IT
75% remote: Keycloak Engineer (f/m/d)
Berlin, Frankfurt am Main, remote, Deutschland80% RemoteFreiberuflichStart 1/2026Dauer 12 Monate
ZutrittskontrollsystemeAutomatisierungBeratungDevopsIdentitätsmanagementKerberosLDAPMappingOauthOpenidOpenshiftScrumRole Based Access ControlOpenid ConnectCloud-ServicesSamlVaultTransport Layer SecurityOktaKubernetesBlankes MetallHashicorpTerraformDocker
Beschreibung
For our client we are looking for a Keycloak Engineer (f/m/d).
Start: 05.01.2026
Duration: 3 months, + wish for a long-term prolongation
Capacity: 80-100%
Location: 75% Remote, 25% Berlin or Frankfurt (1 week Berlin/Frankfurt / 3 weeks remote in rotation), up to 50% onsite in peak times
Language: English is a must, German is a plus
Role:
The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.
Tasks:
- Implementation of RBAC/ABAC policies and multi-realm setups.
- Give recommendations on mapping Kerberos/IPA identities and groups into Keycloak realms, roles, and clients.
- Consulting on the configuration SSO flows, MFA, and identity federation
- Deployment of Keycloak on VMs, Docker, or Kubernetes (OpenShift or bare-metal K8s).
- Configuration of Keycloak for OIDC, OAuth2, SAML, Kerberos/LDAP federation.
- Providing integration with IPA/LDAP/AD for identity sync and federation.
- Give recommendations on securing Keycloak with TLS (Vault-issued or enterprise CA certificates)
- Deployment of Keycloak on GKE with Helm/Operators, handling Ingress, SSL termination, and HA scaling.
- Integratation of Keycloak with Google Identity as an IdP or broker.
- Mapping Keycloak roles to GCP IAM roles for workload access control.
- Configuration of multi-realm, multi-tenant setups for hybrid cloud and on-prem workloads
- Keycloak Hashicorp integration
- Automation & DevOps
- Troubleshooting & Monitoring
Skills (must-have):
- Experience in the usage of auth protocols (OIDC, OAuth2, SAML, Kerberos, LDAP).
- Experience with Keycloak deployment (VM, K8s, GCP optional).
- Experience with Vault integration for secrets
- Experience with Terraform/Helm/ArgoCD automation.
- Expertise with Troubleshooting hybrid IAM flows.
- Experienced with auth/authz protocols, basic federation strategies and automation tools
Skills (should-have):
- Experience with cloud services and their configuration
- Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends
- Fluent in German
- Working with Scrum and general experience in agile frameworks