Engineering Lead, Identity
Seven Education
Description
Our mission
Seven Education (formerly Sdui Group) develops a smart, AI‑powered platform that helps schools and educational institutions work more efficiently. Our products reduce administrative workload, improve communication and enable teachers, institutions, and decision-makers to focus on what matters most: learning, growth and people.
As a European EdTech group with 350+ employees, we build intuitive and scalable solutions used widely across the education landscape. Every day, they help create clarity, streamline workflows and strengthen collaboration. We build with courage, ownership and meaningful collaboration - and we stay inspired by the real impact our products create for the people at the heart of education. Our ambition is clear: to become Europe’s leading EdTech brand.
If you want to join that journey and grow with us, we would love to hear from you.
Your mission
As Engineering Lead for Identity, you own and evolve Seven Education's Identity & Access Management platform. The platform is built on Keycloak and serves more than 10 million users across Europe: schools, teachers, parents, and students who rely on it to access our ecosystem every single day. You combine hands-on engineering with technical leadership, ship code yourself, and shape the architecture of a security-critical system at scale.
What you’ll do
- Lead the Identity team, a distributed group of engineers across Europe: run 1:1s, remove blockers, set technical direction, and grow the people on your team.
- Drive the SSO rollout across all our products (Sdui App, Pupil, Fox, Educamos, Additio, Educa) and own the migration from our legacy authentication bridge to the unified Keycloak platform.
- Own the technical architecture of the IAM platform: Keycloak configuration, custom authenticators, identity brokering, and the multi-tenancy model designed for 10M+ users, 50K+ tenants, and 10K concurrent authentications at sub-100ms latency.
- Act as the primary integration partner for product teams adopting centralized IAM: define API contracts, review integrations, and ensure a smooth developer experience.
- Stay hands-on. Write production code, review pull requests, and make pragmatic technical decisions alongside your team.
- Mentor engineers, foster knowledge sharing, and continuously raise engineering standards.
- Collaborate closely with the Director of Domain Engineering to align roadmap, priorities, and cross-team dependencies.
What you’ll bring
- 10+ years of professional backend engineering experience, including at least 2 years in an engineering management or technical lead role.
- Strong PHP development skills, including solid knowledge of design patterns, SOLID principles, and clean code practices.
- Production experience with identity, authentication, or authorization systems at scale, including a solid understanding of OAuth 2.0, OIDC, and the realities of running multi-tenant, high-availability systems in security-critical domains.
- Experience leading distributed engineering teams and managing stakeholder relationships across functions.
- Fluent English communication skills. German is a plus.
- Nice to have: hands-on Keycloak experience (configuration, custom authenticators, realm management, identity brokering).
- Nice to have: familiarity with enterprise identity protocols (SAML, SCIM, LDAP), PHP frameworks like Symfony or Laravel, relational databases (PostgreSQL, MariaDB, MySQL), or containerized cloud infrastructure (Kubernetes, Docker, CI/CD).
Where you’ll be
This role is based in Hamburg, Berlin or Koblenz and works in a hybrid setup. You combine flexible remote work with regular onsite presence at one of our hubs, as personal exchange is an important part of how we collaborate, learn, and grow together. Being on site supports close cross-functional collaboration, strong alignment across the group, and a real connection to our cultu