IAM KeyCloak Engineer (PID0630)

Job Description

This is a remote position.

This is a contract position for 1 Full-Time Equivalent (1 FTE), with a daily rate available.

This role requires an IAM Specialist to design and implement secure identity and access management services across a hybrid cloud environment. As an IAM Specialist, you will focus on scaling Keycloak and Vault integrations to ensure seamless, federated access for various applications.

English is the only language requirement.

Only occasional onsite visits to Germany are required.

Responsibilities

Implement RBAC/ABAC policies and multi-realm setups, providing expert recommendations on mapping identities and groups into specific realms and roles.

Consult on the configuration of SSO flows, MFA, and identity federation across the platform.

Deploy and configure Keycloak across various environments, including VMs, Docker, and Kubernetes (OpenShift or bare‑metal).

Manage Keycloak integrations for OIDC, OAuth2, SAML, and Kerberos/LDAP federation, including identity sync with AD.

Oversee Keycloak deployment on GKE using Helm or Operators, handling ingress, SSL termination, and high‑availability scaling.

Integrate Hashicorp Vault to secure operational secrets, including the implementation of dynamic secrets for database backends and secret injection into pods.

Apply rotation policies to minimise secret sprawl and automate realm/client configurations using Terraform or REST APIs.

Develop and maintain CI/CD pipelines for IAM and Vault to ensure consistent application onboarding.

Perform high‑level troubleshooting of token flows, federation errors, and expired certificates while monitoring platform health via Prometheus and Grafana.

Requirements

Proven experience as a mid‑level engineer with strong knowledge of authentication protocols (OIDC, OAuth2, SAML, Kerberos, LDAP).

Technical expertise in Keycloak deployment (VMs, K8s) and Hashicorp Vault integration for secret management.

Hands‑on experience with automation tools, specifically Terraform, Helm, or Ansible/ArgoCD.

Demonstrated ability to troubleshoot complex hybrid IAM flows and federation strategies.

Eligibility: residency in the EU, EEC, UK, or Switzerland.

Preferred Requirements

Experience with cloud services and their specific security configurations.

In‑depth knowledge of IAM solutions based on OpenID Connect (OIDC) for complex auth backends.

Professional experience working within Scrum or other general agile frameworks.

Proficiency in German is considered an advantage but is not mandatory.

As a freelancer/contractor with us, you will enjoy flexible working hours and the freedom to choose your own projects. Our platform gives you access to exciting projects in various industries and supports you in advancing your career. You'll benefit from competitive pay and a dedicated team to help you with any questions you may have. Work independently and utilise our strong network to achieve your professional goals.