Haystack
← Back to Jobs
Technology

z/OS USS Security Engineer

Prophecy ConsultingAlpharetta, GA🇺🇸United StatesPosted 14 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

About the job: 

Enterprise Technology & Services (ETS) delivers shared technology services that support all business applications and over 3,000 production systems globally. ETS enables the full software development lifecycle-from development and testing to release engineering, monitoring, and operational support.

The Enterprise Z Security team is responsible for engineering and operating IBM Z mainframe authentication and authorization services. This position will be member of the Enterprise Z Security team and responsible for design, implementation and monitoring security controls for z/OS UNIX System Services, ensuring that USS identity and permissions are properly integrated with mainframe security controls (RACF / Top Secret) and aligned to least privilege, auditability, and operational resilience.

Role Overview

The USS Security Engineer is responsible for securing and administering z/OS UNIX System Services (USS) environments on the mainframe. This role focuses on enforcing least privilege, protecting privileged access, and ensuring alignment between UNIX permissions, ESM controls (RACF/TSS), and enterprise security standards. The engineer will partner closely with Enterprise Z security architect, system programmers, middleware teams, and audit/compliance stakeholders to maintain a secure and compliant USS platform.

Key Responsibilities

Administer and manage USS identities, including UIDs, GIDs, OMVS segments, and service/shared IDs based on policy.
Enforce naming standards, ownership traceability, and lifecycle controls for USS users and services.
Manage and audit POSIX permissions, ownership, and execution rights across critical USS file systems.
Control and monitor privileged access, including UID(0), setuid/setgid programs, and elevated authorities.
Administer USS related ESM controls (RACF/TSS), including UNIXPRIV, FACILITY resources, and STARTED task identities.
Secure USS configuration files, shell environments, PATH settings, and file system mount options.
Monitor USS security events, logs, and audit records.
Support production issues, security incidents, and access related investigations.
Develop and maintain USS security standards, procedures, and documentation

Qualifications Required

Bachelor''s degree and 5+ years of experience with mainframe and z/OS UNIX System Services.
Strong hands on experience securing USS environments.
Proven experience administering RACF or equivalent ESM for USS.
Solid understanding of:
UIDs, GIDs, OMVS segments, and service IDs
POSIX permissions, ownership, and execution controls
Experience with USS related security controls, including:
UNIXPRIV class
FACILITY class resources impacting OMVS
STARTED task identities for USS services
Working knowledge of zFS/HFS file systems, mount options, and USS SMF/audit logging.
Strong understanding of least privilege and separation of duties principles.

Desired

Experience with PKI, digital certificates, Kerberos, SSL/TLS, SSH, or OpenSSL.
Exposure to systems programming concepts (e.g., SMP/E, SYS1 datasets, Assembler).
Understanding of mainframe networking concepts.
Experience supporting or securing middleware technologies (e.g., MQ).

Skills

Shell
PKI

Similar jobs