RACF Security Administration

RACF z/OS Security Expert to manage and maintain security infrastructure across our mainframe environment, with emphasis on security administration and certificate lifecycle management.

RACF Security Administration

• Design, implement, and maintain RACF security policies and user access controls
• Manage user IDs, groups, and resource profiles (datasets, transactions, programs)
• Conduct security audits, access reviews, and incident response
• Create compliance documentation and audit reports

Certificate Management

• Manage digital certificates within RACF and z/OS using RACDCERT
• Plan and execute certificate renewals to prevent service disruptions
• Monitor certificate expiration dates and maintain renewal schedules
• Generate CSRs and coordinate with Certificate Authorities
• Install, update, and validate SSL/TLS certificates for z/OS applications
• Maintain certificate key rings and trust chains
• Troubleshoot certificate-related connectivity issues

System Security & Compliance

• Implement security controls for CICS, DB2, IMS, MQ, and other z/OS subsystems
• Collaborate with CICS, DB2, MQ, and application teams on security requirements and implementations
• Configure Started Task and Surrogate security
• Monitor SMF security records and investigate anomalies
• Ensure compliance with industry standards (PCI-DSS, SOX, HIPAA)
• Support internal and external security audits
• Participate in disaster recovery planning

• 7+ years of hands‑on RACF administration experience in z/OS environments
• Strong expertise in RACF commands, utilities, and best practices
• Proficiency with RACDCERT for digital certificate management
• Experience with SSL/TLS protocols and PKI infrastructure
• Strong knowledge of ISPF, TSO, JCL, and REXX
• Familiarity with z/OS subsystems security (CICS, DB2, IMS, MQ)
• Understanding of SMF record analysis and security monitoring

• Deep understanding of mainframe security concepts and threats
• Knowledge of security frameworks and regulatory requirements
• Experience with security incident response
• Strong analytical and problem‑solving abilities

• IBM RACF or mainframe security certification
• Experience with zSecure or similar security tools
• Knowledge of encryption technologies (ICSF, z/OS Crypto)
• Security automation and scripting experience

On‑call rotation required
• Occasional off‑hours maintenance

HCL is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to  for investigation.

A candidate’s pay within the range will depend on their work location, skills, experience, education, and other factors permitted by law. This role may also be eligible for performance‑based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program;

401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need‑based leave with no designated number of leave days per year); and 10 paid holidays per year.

Seniority level:
Mid‑Senior level

Employment type:

Full‑time

Job function:
Information Technology

Industries: IT Services and IT Consulting