IT Security Engineer - Senior

W2 is accepted.

Client is looking for an ACF2 Senior Security Engineer.

As a member of the Security team, you will use your expertise and experience to assess risk, identify potential gaps in access and security, design and implement security controls for ACF2 to keep data and access in the mainframe environment secure.

This position will assist in implementing security controls to ensure the confidentiality, integrity, and availability of Client’s IT assets. Responsible for the administration of ACF2 mainframe services and lifecycle governance processes around ACF2 user authentication and resource access.

1. A minimum of 10 years’ experience as a Security Engineer supporting ACF2 Security environment
2. Hands on experience with z/OS System Security.
3. Experience establishing SSL and Digital Certificate, risk assessment, business continuity/DR, etc.
4. Software/Application security (i.e.: z/OS, CICS, DB2, IMS, MQSeries, JES2), z/OS System and Sub-System knowledge (i.e.: JCL, SDSF, JES2, FTP).
5. Passionate cyber security professional, eager to share knowledge and educating more junior staff.
6. Thought Leader on Security Technologies.
7. Able to lead complex Security Projects and report out to Leadership.
8. High level of perseverance, energy, and confidence to act as ACF2 security Subject Matter Expert.

1. Familiarity with ACF2-RACF role-based access governance
2. Client currently uses ACF2-UID (user identity) but slowly moving to role-based
3. Integrating the IBM mainframe with AZURE.
4. Experience with SIEM tools and their integration to mainframe, such as Splunk, LogRhythm or QRadar.
5. Experience with Privileged Access Governance tools and concepts, such as CyberArk, and TAM-Z.

• Supports the publication and communication of security standards, frameworks, principles, and roadmaps to be used throughout the IT organization to guide technology decisions and leverage opportunities through efficient design.
• Assists Security Engineers and Managers in matching security technology assets to specific business service and application development projects to ensure consistent use of models and controls throughout the enterprise.
• Identifies risks to the environment, proposes options to remediation.
• Educates and guides engineers in the vision and use cases of specific solutions within the Security Architecture portfolio.
• Provide guidance on security solutions and designs.
• Participate in working teams to provide support of the definition of an enterprise strategy for including definition of standards, guidelines and best practices for application-to-application and business-to-business integrations.
• Maintain awareness of industry trends and best-practices tied to enterprise technologies to introduce innovation and ensure cost-effectiveness of Client’s standards and strategies.
• Generate and support the definition and selection of enterprise security standards including tools, technology, applications, and processes.
• Drive the scoping and implementation of solutions as required.
• Provide and document traceability from security policies down to underlying technology and its use.