A top-tier legal services organization is looking for a Senior Identity & Cloud Security Engineer to help shape and protect a modern, identity-first security program. Reporting directly to the CISO, this role owns the strategy, architecture, and hands-on engineering of identity, cloud, and SaaS security across the enterprise.

This is a high-impact role for someone who treats identity as the control plane and thrives in complex, high-trust environments protecting sensitive data.

What You’ll Do:

• Design, build, and operate enterprise IAM across cloud and SaaS platforms
• Implement Zero Trust identity controls (MFA, conditional access, device trust, least privilege)
• Own identity lifecycle management, access reviews, and privileged access
• Secure SaaS applications using SSO, federation, SCIM, and policy enforcement
• Lead identity hardening initiatives in Azure Entra ID and related platforms
• Identify and remediate identity weaknesses using modern testing and assessment tools
• Define identity-first security architecture for cloud (IaaS/PaaS) and SaaS environments
• Partner with IT and application owners to securely onboard new services
• Evaluate emerging identity and cloud technologies against business risk
• Establish secure design patterns, configuration standards, and governance
• Identify, assess, and prioritize identity and cloud risks
• Support incident response for identity compromise and SaaS/cloud misuse
• Review high-risk integrations and applications for security alignment
• Support client security reviews and due diligence related to access controls and cloud posture
• Develop identity and cloud security policies, standards, and procedures
• Support compliance efforts aligned with ISO, NIST, and client requirements
• Promote strong authentication and access hygiene across the organization

What You'll Have:

• 8+ years in information security with deep focus on identity, cloud, and SaaS
• Hands-on expertise with Azure Entra ID (Azure AD); AWS experience a plus
• Strong command of modern IAM (OAuth/OIDC, SAML, SCIM, federation, Zero Trust)
• Proven ability to design secure, scalable identity architectures
• Automation and scripting experience (PowerShell, APIs, IaC preferred)
• Ability to communicate clearly with both technical and non-technical stakeholders
• Interest in mentoring and elevating junior engineers
• Bachelor’s degree or equivalent experience
• CISSP required
• Cloud and identity certifications strongly preferred (Azure Security/Identity, CCSP, or equivalent)

Additional Details:

• Professional office environment with standard physical requirements
• Exempt role with core hours and flexibility as needed
• Compensation range: $200,000–$220,000, depending on experience and qualifications; hybrid DC position