Haystack
← Back to Jobs
Technology

Mainframe Logical Security Engineer

KyndrylPhoenix, AZ🇺🇸United StatesPosted 11 Jul 2026

Quick Overview

Work Type
On Site
Level
Mid Senior

Job Description

 

Job Description Summary

The Role:

We are seeking a skilled Mainframe Logical Security Engineer to design, implement, and manage security controls across IBM z/OS environments. The role ensures the confidentiality, integrity, and availability of enterprise systems and data by enforcing robust access controls and complying with regulatory requirements.

* This role requires employees to live in or around the Phoenix, AZ area. You will be responsible to be onsite 3 days a week. We will consider candidates who are willing to relocate to the area.

  • Job Description

  • Responsibilities:

    • Administer and maintain RACF security environment across z/OS systems

    • Create, modify, and revoke:

      • User IDs

      • Groups

      • Resource profiles

      • Dataset and subsystem access permissions

    • Implement and maintain least-privilege access controls for:

      • Datasets

      • Applications (CICS, DB2, IMS, MQ)

      • System resources

  •  

  • Security Controls & Compliance

    • Configure and maintain security policies aligned with enterprise standards

    • Perform periodic access reviews, audits, and compliance checks

    • Support regulatory compliance (e.g., SOX, PCI, HIPAA where applicable)

    • Implement data protection controls and access monitoring mechanisms

  •  

  • Monitoring & Incident Response

    • Analyze security logs and reports:

      • SMF records

      • RACF reports

      • SIEM alerts

    • Investigate:

      • Access violations

      • Unauthorized access attempts

      • Security incidents

    • Troubleshoot and resolve:

      • Authorization failures

      • RACF-related abends or access issues

  •  

  • Security Architecture & Integration

    • Secure mainframe subsystems and integrations:

      • CICS, DB2, IMS, MQ, TCP/IP, USS

    • Support integration with:

      • Enterprise IAM solutions

      • Single Sign-On (SSO) / MFA (where applicable)

    • Define and maintain RACF classes, profiles, and rules for system-wide protection

  •  

  • Encryption & Advanced Security

    • Support:

      • Digital certificates

      • TLS/SSL configuration

      • ICSF (crypto services) at a high level

  • Ensure secure key management and encryption practices

  •  

  • Job Qualifications

  • Required Qualifications:

    • Strong hands-on experience with:

      • RACF administration on z/OS

    • Deep knowledge of:

      • RACF profiles, classes, and dataset security

      • User/group management and access control models

    • Experience with:

      • SMF data analysis

      • Security reporting and audit tools

    • Strong understanding of:

      • z/OS security concepts and system internals

  •  

  • Preferred Experience:

    • Experience in banking or financial services environments

    • Exposure to:

      • ACF2 or Top Secret (nice to have)

      • SIEM tools (Splunk, QRadar, etc.)

    • Experience with:

      • Automation (REXX, Python)

      • Identity governance tools

    • Experience with enterprise-wide security transformations or IAM integration

    • Knowledge of Zero Trust or modern security frameworks

    • Experience supporting regulatory audits in large enterprises.

Skills

Encryption
MFA
SSO
Splunk
TCP/IP
HIPAA
Phoenix
Python
Zero Trust

Similar jobs