**Introduction** A career in IBM Software means you’ll be part of a team that transforms our customers’ challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world’s leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career. IBM Intelligent Automation, powered by AI, addresses challenges by helping People become more productive, Businesses more scalable, and Systems more resilient. We combine human skills with automation and AI to enhance team productivity and improve decision making. We help companies digitize and intelligently automate and connect their business processes and systems end-to-end to improve business outcomes at scale. We assure that all of the applications and systems businesses rely on are always on and perform cost effectively to deliver the best possible user experience. IBM’s product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive. **Your role and responsibilities** Keycloak is the leading open source Identity and Access management platform, and part of the Cloud Native Computing Foundation (CNCF). It provides a broad range of capabilities to secure applications in a cloud-native environment, such as single sign-on (SSO), identity brokering and user federation. The Keycloak Core Clients team is seeking a Senior Software Engineer to lead advancements in authentication protocols and security capabilities. In this role, you’ll enhance support for standards like OAuth2, OIDC, and SAML; improve features such as passwordless login, risk-based, and step-up authentication; and ensure the platform adapts to emerging security requirements. Your contributions will help strengthen Keycloak’s standing in the IAM ecosystem, including participation in industry specification working groups to influence and implement the future of identity standards. * Advance IAM and Open Standards: Design and implement authentication and authorization features in Keycloak, ensuring compliance with standards such as OAuth 2.0, OpenID Connect, SAML, FIDO2/WebAuthn, Passkeys, and mutual TLS (mTLS). Contribute actively to community working groups and industry specification efforts. * Enhance Cloud-Native Architecture: Collaborate on maintaining and evolving Keycloak’s core codebase with a focus on scalability, performance, and cloud-native deployment needs. * Security Compliance and Integration: Strengthen Keycloak’s alignment with industry security standards and improve interoperability across diverse application environments. * Support and Grow the Open Source Community: Promote best practices, refine security documentation, and improve onboarding processes while contributing to IAM-focused Special Interest Groups (SIGs). * Team Collaboration and Delivery: Engage in daily team operations including bug triage, test suite maintenance, sprint planning, customer support, and roadmap development. Ensure Product Quality and Reliability: Design and implement automated tests and testing frameworks to validate functionality, scalability, and usability across diverse deployment scenarios. Identify and document bugs, contribute to test suite maintenance, and drive continuous improvement in quality assurance practices. **Required technical and professional expertise** * Minimum of 5 years of extensive Java development experience with strong proficiency in Jakarta EE. * Solid hands-on experience with token-based security protocols such as OAuth2 and OpenID Connect. * Strong foundational knowledge of cloud application development and security principles. * Demonstrated ability to mentor engineers and collaborate effectively in team environments. * Excellent verbal and written communication skills in English. **Preferred technical and professional experience** * Familiarity with passwordless authentication solutions (e.g., Passkeys, WebAuthn, FIDO2). * Understanding of Zero Trust architecture and Confidential Computing principles. * Experience with mTLS authentication and mutual certificate-based security models. * Practical knowledge of Quarkus and reactive programming paradigms. * Previous contributions to open-source IAM, security, or cloud-native projects. * Proficient in Jenkins, CI/CD workflows, and pipeline development for automated testing and deployment * Familiarity with JavaScript and ReactJS * Quick learner with a proactive approach to troubleshooting and resolving technical challenges IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.