Platform Engineer - Cloud Access

How do we make our customers happy?

By ensuring that 2,900 colleagues can work safely and efficiently on a platform where 47,000 partner sellers help us build a product catalog for 13.7 million customers. As a Cloud IAM Engineer, you’ll join our brand-new Identity and Access Management team. Our mission: to continually assess and enhance the security posture of our platform.

You’ll design and implement (privileged) access management for our Google Cloud Platform and Istio-based service mesh environments, consolidating all IAM and privileged access tools into one seamless experience. You’ll hold the digital keys that provide engineers with secure access to our cloud infrastructure, without security becoming a bottleneck or burden.

The biggest challenge

You’ll start with a clean slate AND a legacy challenge. On the one hand, you’ll help define what our future IAM should look like. On the other, you’ll modernize systems that have done their job well but are slated for replacement. How can we integrate IAM into our Istio service mesh through industry-standard protocols and consolidate our access management tools into a unified Teleport platform? And how can we accomplish that without disrupting operational continuity? You’ll need to strike the right balance between security and usability, between innovation and stability, and between autonomy and compliance. Plus: you’re not just building technology; you’re creating a foundation that all other teams rely on.

What you'll do as Cloud IAM Engineer

You’ll join a tight-knit, international team of five professionals: two experienced Platform Engineers, a Lead Engineer, a Group Product Manager, and an Engineering Manager. The team hails from South Africa, New Zealand, the Netherlands, and Portugal. And because many of us have been at bol for years, we have in-depth expertise in Platform Engineering and DevOps. Expertise we’ll happily share!

You’ll help shape the development of our new team. Your focus is on consolidating IAM tooling, implementing privileged access management, and replacing legacy designs with modern, scalable systems. Your day-to-day revolves around designing and building access management solutions that enable engineers to work quickly and securely. You’ll integrate systems, advance automation, support audits, and respond to security incidents. You’ll own the full stack – from GCP IAM to Kubernetes RBAC, identity providers, and service mesh authentication.

• Design and implement privileged access management for cloud environments (GCP and Kubernetes clusters)
• Consolidate existing tools into Teleport for a streamlined access experience
• Integrate IAM into our Istio service mesh using industry-standard protocols (OAuth, OIDC, SAML)
• Build automation in Python or Go for scalable, secure access workflows
• Support audits, compliance, and incident response processes
• Contribute to the strategic direction and roadmap of the IAM team
• Share knowledge and best practices with the broader platform engineering community

Why you can make a difference

You combine deep technical knowledge of cloud security with strong execution skills. You have hands-on experience with GCP IAM and navigate Kubernetes environments effortlessly. You know Gcloud and kubectl like the back of your hand, and can confidently write an operator or controller. You live and breathe IAM. Terms like OAuth, SAML, and OIDC are part of your daily vocabulary, and you’re familiar with identity providers like Entra ID and Google Workspace. You believe repetitive tasks should be automated, and know how to achieve that using Python or Go. And crucially, you combine defense in depth with security awareness and developer empathy, ensuring engineers embrace your strategy.

3 reasons why this is (not) for you

• - Silo-seeker We work with peer reviews, transparency, and continuous collaboration. If you prefer to keep yourself hidden away, maybe look elsewhere.
• - Chaos over control Defense-in-depth and structured processes are key. If you see layers and peer reviews as unnecessary bureaucracy instead of security measures, clash incoming.
• - Unicorn hunter Part of your work involves modernizing legacy systems. If you only want to work on greenfield projects and consider existing systems "beneath you" – this won't be a match.

+ IAM, therefore I am You have experience with GCP IAM, Kubernetes, and identity protocols. You understand that access management is the foundation for everything we build—and needs to be rock-solid.

• + Avid automator You see a manual process and think: "I can script that." Python or Go are your tools, Infrastructure as Code your mindset.
• + Broad perspective You're energized by the opportunity to help shape a new team and learn from legacy systems. You understand that the best solutions are built with respect for what was, and driven by ambition for what can be.

Where you'll work

You’ll join our new Cloud IAM team of five internationals. We’re embedded in the broader bol tech organization and work closely with Security, Infrastructure, and all engineering teams that depend on easy and secure cloud access. The culture? International, no-nonsense, and focused on ownership. We value transparent communication, rapid iterations, and concrete results. You’ll have the autonomy to make technical decisions, but also the responsibility to defend and document those choices. And we believe in continuous learning, whether it’s about new cloud services, security best practices, or team dynamics. We go the extra mile to ensure our platform security is straightforward and bulletproof. Ready to manage the keys to our tech platform?

Perks of having a blue heart

Bonus

The bonus is calculated at the end of the year and we always end the year with a fun party!

On and off

At bol we understand like no other that you have to take care of yourself first, then your environment and then bol. In that order. Therefore, everyone at bol receives 29 days of vacation.

The culture and the office

Our colleagues work hard to make the daily lives of our customers easier and more fun. But of course, we do this in an inspiring and creative environment!