Senior Identity & Cloud Security Engineer

Job Description

Hybrid role - Washington DC.
This position requires deep hands-on expertise in cloud identity platforms SaaS access governance Zero Trust architectures and modern authentication and authorization controls. The role operates with significant autonomy and exercises independent judgment in designing and implementing security controls that protect sensitive legal and client data.
Responsibilities Include:

Identity & Access Management

• Architect implement and operate enterprise-grade identity and access management (IAM) solutions across cloud and SaaS platforms.
• Design and enforce Zero Trust identity controls including MFA conditional access device trust least privilege and risk-based authentication.
• Own identity lifecycle management including provisioning deprovisioning access reviews and privileged access management (PAM).
• Secure and govern SaaS applications through SSO federation SCIM and access policy enforcement.
• Lead identity hardening initiatives across Azure Entra ID (Azure AD) and other cloud identity platforms.
• Familiarity with cloud pen testing tools to address weaknesses and vulnerabilities

Cloud & SaaS Security Architecture

• Define and maintain security architecture standards for cloud (IaaS/PaaS) and SaaS environments with a strong emphasis on identity-first design.
• Partner with IT and application owners to securely onboard new cloud and SaaS services.
• Evaluate emerging cloud and identity technologies and make recommendations aligned with firm risk tolerance and business needs.
• Provide guidance on cloud security governance configuration standards and secure design patterns.

Security Operations & Risk

• Identify assess and prioritize identity- and cloud-related vulnerabilities; validate remediation and risk acceptance decisions.
• Support incident response activities related to identity compromise SaaS misuse and cloud security events.
• Review higher-risk applications and integrations to ensure compliance with security policies and identity standards.
• Assist with client security assessments and due diligence requests particularly related to identity access controls and cloud security posture.

Policy Compliance & Enablement

• Develop and maintain security policies standards and procedures related to identity and cloud security.
• Support compliance initiatives aligned with frameworks such as ISO 27001 NIST and client-driven security requirements.
• Contribute to security awareness efforts with a focus on authentication hygiene and access risk.

Required Qualifications

• Bachelors degree in Computer Science Information Systems or a related field (or equivalent professional experience).
• 8 years of progressive experience in information security with deep specialization in identity cloud and SaaS security.
• Desire to mentor and train junior team members fostering skill development and knowledge sharing across the team.
• Demonstrate hands-on experience with Azure Entra ID (Azure AD); experience with AWS and other cloud platforms is a plus.
• Strong understanding of modern IAM concepts including federation OAuth/OIDC SAML SCIM conditional access and Zero Trust.
• Proven ability to design and implement secure scalable identity architectures in complex environments.
• Strong scripting and automation skills (e.g. PowerShell APIs); infrastructure-as-code and identity automation experience preferred.
• Excellent written and verbal communication skills with the ability to explain complex security concepts to technical and non-technical stakeholders.

Certifications

• CISSP (required)
• Cloud and identity-focused certifications strongly preferred such as:

o Microsoft Azure Security Engineer / Identity certifications
o CCSP
o Equivalent advanced cloud security certifications
send resume to