75% remote: IAM Vault Engineer

Job description:

For our client we are looking for an IAM Vault Engineer (f/m/d).
Start: 20.10.2025
Duration: 3 months, 
- wish for a long-term prolongation
Capacity: 80-100%
Location: 75% Remote, 25% Berlin (1 week Berlin / 3 weeks remote in rotation), up to 50% onsite in peak times
Language: English is a must, German is a plus
Budget: 80,00 EUR net
Role:
The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.
Objectives:
- Vault Core & Infrastructure
- Authentication & Authorization
- Secrets Engines
- PKI-Specific Expertise.
- Operations, Monitoring & Troubleshooting.
- Automation & DevOps Integration.
Skills (must-have):
- Vault Fundamentals – Experience with deploying & managing vault clusters in production (HA, Raft storage), configures seal/unseal (KMS/HSM). Vault PKI secrets engine operations and HSM integration experience
- Experienced at understanding Vault architecture (storage backend, seal/unseal, Raft vs. integrated storage, clustering, HA setups).
- PKI Secrets Engine – Experience with managing intermediates, role definitions, short-lived cert issuance, CRLs, and automated revocation and ability to integrate PKI with apps/services.
- Certificate Lifecycle Management – Experience with automating issuance/renewal via Vault Agent, API, or CI/CD pipelines. Should also be able to handle rotation policies and revocation, certificate policy and operational SLOs.
- Security & Compliance – Experience with implementing RBAC, audit devices, HSM/KMS for key protection, and enforces rotation policies.
- Integration – Experience with integrating PKI with enterprise systems (K8s ingress, load balancers, VPN, S/MIME, DBs). ACME, EST, revocation protocols, Terraform, OpenTofu, ArgoCD, Flux
- Monitoring and Troubleshooting – good experience with managing metrics (Prometheus, Grafana), troubleshooting unseal/auth/CRL issues, performing backup & restore.
Skills (should-have):
- Experience with cloud services and their configuration
- Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends
- Fluent in German
- Working with Scrum and general experience in agile frameworks

Be a part of our comminity

Join us on Telegram or Discord to get instant notifications about the newest freelance projects and talk to some of the smartest software engineers in the world.