Jobtitel: 75% remote: IAM Vault Engineer (f/m/d)
Vertragsart: Interim / Project Consulting
Arbeitszeitmodel: Vollzeit
Zahlungsintervall: Stündlich
Lohnsatz: Verhandelbar
Ort: Berlin und Remote
Job veröffentlicht: 12-09-2025
Job-ID: 56122
Name: Aktimur Ünal
Telefonnummer: +4915119535169
E-Mail: aktimur.uenal@nemensis.de

Stellenbeschreibung

For our client we are looking for an IAM Vault Engineer (f/m/d).

 

Start: 20.10.2025

Duration: 3 months, + wish for a long-term prolongation

Capacity: 80-100%

Location: 75% Remote, 25% Berlin (1 week Berlin / 3 weeks remote in rotation), up to 50% onsite in peak times

Language: English is a must, German is a plus

Budget: 80,00 EUR net

 

Role:

The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.

 

Objectives:

- Vault Core & Infrastructure

- Authentication & Authorization

- Secrets Engines

- PKI-Specific Expertise.

- Operations, Monitoring & Troubleshooting.

- Automation & DevOps Integration.

 

 

Skills (must-have):

- Vault Fundamentals – Experience with deploying & managing vault clusters in production (HA, Raft storage), configures seal/unseal (KMS/HSM). Vault PKI secrets engine operations and HSM integration experience

- Experienced at understanding Vault architecture (storage backend, seal/unseal, Raft vs. integrated storage, clustering, HA setups).

- PKI Secrets Engine – Experience with managing intermediates, role definitions, short-lived cert issuance, CRLs, and automated revocation and ability to integrate PKI with apps/services.

- Certificate Lifecycle Management – Experience with automating issuance/renewal via Vault Agent, API, or CI/CD pipelines. Should also be able to handle rotation policies and revocation, certificate policy and operational SLOs.

- Security & Compliance – Experience with implementing RBAC, audit devices, HSM/KMS for key protection, and enforces rotation policies.

- Integration – Experience with integrating PKI with enterprise systems (K8s ingress, load balancers, VPN, S/MIME, DBs). ACME, EST, revocation protocols, Terraform, OpenTofu, ArgoCD, Flux

- Monitoring and Troubleshooting – good experience with managing metrics (Prometheus, Grafana), troubleshooting unseal/auth/CRL issues, performing backup & restore.

 

Skills (should-have):

- Experience with cloud services and their configuration

- Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends

- Fluent in German

- Working with Scrum and general experience in agile frameworks