Legal Jobs in Washington DC with TN Sponsorship

INTRODUCTION

Williams & Connolly LLP is seeking a highly experienced Senior Identity & Cloud Security Engineer to join its Information Security team. Reporting to the Chief Information Security Officer (CISO), this role is responsible for the architecture, engineering, and continuous improvement of the firm's identity, cloud, and SaaS security posture, with primary emphasis on identity as the control plane.

This position requires deep, hands-on expertise in cloud identity platforms, SaaS access governance, Zero Trust architectures, and modern authentication and authorization controls. The role operates with significant autonomy and exercises independent judgment in designing and implementing security controls that protect sensitive legal and client data.

Responsibilities Include:

Identity & Access Management

• Architect, implement, and operate enterprise-grade identity and access management (IAM) solutions across cloud and SaaS platforms.
• Design and enforce Zero Trust identity controls, including MFA, conditional access, device trust, least privilege, and risk-based authentication.
• Own identity lifecycle management, including provisioning, deprovisioning, access reviews, and privileged access management (PAM).
• Secure and govern SaaS applications through SSO, federation, SCIM, and access policy enforcement.
• Lead identity hardening initiatives across Azure Entra ID (Azure AD) and other cloud identity platforms.
• Familiarity with cloud pen testing tools to address weaknesses and vulnerabilities.

Cloud & SaaS Security Architecture

• Define and maintain security architecture standards for cloud (IaaS/PaaS) and SaaS environments, with a strong emphasis on identity-first design.
• Partner with IT and application owners to securely onboard new cloud and SaaS services.
• Evaluate emerging cloud and identity technologies and make recommendations aligned with firm risk tolerance and business needs.
• Provide guidance on cloud security governance, configuration standards, and secure design patterns.

Security Operations & Risk

• Identify, assess, and prioritize identity- and cloud-related vulnerabilities; validate remediation and risk acceptance decisions.
• Support incident response activities related to identity compromise, SaaS misuse, and cloud security events.
• Review higher-risk applications and integrations to ensure compliance with security policies and identity standards.
• Assist with client security assessments and due diligence requests, particularly related to identity, access controls, and cloud security posture.

Policy, Compliance & Enablement

• Develop and maintain security policies, standards, and procedures related to identity and cloud security.
• Support compliance initiatives aligned with frameworks such as ISO 27001, NIST, and client-driven security requirements.
• Contribute to security awareness efforts with a focus on authentication hygiene and access risk.

BASIC QUALIFICATIONS

• Bachelor's degree in Computer Science, Information Systems, or a related field (or equivalent professional experience).
• 8+ years of progressive experience in information security, with deep specialization in identity, cloud, and SaaS security.
• Desire to mentor and train junior team members, fostering skill development and knowledge sharing across the team.
• Demonstrate hands-on experience with Azure Entra ID (Azure AD); experience with AWS and other cloud platforms is a plus.
• Strong understanding of modern IAM concepts, including federation, OAuth/OIDC, SAML, SCIM, conditional access, and Zero Trust.
• Proven ability to design and implement secure, scalable identity architectures in complex environments.
• Strong scripting and automation skills (e.g., PowerShell, APIs); infrastructure-as-code and identity automation experience preferred.
• Excellent written and verbal communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders.

Certifications

• CISSP (required)
• Cloud and identity-focused certifications strongly preferred, such as: Microsoft Azure Security, Engineer / Identity certifications, CCSP, or Equivalent advanced cloud security certifications.

WORK ENVIRONMENT

Work is performed in a professional office environment and requires the following:

• Prolonged periods using a sit-to-stand desk and working on a computer.
• Repetitive movements, including typing on a keyboard and using a mouse.
• Ability to lift and carry up to 25lbs.
• Employee must be able to perform the essential functions of this position with or without a reasonable accommodation.

COMPENSATION

• The anticipated annual salary range for this position is $200,000 - $220,000. This is an exempt position. The hours are 9:00 a.m. - 5:30 p.m. Candidates must have the ability to work additional hours as needed. The final offer amount is dependent on a variety of factors including, but not limited to, years of experience, education, and other relevant skills and qualifications. Williams & Connolly LLP offers competitive compensation and benefits packages.