Role RequirementThe Mainframe Security team is seeking a senior RACF engineer to support mainframe security engineering, tooling, automation, and project execution. The ideal candidate will have deep hands-on experience with IBM RACF, IBM zSecure, and the broader IBM Z security ecosystem, with the ability to design, implement, and support security solutions across complex mainframe environments. This role requires strong analytical, organizational, and communication skills, as well as the ability to work independently with infrastructure, security, application development, and operations teams. The position may require occasional off-hours support for project implementations, production changes, and critical security initiatives.
Key ActivitiesDuties and responsibilities will include but are not limited to the following:
- Design, engineer, and support mainframe security initiatives related to authentication, authorization, encryption, privileged access, sensitive data protection, automation, reporting, utilities, and batch processes.
- Partner with Mainframe Security Architecture and Engineering teams to develop technical solutions, validate designs, perform testing, and support implementation.
- Support deployment of security solutions, including process changes, operational handoff, documentation, and training for security operations teams.
- Assess technical feasibility of proposed solutions and recommend approaches that meet security, operational, audit, and resiliency requirements.
- Collaborate with application development, security product owners, systems programming, database, CICS/MQ, business, and audit teams to gather requirements and implement effective security solutions.
- Create and maintain security monitoring, automation, and reporting solutions using tools such as IBM zSecure, Compliance Manager, Admin Express, multifactor authentication platforms, and key management capabilities.
- Monitor, analyze, and report on key performance indicators, control health, and operational trends; recommend preventative actions and process improvements as needed.
- Provide subject matter expertise on RACF, z/OS security controls, and mainframe security best practices to address questions, issues, audit inquiries, and project requirements.
Qualifications - 10+ years of related experience as a RACF engineer, security engineer, or senior mainframe security administrator.
- Advanced hands-on knowledge of IBM RACF and IBM zSecure, including configuration, internals, reporting, administration, and engineering support.
- Proficiency with JCL, REXX, and CARLa for automation, reporting, utilities, and security tooling development.
- Experience with core z/OS utilities and facilities, including TSO, ISPF, SDSF, and related operational tooling.
- Working knowledge of database technologies and query tools such as DB2, Sybase, and SQL.
- Experience implementing and supporting mainframe authentication and encryption capabilities, including digital certificates, key management, multifactor authentication, and related controls.
- Broad understanding of z/OS infrastructure disciplines, including systems programming, storage, networking, UNIX System Services, CICS, DB2, performance, and enterprise tooling.
- Strong understanding of Identity and Access Management best practices, including least privilege, privileged access management, access certification, segregation of duties, and vulnerability management principles.
- Ability to work independently, manage competing priorities, and deliver results with limited oversight
- Strong project planning, organization, time management, and multitasking skills.
- Proficiency with Microsoft Office business applications, including Excel, Word, Access, and PowerPoint.
- Excellent verbal and written communication skills, with the ability to explain technical concepts to both technical and non-technical stakeholders.
- Collaborative team player who promotes a team-first mindset and contributes to an inclusive, respectful culture.
Expected base pay rates for the role will be between $120,000 and
$170,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs.
To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser.