75% remote: IAM Vault Engineer (f/m/d)

For our client we are looking for an IAM Vault Engineer (f/m/d).Start: 20.10.2025Duration: 3 months, + wish for a long-term prolongationCapacity: 80-100%Location: 75% Remote, 25% Berlin (1 week Berlin / 3 weeks remote in rotation), up to 50% onsite in peak timesLanguage: English is a must, German is a plusBudget: 80,00 EUR netRole:The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.Objectives:- Vault Core & Infrastructure- Authentication & Authorization- Secrets Engines- PKI-Specific Expertise.- Operations, Monitoring & Troubleshooting.- Automation & DevOps Integration.Skills (must-have):- Vault Fundamentals – Experience with deploying & managing vault clusters in production (HA, Raft storage), configures seal/unseal (KMS/HSM). Vault PKI secrets engine operations and HSM integration experience- Experienced at understanding Vault architecture (storage backend, seal/unseal, Raft vs. integrated storage, clustering, HA setups).- PKI Secrets Engine – Experience with managing intermediates, role definitions, short-lived cert issuance, CRLs, and automated revocation and ability to integrate PKI with apps/services.- Certificate Lifecycle Management – Experience with automating issuance/renewal via Vault Agent, API, or CI/CD pipelines. Should also be able to handle rotation policies and revocation, certificate policy and operational SLOs.- Security & Compliance – Experience with implementing RBAC, audit devices, HSM/KMS for key protection, and enforces rotation policies.- Integration – Experience with integrating PKI with enterprise systems (K8s ingress, load balancers, VPN, S/MIME, DBs). ACME, EST, revocation protocols, Terraform, OpenTofu, ArgoCD, Flux- Monitoring and Troubleshooting – good experience with managing metrics (Prometheus, Grafana), troubleshooting unseal/auth/CRL issues, performing backup & restore.Skills (should-have):- Experience with cloud services and their configuration- Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends- Fluent in German- Working with Scrum and general experience in agile frameworks