We are hiring a Senior Technical Specialist to lead engineering and operations for Keycloak-based Web SSO/IAM and OpenBao-based secret management. The role involves owning end-to-end delivery including packaging (Helm, containers, RPM), integrations (e.g., MariaDB, load balancers), upgrades, and lifecycle management aligned with certification and reliability standards. The candidate will define best practices for Keycloak configurations (realms, roles, federation, MFA) and OpenBao usage (policies, auth methods, engines, audit, and metrics). Additionally, the role includes driving CI/CD and automation improvements, troubleshooting complex issues such as SSO flows, TLS, and failover scenarios, and mentoring engineers through design reviews and technical guidance.
Responsibilities- Lead Keycloak delivery: packaging (Helm/Docker/RPM/related), theme, upgrades, reliability, LCM alignment.
- Lead OpenBao-based secrets: engines (DB, PKI, transit, SSH CA), K8s auth, policies, audit/metrics.
- Define guidance for teams: Keycloak entities (realms, roles, federation, MFA) and OpenBao policies/operations.
- Improve CI, automation, and certification (function/performance).
- Triage complex issues: SSO flows, TLS, tokens, Bao HA/failover, upgrade regressions.
- Mentor Senior Engineers and others; review designs and changes.
Must have -
- 8+ years of experience in software design, development, and testing, with a Bachelor’s/Master’s degree (or equivalent) in Computer Science or a related field.
- Strong expertise in Keycloak (SSO/IAM, OIDC/OAuth2, federation, MFA, theming) and OpenBao (or HashiCorp Vault equivalent).
- Proficiency in Python, with working knowledge of Go and/or Java.
- Hands-on experience with Kubernetes, Helm, Docker, CI tools like Jenkins, and integrations (MariaDB/MySQL, load balancers), along with solid security fundamentals (TLS, SSH, PKI).
Good to have -
- Experience with CI/CD testing frameworks (Robot, Pytest, Radish, Cucumber, etc.) and certification-style validation.
- Exposure to packaging formats such as RPM and multi-format delivery pipelines.
- Familiarity with security scanning and vulnerability tools (Anchore, Tenable, Netsparker, Nmap, SBOM tooling).
Experience in HA setups, performance tuning, complex troubleshooting, and working with global/distributed teams.
Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we’re advancing connectivity to secure a brighter world.
Our recruitment process
We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.
If you’re interested in this role but don’t meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.
The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia.
- Flexible and hybrid working schemes
- A minimum of 90 days of Maternity and Paternity Leave, with the option to return to work within a year following the birth or adoption of a child (based on eligibility)
- Life insurance to all employees to provide peace of mind and financial security
- Well-being programs to support your mental and physical health
- Opportunities to join and receive support from Nokia Employee Resource Groups (NERGs)
- Employee Growth Solutions to support your personalized career & skills development
- Diverse pool of Coaches & Mentors to whom you have easy access
- A learning environment which promotes personal growth and professional development - for your role and beyond
