Identity & Access Management – Iam – Engineer – Keycloak/OIDC Specialist

Identity & Access Management – Iam – Engineer – Keycloak/OIDC Specialist

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
• 3-5 years of experience working in Identity and Access Management (IAM) with a focus on Keycloak and OIDC/OAuth2 technologies.
• Strong hands-on experience with configuring, deploying, and managing Keycloak in a production environment.
• Deep understanding of authentication and authorization protocols including OIDC, OAuth2, SAML, and LDAP.
• Proficiency in Java, Python, or other scripting languages used for extending and automating Keycloak.
• Experience with user federation (LDAP, Active Directory, etc.) and social identity providers (Google, Facebook, etc.) using Keycloak.
• Familiarity with DevOps practices, including CI/CD pipelines, and experience with Docker, Kubernetes, and infrastructure-as-code (IaC) tools such as Terraform.
• Strong problem-solving and debugging skills, particularly in complex, distributed environments.
• Ability to work in an Agile/Scrum environment, collaborating with cross-functional teams.
• Strong communication skills, with the ability to articulate technical solutions to both technical and non-technical stakeholders.
• Candidate must, at a minimum, meet DoD 8570.11- IAT Level II certification requirements (currently Security+ CE, CCNA-Security, GSEC, or SSCP along with an appropriate computing environment (CE) certification)

Responsibilities

• Design and implement IAM solutions using Keycloak for secure authentication and authorization based on OIDC, OAuth2, and SAML protocols.
• Integrate Keycloak with internal and external applications, APIs, and third-party services to enable secure access and identity federation.
• Manage and maintain the Keycloak infrastructure, including clustering, performance tuning, and monitoring.
• Implement custom authentication flows, policies, and user federation strategies using Keycloak.
• Collaborate with DevOps and infrastructure teams to ensure the scalability, security, and high availability of Keycloak deployments.
• Automate the management of identity and access workflows, including user provisioning, de-provisioning, and role-based access control (RBAC).
• Provide technical expertise for OIDC/OAuth2 standards, keeping up with industry trends and ensuring compliance with evolving security requirements.
• Troubleshoot issues related to authentication, authorization, and access control, ensuring a seamless user experience.
• Document system configurations, processes, and troubleshooting procedures for internal teams and stakeholders.
• Conduct regular security audits and recommend improvements for IAM practices and systems.
• Participate in and contribute to cross-functional teams working on broader IAM, DevSecOps, and security initiatives.
• Provide support for implementing, troubleshooting and maintaining of identity management systems.
• Rapidly distinguish isolated user problems from enterprise-wide application/system problems and provide recommended solutions.
• Provide follow-up reports (technical findings, feedback, resolution steps taken) for root cause analysis, engineering technical assessment and process improvement initiatives.
• Update operations and maintenance documentation for 24/7/365 enterprise watch personnel.
• Work with Operations, Engineering, and vendor support to develop solutions to complex technical issues.
• Work independently as part of a virtual team.
• Provide mentorship and training for junior team members.

Preferred Qualifications

• 5+ years of experience in IAM or related security engineering roles.
• Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.
• Experience with identity governance tools (e.g., SailPoint, Okta).
• Familiarity with API security (e.g., JWT, mTLS) and best practices for securing microservices architectures.
• Experience implementing MFA, SSO, and zero-trust architectures.