Mainframe Logical Security Engineer
Quick Overview
Job Description
Job Description Summary
The Role:
We are seeking a skilled Mainframe Logical Security Engineer to design, implement, and manage security controls across IBM z/OS environments. The role ensures the confidentiality, integrity, and availability of enterprise systems and data by enforcing robust access controls and complying with regulatory requirements.
* This role requires employees to live in or around the Phoenix, AZ area. You will be responsible to be onsite 3 days a week. We will consider candidates who are willing to relocate to the area.
Job Description
Responsibilities:
Administer and maintain RACF security environment across z/OS systems
Create, modify, and revoke:
User IDs
Groups
Resource profiles
Dataset and subsystem access permissions
Implement and maintain least-privilege access controls for:
Datasets
Applications (CICS, DB2, IMS, MQ)
System resources
Security Controls & Compliance
Configure and maintain security policies aligned with enterprise standards
Perform periodic access reviews, audits, and compliance checks
Support regulatory compliance (e.g., SOX, PCI, HIPAA where applicable)
Implement data protection controls and access monitoring mechanisms
Monitoring & Incident Response
Analyze security logs and reports:
SMF records
RACF reports
SIEM alerts
Investigate:
Access violations
Unauthorized access attempts
Security incidents
Troubleshoot and resolve:
Authorization failures
RACF-related abends or access issues
Security Architecture & Integration
Secure mainframe subsystems and integrations:
CICS, DB2, IMS, MQ, TCP/IP, USS
Support integration with:
Enterprise IAM solutions
Single Sign-On (SSO) / MFA (where applicable)
Define and maintain RACF classes, profiles, and rules for system-wide protection
Encryption & Advanced Security
Support:
Digital certificates
TLS/SSL configuration
ICSF (crypto services) at a high level
Ensure secure key management and encryption practices
Job Qualifications
Required Qualifications:
Strong hands-on experience with:
RACF administration on z/OS
Deep knowledge of:
RACF profiles, classes, and dataset security
User/group management and access control models
Experience with:
SMF data analysis
Security reporting and audit tools
Strong understanding of:
z/OS security concepts and system internals
Preferred Experience:
Experience in banking or financial services environments
Exposure to:
ACF2 or Top Secret (nice to have)
SIEM tools (Splunk, QRadar, etc.)
Experience with:
Automation (REXX, Python)
Identity governance tools
Experience with enterprise-wide security transformations or IAM integration
Knowledge of Zero Trust or modern security frameworks
Experience supporting regulatory audits in large enterprises.
Skills
Similar jobs
Journeyman Cyber Security Engineer (Splunk/TS) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
43 minutes agoJourneyman Cyber Security Engineer (Splunk/SIPR) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
1 hour agoProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
1 hour ago$148.8k - $201.3k/yrSenior Splunk Cyber Security Engineer
MANTECH · Chantilly, United States
2 hours agoSAP Security Analyst
SAIC · Arlington, United States
2 hours ago$120.0k - $160k/yrSenior Product Security Engineer with Security Clearance
Boeing · Berkeley, United States
2 hours ago$162.3k - $219.7k/yr