Cloud Security Engineer (Mainframe Security Specialist)

We are seeking a Cloud Security Engineer (Mainframe Security Specialist) who ensures the migrated IBM Z environment’s security and compliance posture is robust and meets DoD requirements. This role combines cloud security practices with mainframe security expertise. It involves configuring mainframe security (e.g. RACF/ACF2) and implementing continuous security controls and audits in line with DevSecOps principles. A key outcome is achieving the necessary accreditation (ATO) for the system to operate at Secret level.

This position is contingent upon contract award.

• Security Configuration: Configure and manage mainframe security subsystems – defining RACF/ACF2 profiles, user roles, dataset access rules, and system privileges to enforce least privilege access. Implement multi-factor authentication or integration with enterprise identity management as required.
• Compliance & Hardening: Apply DoD security hardening guidelines (e.g. DISA STIGs for z/OS) to the mainframe environment. Remediate any findings from security scans. Ensure all mainframe and hybrid cloud connections meet Secret-level encryption and security standards.
• DevSecOps Integration: Embed security checks into CI/CD and infrastructure automation pipelines. Set up automated vulnerability scanning of mainframe code (if applicable) and configuration compliance scanning for the system (for example, using z/OS compliance checker tools). Ensure that security gates (SAST/DAST, config checks) are part of the deployment process.
• ATO Documentation & Monitoring: Prepare and maintain documentation for the Risk Management Framework (RMF) to obtain Authority to Operate. This includes security control implementation statements, network diagrams, and access control lists for auditors. Post-implementation, continuously monitor security logs and alerts on the mainframe and cloud interfaces, and conduct periodic audits to ensure compliance is maintained.
• Other duties as assigned.

• 8+ years in IT security engineering, with at least 3+ years in mainframe security administration (RACF, ACF2, or Top Secret administration on z/OS).
• Familiarity with DoD cybersecurity requirements and processes (Security Technical Implementation Guides – STIGs, RMF/ATO process, NIST 800-53 controls).
• Knowledge of cloud security concepts (network segmentation, encryption, zero-trust) and how to extend them to a mainframe environment.
• Experience with DevSecOps tooling (CI/CD pipeline security scans, SIEM integration, automated compliance checks).
• Clearance: Active DoD Secret clearance required (working with Secret data and security controls).

Preferred Qualifications:

• Certifications such as CISSP, CISM or vendor-specific security certs (e.g. GIAC Mainframe Security, Certified Information Systems Security Officer).
• Experience in hybrid environments (e.g. securing data flows between on-prem mainframes and cloud services).
• Background in audit or security assessment roles, which helps in preparing thorough compliance documentation.