AWS Cloud Infrastructure Engineer (Keycloak Specialty) in United States at Jobgether

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a AWS Cloud Infrastructure Engineer (Keycloak Specialty) based in the United States.

This role focuses on designing and securing enterprise-grade identity and access management solutions within a complex AWS cloud environment supporting mission-critical government systems. You will architect and implement authentication and authorization frameworks that enable secure, scalable, and compliant access across modern cloud applications. Acting as a subject matter expert in Keycloak and identity federation, you will integrate SSO, MFA, and federated identity across microservices and APIs while ensuring adherence to Zero Trust principles. The position involves close collaboration with security, architecture, and DevSecOps teams to embed identity controls into CI/CD pipelines and infrastructure as code. You will also play a key role in ensuring compliance with federal standards such as FedRAMP, FISMA, and NIST 800-63. This is a highly technical and security-critical role where identity architecture directly supports national-level digital modernization efforts.

In this role, you will design, implement, and maintain secure identity and access management solutions across AWS cloud environments, ensuring compliance, scalability, and Zero Trust alignment.

• Design and maintain enterprise identity architecture using Keycloak as the core identity provider and federation broker
• Implement SSO and federated authentication solutions using SAML, OAuth2.0, and OpenID Connect protocols
• Configure and integrate identity providers such as AWS IAM Identity Center, AWS Cognito, Azure AD, IBM Verify, and Keycloak
• Enforce Zero Trust Architecture principles across microservices, APIs, and cloud-native applications
• Develop and manage identity lifecycle processes including provisioning, deprovisioning, and access reviews
• Define and enforce RBAC/ABAC policies ensuring least-privilege access across users and systems
• Support compliance with NIST 800-63, FedRAMP, FISMA, and related federal security frameworks
• Design logging, monitoring, and auditing strategies for authentication and authorization events using AWS and SIEM tools
• Collaborate with DevSecOps teams to embed ICAM policies into CI/CD pipelines and infrastructure-as-code templates
• Lead identity integration design sessions and provide technical oversight for architecture, security, and vulnerability management initiatives

This role requires deep expertise in identity and access management, cloud security architecture, and hands-on experience with Keycloak and AWS identity services in regulated environments.

• Bachelor’s degree in Cybersecurity, Information Systems, or equivalent experience (Master’s preferred)
• 10+ years of experience in identity and access management, including 8+ years in cloud environments
• Strong hands-on experience with Keycloak and AWS IAM Identity Center for SSO and MFA implementations
• Deep knowledge of identity federation protocols including SAML, OAuth2.0, OIDC, and SCIM
• Strong expertise in RBAC, ABAC, and policy-based access control frameworks
• Experience working with federal compliance frameworks such as FedRAMP, FISMA, and NIST 800-63
• Strong understanding of PKI, digital certificates, encryption, and secure authentication mechanisms
• Experience integrating identity governance tools such as SailPoint or Saviynt is a plus
• Familiarity with AWS security services including KMS, CloudTrail, Lambda, and API Gateway authentication
• Strong analytical, troubleshooting, and communication skills in complex distributed environments
• Experience working in Agile and DevSecOps environments with CI/CD and IaC practices
• Ability to collaborate effectively with technical and executive stakeholders in a consulting-style role

• Competitive salary range of $153,000 to $207,000 annually depending on experience and location
• Comprehensive medical, dental, and vision insurance plans
• 401(k) retirement plan with company match
• Flexible work arrangements with fully remote eligibility within the United States
• Paid time off including vacation, sick leave, holidays, and parental leave
• Life, disability, and supplemental insurance options
• Access to professional development, internal mobility programs, and career growth tools
• Exposure to large-scale federal cloud modernization and cybersecurity programs
• Strong emphasis on work-life balance and employee wellbeing programs
• Collaborative, mission-driven environment focused on secure digital transformation