Mainframe Logical Security Engineer
Kyndryl · Phoenix, AZ · 1 wk ago
HybridCustomer ServiceFull-time
About the role
We are seeking a skilled Mainframe Logical Security Engineer to design, implement, and manage security controls across IBM z/OS environments. The role ensures the confidentiality, integrity, and availability of enterprise systems and data by enforcing robust access controls and complying with regulatory requirements.
Responsibilities
- Administer and maintain RACF security environment across z/OS systems
- Create, modify, and revoke: User IDs, Groups, Resource profiles, Dataset and subsystem access permissions
- Implement and maintain least-privilege access controls for: Datasets, Applications (CICS, DB2, IMS, MQ), System resources
- Configure and maintain security policies aligned with enterprise standards
- Perform periodic access reviews, audits, and compliance checks
- Support regulatory compliance (e.g., SOX, PCI, HIPAA where applicable)
- Implement data protection controls and access monitoring mechanisms
- Analyze security logs and reports: SMF records, RACF reports, SIEM alerts
- Investigate: Access violations, Unauthorized access attempts, Security incidents
- Support troubleshooting and resolution: Authorization failures, RACF-related abends or access issues
- Secure mainframe subsystems and integrations: CICS, DB2, IMS, MQ, TCP/IP, USS
- Support integration with: Enterprise IAM solutions, Single Sign-On (SSO)/MFA (where applicable)
- Define and maintain RACF classes, profiles, and rules for system-wide protection
- Ensure secure key management and encryption practices
- Support encryption and advanced security features (e.g., Digital certificates, TLS/SSL configuration, ICSF)
Qualifications
- Strong hands-on experience with: RACF administration on z/OS
- Deep knowledge of: RACF profiles, classes, and dataset security, User/group management and access control models
- Experience with: SMF data analysis, Security reporting and audit tools
- Strong understanding of: z/OS security concepts and system internals
Preferred Experience
- Experience in banking or financial services environments
- Exposure to: ACF2 or Top Secret (nice to have)
- Experience with: Automation (REXX, Python), Identity governance tools
- Experience with enterprise-wide security transformations or IAM integration
- Knowledge of Zero Trust or modern security frameworks
- Experience supporting regulatory audits in large enterprises