Cloud Security Engineer

Firm Overview
Bates White is a boutique consulting firm based in Washington, DC. Recognized as a top workplace, the firm provides advanced economic, financial, and econometric analysis to law firms, companies, and government agencies.
Through our supportive, collaborative, and collegial culture, we invest in our talent and provide opportunities for career advancement. We are proud to have been consistently ranked among the top firms in the
*Vault Guide to the Top 50 Consulting Firms*
, named a Top Workplace by
*The Washington Post*
for the past ten years, listed as a top consulting firm by Management Consulted and ranked #42 on
*Newsweek*
’s list of America’s Top 200 Most Loved Workplaces.
If you are looking for a place to do high-quality work and have fun along the way, read below to discover how you can be part of our team. Learn more about our firm at: www.bateswhite.com.
What You’ll Do
In this role you will provide hands-on security engineering support across AWS, Azure and other cloud platforms with a strong emphasis on identity first and Zero Trust principals. You will play a critical role in advancing the firm’s overall security posture through secure cloud architecture design, identity and access management, security automation, continuous monitoring, incident response and compliance initiatives. You will:

• Design, implement, and maintain secure cloud architectures aligned with business objectives, regulatory requirements, and Zero Trust principles across AWS and Azure.
• Define and enforce cloud security standards, reference architectures, secure design patterns, landing zones, guardrails, and multi-cloud governance frameworks.
• Design secure cloud network architectures, including segmentation, private connectivity, firewalls, security groups, and web application protections.
• Configure, manage, and optimize cloud and SaaS security platforms (e.g., AWS GuardDuty, Defender for Cloud, CrowdStrike, Cloudflare, Proofpoint).
• Ensure cloud and SaaS environments meet regulatory and contractual requirements (e.g., SOC 2, NIST, SP 800-53, CIS, HIPAA) and support internal and external audits.
• Review cloud, SaaS, and third-party architectures, integrations, and higher-risk applications to validate security posture, identity controls, and data protection.
• Create robust and diverse cloud security posture management (CSPM) using CrowdStrike and Wiz platforms.
• Monitor cloud environments for threats, vulnerabilities, misconfigurations, and suspicious activity using cloud-native and third-party tools.
• Respond to and investigate cloud and identity-related security incidents, conduct root cause analysis, and drive remediation efforts.
• Lead threat modeling, risk assessments, architecture reviews, and incident simulations/tabletop exercises for cloud-based systems.
• Perform cloud vulnerability assessments, penetration testing, and misconfiguration audits.
• Automate cloud security controls, compliance checks, and policy enforcement using Infrastructure as Code and policy-as-code (Terraform, CloudFormation, ARM).
• Develop and maintain security automation using Python, PowerShell, Bash, or similar languages, and drive continuous improvement through metrics and monitoring.
• Implement and enforce data protection controls, including encryption at rest and in transit, key management, secrets management, data classification, and retention policies.
• Track, report, and communicate cloud security posture, risks, and KPIs to stakeholders.
• Partner with IT, data, and application teams to embed security into cloud and application designs; provide technical guidance and mentorship.
• Evaluate emerging cloud, security, and identity technologies and recommend solutions aligned with business needs and risk tolerance.
• Own identity lifecycle management, including provisioning, deprovisioning, access reviews, privileged access management, and SaaS governance using SSO, federation, and SCIM.
• Lead identity hardening initiatives across Azure Entra ID (Azure AD) and other identity platforms.

What You’ll Bring To The Table

• Bachelor’s degree in Computer Science, Information Technology (or a related field), or equivalent practical experience.
• Minimum of 7 years of experience in cloud security, infrastructure security, or a similar role.
• Proven experience designing, implementing, and securing cloud architectures in AWS and Azure aligned with Zero Trust principles.
• Strong knowledge of cloud security standards including reference architectures, landing zones, guardrails, and multi-cloud governance frameworks.
• Hands-on experience with cloud IAM and identity security, including least-privilege access, identity lifecycle management, privileged access management, SSO, federation, and SCIM (Azure Entra ID/Azure AD preferred).
• Experience defining and implementing security controls aligned with industry standards and frameworks (e.g., NIST, CIS, SOC 2, HIPAA).
• Proficiency securing cloud networking components (VPC/VNet, subnets, segmentation, private connectivity, firewalls, security groups, WAF) and monitoring network traffic and logs for suspicious activity.
• Experience configuring and operating cloud and SaaS security platforms (e.g., AWS GuardDuty, Defender for Cloud, CrowdStrike, Cloudflare, Proofpoint).
• Knowledge of cloud security posture management (CSPM) platforms (CrowdStrike, Wiz).
• Demonstrated ability to monitor cloud environments for threats, vulnerabilities, and misconfigurations, and to respond to cloud and identity-related security incidents, including root cause analysis and remediation.
• Experience conducting cloud security risk assessments, threat modeling, architecture reviews, vulnerability assessments, and penetration testing.
• Strong automation skills, including Infrastructure as Code and policy-as-code (Terraform, CloudFormation, ARM) and scripting with Python, Bash, PowerShell, or similar languages.
• Knowledge of data protection and governance, including encryption at rest and in transit, key and secrets management, data classification, and retention policies.
• Experience tracking, reporting, and communicating cloud security posture, risks, and KPIs to technical and non-technical stakeholders.
• Strong collaboration, time-management, and communication skills, with the ability to work effectively in a fast-paced, cross-functional environment.
• Familiarity with zero-day malware detection technologies and digital forensics/incident response tools.
• May require more than 40.0 hours per week to perform the essential duties of the position.

What You Can Expect From Us
We are committed to providing an exceptional employee experience. You can expect:

• Competitive compensation—the salary range for this position is $145,000 to $175,000. This position is also eligible for bonus compensation on a discretionary basis. The actual salary offered for this position will be determined based on job-related, non-discriminatory factors including qualifications and experience, education, external market data, and internal equity.
• Comprehensive benefits package—includes tuition reimbursement up to $75K, low healthcare premiums, wellness benefits, and more! To learn more about our benefits offerings, click here.
• Hybrid work environment with three coordinated in-office days per week.
• Open culture where your voice is heard, your input is sought, and your contributions are rewarded.
• Fun and engaging culture including frequent social events.
• Amenities that include a fitness center, rooftop terrace, standing desks, espresso, fresh fruit, breakfast and afternoon snack, billiards, and ping pong.
• Employee-driven community outreach program featuring fundraising events (e.g., trivia, game shows, cooking competitions, etc.), volunteer opportunities, and matching funds along with our pro bono program.
• Investment in your career through training programs, an assigned mentor and peer coach, and frequent feedback.
• Networking opportunities through employee interest groups, Women’s Network, International Network, Diversity-Inclusion Council, and BWProud Network.

If you are interested in joining our team, please submit a resume.
*Bates White is an equal opportunity employer and does not discriminate based upon race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at (202) 408-6110 or email your request to careers@bateswhite.com. All qualified applicants are encouraged to apply. Download the Know your Rights Poster for more information.*