Test

Hier ist die gewünschte Information:



**General Description**

The IAM Service is responsible for the conception and designing of identity and access management (IAM) services for the platform. The primary goals are providing a scalable, secure, and federated access to applications, ensuring seamless integration across the hybrid cloud environment.



**Objectives**



**Objective 1: Core Vault Knowledge**

– Vault concepts: Validate vault activities namely init/unseal, tokens, leases, policies, secrets engines.

– Test Vault fundamentals: init/unseal, tokens, policies, secrets engines.

– Validate secrets lifecycle, PKI workflows, RA policies, and revocation.

– Automate tests using CLI, REST API, SDKs (Python, Go, Java) in CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI).

– Test the certificate issuance, expiry, revocation, and renewal workflows.



**Objective 2: Testing & Validation Skills**

– Give recommendations and write test cases for: o Secrets lifecycle (creation, lease renewal, revocation). o PKI workflows (CSR submission, certificate issuance, CRL checks, revocation). o Authentication methods (AppRole, LDAP, Kubernetes, OIDC). o Validating access policies (ACLs) — ensuring least privilege is enforced.

– Regression testing for Vault upgrades and policy changes.

– Fault injection testing: unseal/reseal, token expiration, expired certificates.



**Objective 3: Automation & Scripting**

– Creation of automated test scripts by using of Vault CLI, REST API, and SDKs (Python, Go, or Java).

– Integration of Vault test cases into CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins).

– Scripting - Python, Bash, PowerShell for automating secrets/PKI validation tests.



**Objective 4: PKI-Specific Testing**

– Validating of certificate chains, trust anchors, and expiry alerts.

– Testing automated certificate issuance and renewal flows (short-lived certs).

– Simulation of edge cases: revoked certs, expired intermediates, misconfigured chains.

– Use tools like OpenSSL, certutil, or Wireshark to debug TLS/PKI issues.



**Objective 5: Integration Testing**

– Performing integration testing of the following categories o Kubernetes sidecars and Vault Agent templates. o Dynamic DB credentials. o TLS cert rotation in load balancers, web servers, and APIs. o Keycloak federation (OIDC/SAML) flows.

– Conducting browser-based tests using Playwright or Selenium for IAM/SSO validation.



**Objective 6: Security & Compliance Validation**

– Performing of reviews of hardcoded secrets, audit logging, RBAC/MFA enforcement, FIPS/PCI-DSS alignment.

– Verifying of audit logs (Vault audit devices, syslog) capture critical events.

– Testing RBAC enforcement and MFA requirements in auth flows.

– Performing compliance reviews with standards (FIPS 140-2/3 for crypto, PCI-DSS secret handling requirements).



**Objective 7: Monitoring & Troubleshooting**

– Validation of deployments are to ensure reliability, security and compliance by covering both functional testing (PKI/Secrets) and integration testing (IAM federation, CI/CD pipelines, HA/DR).

– Monitoring Vault telemetry, logs, and SIEM outputs; debug failures across Vault/PKI/Keycloak.

– Ensure HA/DR failover testing is automated and repeatable.

– Add coverage for multi-tenant and RA delegation scenarios.



**Must-have experience**

– Experience with testing Vault fundamentals and PKI workflows.

– Expertise with test automation frameworks for services, APIs, IAM.

– Strong experience with scripting and automation: Python, Go, Bash, PowerShell.

– Expertise with PKI/SSL debug tools: OpenSSL, certutil, Wireshark.

– Strongly skilled with CI/CD integration: Jenkins, GitHub Actions, GitLab CI.

– Experience with Secrets and compliance testing: audit logs, RBAC/MFA, standards validation.

– Experienced with browser-based automation: Playwright or Selenium.

– Experienced as a quality gate for PKI, Vault, and IAM services.

– Good knowledge of how Vault integrates with apps (via API the Vault Agent and sidecar injector).

– Language: Fluent English – C1.



**Preferred experience**

– Experience with cloud services and their configuration.

– Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends and performance testing.

– Fluent in German.

– Familiarity with HA/DR scenarios in PKI/Secrets/IAM.

– Working with Scrum and general experience in agile frameworks.