The Identity & Platform Engineer is responsible for designing, implementing and operating the core platform services that provide:

• Kubernetes platform services
• Sovereign identity management
• Federation and authentication services
• Privileged access management
• Secrets management
• Customer identity integration
• Platform security and governance

The successful candidate will play a key role in delivering a Zero Trust, sovereign cloud platform built around: FreeIPA, Teleport, authentic, Bitwarden, Kubernetes.

Key Responsibilities:

Identity & Access Management Engineering:

• Design, implement and operate the sovereign identity platform supporting workforce, administrative and customer identity domains.
• Implement and maintain FreeIPA as the authoritative administrative identity platform.
• Deploy, configure and operate authentik for customer federation, SAML and OIDC integration.
• Implement and maintain Teleport as the privileged access management platform.
• Design and maintain RBAC models across Kubernetes, Rafay and supporting platform services.
• Integrate phishing-resistant MFA technologies including WebAuthn and FIDO2 security keys.
• Implement identity life cycle management processes including onboarding, access reviews and deprovisioning.
• Support customer identity federation onboarding and integration activities.
• Contribute to the ongoing evolution of the platform's Zero Trust architecture

Security, Governance & Zero Trust:

• Implement Zero Trust security controls across platform services.
• Design and maintain Kubernetes RBAC and tenant isolation controls.
• Implement privileged access governance using Teleport.
• Maintain audit logging, compliance evidence collection and security monitoring capabilities.
• Support security reviews, threat modelling and risk assessments.
• Implement security hardening standards across Kubernetes, Linux and supporting infrastructure.
• Participate in security incident response and root cause analysis activities.
• Maintain compliance with security and governance requirements

Secrets & Certificate Management:

• Operate Bitwarden and Bitwarden Secrets Manager platforms.
• Manage operational credentials, API keys and automation secrets.
• Implement secure secret distribution patterns for platform and application workloads.
• Support certificate life cycle management and PKI integration.
• Maintain operational processes for break-glass credential governance and recovery.

Required Experience & Skills:

• Hands-on experience operating production Kubernetes environments.
• Soild Linux systems administration and troubleshooting experience.
• Knowledge designing and operating Identity and Access Management (IAM) solutions
• Experience with LDAP, Kerberos, SAML and OpenID Connect (OIDC).
• Previous experience implementing authentication, federation and RBAC solutions.
• Skilled in operating infrastructure and platform security services.
• Experience with Infrastructure as Code and automation tooling.
• Knowledge implementing monitoring, logging and observability solutions.
• Soild understanding of Zero Trust security principles.
• Experience with GitOps practices and cloud-native operational models.
• Proven incident management and root cause analysis experience.

One or more would be an advantage

• Prior experience with FreeIPA or enterprise directory services.
• Experience with authentik, Keycloak or similar federation platforms.
• Knowledge with Teleport, CyberArk or other privileged access management technologies.
• Experience with Bitwarden, Vault or secrets management platforms.
• Knowledge operating GPU-enabled Kubernetes environments.
• Previously supported AI, HPC or large-scale compute platforms.
• Experience implementing PKI and certificate management solutions.
• Kubernetes multi-tenancy and platform security experience.
• Sovereign, regulated or highly secure environments exposure.
• Familiarity with SOC2, ISO27001, NCSC or equivalent security frameworks.
• Background in Platform Engineering, DevOps or Site Reliability Engineering