Project specification
Period 01.03.2026 - 31.12.2026
Daily rate 904 - 1104€
Remote 100%
Languages
German(Advanced)
English(Advanced)
Project expertise
Industries
Information Technology
Business areas
Information Technology Operations
Description
- Design, implementation, and operation of Identity & Access Management solutions with LDAP, Kerberos, OIDC, OAuth2, SAML, and SCIM.
- Implementation of RBAC/ABAC models as well as multi-realm and multi-tenant architectures.
- Configuration of SSO flows, MFA, and identity federation.
- Deployment and operation of Keycloak on VMs, Docker, and Kubernetes (on-prem & GCP/GKE).
- Integration of Keycloak with LDAP, IPA, Active Directory, ADFS, and Entra ID for identity sync and federation.
- Securing Keycloak with TLS and handling ingress, SSL termination, and high availability.
- Integration of Keycloak with Google Identity as an identity provider or broker.
- Mapping Keycloak roles to GCP IAM roles for workload access control.
- Integration of HashiCorp Vault for securing secrets, certificates, and service credentials.
- Using Vault PKI to issue and rotate TLS certificates.
- Implementing dynamic database secrets via Vault.
- Automated secret injection into Kubernetes using Vault Agent, ESO, or sidecar.
- Introducing secret and certificate rotation policies to minimize security risks.
- Automating Keycloak and Vault with Terraform, Helm, ArgoCD, and Ansible.
- Automated configuration of realms, clients, and policies via APIs or the Terraform provider.
- Integration of IAM and Vault workflows into CI/CD pipelines for standardized application onboarding.
- Analysis and resolution of token, federation, and certificate errors.
- Monitoring IAM and Vault platforms with Prometheus and Grafana.
- Incident handling for certificate expirations, Vault unseal errors, and migration issues
Requirements
- Solid knowledge of authentication protocols (OIDC, OAuth2, SAML, Kerberos, LDAP).
- Extensive experience deploying Keycloak (VMs, Kubernetes, optional GCP).
- Experience integrating HashiCorp Vault for secret management.
- Experience with automation using Terraform, Helm, and ArgoCD.
- Strong troubleshooting skills for hybrid IAM workflows.
Not applying this time?
Get notified about similar projects matched to your experience.
Frequently asked questions
Where is the project located?
The project is fully remote, providing complete location flexibility.
What is the duration of the project?
The project preferably starts in March 2026 and is planned to end in December 2026 (9 months).
What is the remote work policy for the project?
The project is 100% remote. You can work from any location.
What is the daily rate for the project?
The project offers a daily rate of 904 - 1104€ which breaks down to an hourly rate of 113 - 138€/h.
What language skills are required for the project?
The project requires German (Advanced) as essential language. Additionally, English (Advanced) is desirable.
Which industries is the project related to?
The project is related to the following industry: Information Technology.
Which business areas does the project cover?
The project covers the following business areas: Information Technology and Operations.
Not available? Can I still benefit from the project?
Yes! Recommend a freelancer for the project and earn 30% of FRATCH's profits every time they get placed — for the duration of that project. Simply share your invite link with a colleague to get started.
How to apply for the project?
To apply for the project, click the Apply button on the project page to submit your profile for review. We will forward your resume to the client and get back to you within a few days.
Published:·Updated: