Mainframe Logical Security Engineer

RESPONSIBILITIES:
Kforce has a client that is seeking a Mainframe Logical Security Engineer in Chandler, AZ.

Overview:
We are seeking an experienced Mainframe Logical Security Engineer to support and manage security controls across IBM z/OS environments. This role focuses on access control, compliance, monitoring, and security administration within enterprise mainframe systems. The ideal candidate will have strong hands-on experience with RACF (or equivalent tools) and the ability to safeguard critical systems and sensitive data.

What You'll Do:
* Access Control & Administration: Administer and maintain RACF security environments across z/OS systems
* Create, modify, and revoke: User IDs; Groups; Resource profiles; Dataset and subsystem access permissions
* Implement and enforce least privilege access models
* Secure access to key systems and resources including Datasets; Applications (CICS, DB2, IMS, MQ); System-level resources; Security & Compliance
* Define and maintain security policies and access standards
* Perform periodic access reviews and audits
* Support compliance with regulations such as: SOX; PCI; HIPAA (where applicable)
* Ensure all access controls align with enterprise governance and audit requirements
* Monitor and analyze security activity through: RACF reports; SMF logs; SIEM tools
* Investigate and respond to: Access violations; Unauthorized access attempts; Security incidents
* Troubleshoot and resolve access issues and authorization failures
* Secure mainframe subsystems and integrations, including: CICS, DB2, IMS, MQ, TCP/IP, USS
* Support integration with: Enterprise IAM solutions; Single Sign-On (SSO) and multi-factor authentication (MFA)
* Assist with system-wide configuration of RACF classes, rules, and profiles
* Support encryption and certificate management
* Assist with TLS/SSL configuration and secure communication
* Work with cryptographic services (e.g., ICSF) where applicable

REQUIREMENTS:
* 5+ years of experience in IBM mainframe (z/OS) environments
* Strong hands-on experience with: RACF administration (or ACF2 / Top Secret); User and group management; Dataset and subsystem security
* Experience with: Security audits and access reviews; Monitoring and analyzing security logs
* Strong understanding of z/OS security architecture; Access control models and compliance practices
* Excellent troubleshooting and analytical skills

Preferred Qualifications:
* Experience with ACF2 or Top Secret
* Familiarity with SIEM tools (Splunk, QRadar, or similar)
* Experience supporting enterprise audits and compliance initiatives
* Exposure to IAM integration, SSO, and MFA solutions
* Automation or scripting experience (REXX, Python, Shell)
* Experience in financial services or regulated environments

What Makes This Role a Great Fit:
* You enjoy working on security and access control at a deep technical level
* You are detail-oriented and focused on protecting critical systems and data
* You thrive in environments requiring compliance, audit readiness, and precision
* You are comfortable working across teams to support secure and reliable operations

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.