Description
We require an English speaking Mainframe Application Security Designer/Architect to join a team providing impact analysis, security risk assessment, security requirements, architectural design and/or design validation for IT projects.
Candidates must have extensive experience with IBM Mainframe security (RACF and zSecure) software configuration & internals along with SKLM, Pervasive Encryption, TSO, ISPF, SDSF and JES.
Exposure to UNIX, USS, SQL, DB2, CICS, MQ etc would be a bonus.
Programming skills in one or more of JCL, REXX, CLIST, ISPF or SAS is required as is knowledge of PKI and experience with digital certificates, Kerberos, SSL, SSH etc.
Required Certifications: CISSP and ISO 27001 (LA or LI).
Product certifications in IAM (Identity & Access Management) or PKI domain would be a bonus.
The successful candidate will be able to undertake security risk assessments, develop functional security requirements, undertake process design and provide management reporting. Must be familiar with industry best practice in risk assessment, identity and access management, PKI and secure application development. Experience in security design and architecture would be a significant advantage.
Must have application security knowledge and a good understanding of software development and OWASP guidelines and also be familiar with infrastructure security, secure network principles and protocols used in WAN and LAN's, DMZ, Internet security and network segregation.
Role responsibilities:
- Define and advise on the design, implementation and processes necessary to protect client information system assets.
- Perform risk assessments and translate the security architecture and high-level policies and controls into security requirements for business and IT projects.
- Contribute to architectural design process and validate against the security requirements.
- Define security testing requirements and penetration test scope, supporting test teams to perform the tests and to approve the test reports.
- Recommend and advise on new or improved security services towards the division management.
- Produce documented security services, technical standards or principles.
- Act as a Security SME, interacting with both business and project teams.
This is an English-speaking, long term contract role. Candidates must have the legal right to work in the European Union to be considered.