Mainframe Logical Security Engineer
Role details
Job location
Tech stack
Job description
We are seeking a skilled Mainframe Logical Security Engineer to design, implement, and manage security controls across IBM z/OS environments. The role ensures the confidentiality, integrity, and availability of enterprise systems and data by enforcing robust access controls and complying with regulatory requirements.
This role requires employees to live in or around the Plano, TX, Charlotte, NC, Richmond, VA, Jacksonville, FL, Pennington, NJ, Chicago, IL area. You will be responsible to be onsite 3 days a week. We will consider candidates who are willing to relocate to any of these areas.
Responsibilities Include:
- Administer and maintain RACF security environment across z/OS systems
- Create, modify, and revoke:
- User IDs
- Groups
- Resource profiles
- Dataset and subsystem access permissions
- Implement and maintain least-privilege access controls for:
- Datasets
- Applications (CICS, DB2, IMS, MQ)
- System resources
Security Controls & Compliance
- Configure and maintain security policies aligned with enterprise standards
- Perform periodic access reviews, audits, and compliance checks
- Support regulatory compliance (e.g., SOX, PCI, HIPAA where applicable)
- Implement data protection controls and access monitoring mechanisms
Monitoring & Incident Response
- Analyze security logs and reports:
- SMF records
- RACF reports
- SIEM alerts
- Investigate:
- Access violations
- Unauthorized access attempts
- Security incidents
- Troubleshoot and resolve:
- Authorization failures
- RACF-related abends or access issues
Security Architecture & Integration
- Secure mainframe subsystems and integrations:
- CICS, DB2, IMS, MQ, TCP/IP, USS
- Support integration with:
- Enterprise IAM solutions
- Single Sign-On (SSO) / MFA (where applicable)
- Define and maintain RACF classes, profiles, and rules for system-wide protection
Encryption & Advanced Security
- Support:
- Digital certificates
- TLS/SSL configuration
- ICSF (crypto services) at a high level
Ensure secure key management and encryption practices
Requirements
You're good at what you do and possess the required experience to prove it. However, equally as important - you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused - someone who prioritizes customer success in their work. And finally, you're open and borderless - naturally inclusive in how you work with others., * Strong hands-on experience with:
- RACF administration on z/OS
- Deep knowledge of:
- RACF profiles, classes, and dataset security
- User/group management and access control models
- Experience with:
- SMF data analysis
- Security reporting and audit tools
- Strong understanding of:
- z/OS security concepts and system internals
Preferred Experience:
- Experience in banking or financial services environments
- Exposure to:
- ACF2 or Top Secret (nice to have)
- SIEM tools (Splunk, QRadar, etc.)
- Experience with:
- Automation (REXX, Python)
- Identity governance tools
- Experience with enterprise-wide security transformations or IAM integration
- Knowledge of Zero Trust or modern security frameworks
- Experience supporting regulatory audits in large enterprises