Keymate Logo

Senior Keycloak Specialist

Remote
5+ years
Posted Jul 2025

🌍 Senior Keycloak Specialist

🚀 About the Role

We are building Keymate, a next-generation identity and access management (IAM) platform designed for modern API security, fine-grained authorization, and enterprise-scale governance.

As part of our journey, we are seeking a Senior Keycloak Specialist to lead the customization, integration, and extension of Keycloak in highly secure, multi-tenant, and dynamic access control environments.

You'll be responsible for advanced Keycloak engineering—including SPI development, custom authenticators, token exchange, impersonation flows, ReBAC integration, and Kubernetes-native deployment models.

🧩 What You’ll Do

  • Extend and customize Keycloak to enable complex IAM scenarios
  • Implement custom authenticators, token mappers, and SPI-based extensions
  • Design impersonation, delegation, and just-in-time role elevation flows
  • Integrate external IdPs using SAML2, OIDC, and legacy federation bridges
  • Collaborate with FGAC (Fine-Grained Access Control) and OpenFGA teams to support ReBAC models
  • Enable secure multi-tenant login and session isolation for B2B/B2C use cases
  • Work closely with our API Gateway, OpenMetadata, and EventHub teams to deliver metadata-aware access decisions
  • Deploy and operate Keycloak in Kubernetes-based HA architectures
  • Improve observability and performance using OpenTelemetry, Kafka, and structured logs

✅ What We’re Looking For

  • 5+ years of hands-on experience with Keycloak, including internals
  • Proficiency in OAuth2, OIDC, SAML2, and token exchange mechanisms
  • Strong Java developer with experience in Quarkus is a plus
  • SPI development: authenticators, token mappers, event listeners, protocol mappers
  • Experience with high-traffic, production-grade deployments
  • Kubernetes, Helm, and GitOps-friendly practices
  • Understanding of delegation, impersonation, multi-session login, and token binding strategies
  • Familiarity with gRPC APIs, Kafka, Audit Logging, and OpenTelemetry-based observability

🌐 Nice to Have

  • Knowledge of OpenFGA, ReBAC models, or FGAC enforcement via API gateways
  • Experience integrating Keycloak with external metadata systems (like OpenMetadata)
  • Awareness of privacy-first design and compliance standards (GDPR/KVKK)
  • Familiarity with log streaming, policy insights, and runtime decision auditing

🤝 What We Offer

  • A chance to build one of the most advanced IAM products in the market
  • Deep technical collaboration with experts in IAM, API security, and policy engines
  • Fully remote work environment with async-friendly culture
  • Opportunity to lead the IAM foundation of a fast-scaling engineering team

Note: This position requires deep engineering involvement in Keycloak—not just using it as an admin. If you're excited about extending Keycloak for complex enterprise IAM needs, we want to meet you.

Ready to Apply?

We'd love to hear from you! Express yourself freely in an email and tell us why you're excited about this role.

Send your application to:

careers@keymate.io

Note: You can share your resume in whichever medium you express yourself best - whether that's a PDF, portfolio website, GitHub profile, or creative presentation.