoft Entra ID (Azure AD), including:
◦ Conditional Access policies ◦ MFA and passwordless authentication ◦ Privileged Identity Management (PIM) ◦ External and workforce identities Security Engineering & Automation
- Develop and maintain PowerShell automation for IAM, PAM, and compliance workflows.
- Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls.
- Integrate IAM solutions with cloud platforms, SaaS applications, and on-prem systems.
- Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC).
- Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs, webhooks, and scripted integrations.
FedRAMP & Compliance
- Implement and operate security controls aligned with NIST 800-53 Moderate.
- Support FedRAMP ATO audits, assessments, and continuous monitoring activities.
- Produce and maintain technical documentation, SOPs, and evidence artifacts.
- Participate in vulnerability remediation, access reviews, and incident response related to identity security.
- Ability to obtain and maintain Public Trust clearance
Skills and experience we value
- 5+ years engineering experience with IAM capabilities / technologies such as IGA, PAM, and IAM
- Familiarity with Proofpoint email security platforms, including identity-based threat protection and user risk signals.
- Experience implementing and managing FIDO2 / hardware security keys (e.g.,YubiKeys) for phishing-resistant authentication.
- Expert knowledge and hands-on technical experience with MS Entra,Onprem Delinea PAM, IAM, and One Identity IGA solutions
- Expert knowledge and hands-on technical experience with automation calling API’s
- Expert knowledge of SSO, MFA, RBAC, MS Entra PIM
- Highly proficient in automation scripting languages such as PowerShell
- Superior communication skills (written and verbal) with an ability to articulate complex topics in a business understandable manner at all levels in an enterprise
- Ability to prioritize workload and consistently meet deadlines in a fast-paced environment
- Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are highly desirable
- Bachelor’s degree is a plus
What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges
Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote