Stellenbeschreibung
For our client we are looking for a Secrets Management Platform Engineer (f/m/d) Vault / OpenBAO
Start: 07.04.2026
Duration: 6 months, + wish for a long-term prolongation
Capacity: 100%
Location: 75% Remote, 25% Frankfurt or Berlin (1 week Frankfurt / 3 weeks remote in rotation), up to 50% onsite in peak times
Language: English is a must, German is a plus
Role:
The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.
Objectives:
- OpenBao / Vault Operations (Deep)
- Infrastructure as Code
- Kubernetes Integration
- Observability
- PKI Baseline (Cross-Coverage Requirement)
- Monitoring & Troubleshooting
Skills (must-have):
- Experience with OpenBao/Hashicorp Vault: cluster lifecycle, Raft consensus, snapshot/restore, namespace operations, audit device management
- Expertise with Infrastructure as Code: Terraform/OpenTofu, Helm, ArgoCD/Flux
- Experience with Policy-as-code: HCL policy authoring, testing, CI validation
- Expertise Kubernetes auth method configuration and secret injection patterns (Agent, CSI, ESO)
- Strongly skilled with Observability: Prometheus, Grafana, audit log pipelines
- Familiar with Tier-1 execution narrative and implement it without line-by-line translation
- Experienced with producing clean Tier-3 runbooks that another engineer could follow independently
- PKI fundamentals: certificate lifecycle, why PKI and Secrets clusters must remain separate
Skills (should-have):
- Experience with reading a Tier-1 execution narrative and implement it without requiring the Programme Architect to translate every requirement into CLI commands cloud services and their configuration
- Knowledge with producing clean Tier-3 runbooks that another engineer could follow
- Fluent in German
- Working with Scrum and general experience in agile frameworks
- Experience with working in a governance-constrained environment where "just do it" is not acceptable