Mainframe Security Architect

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Are you passionate about security architecture and driven to protect against the latest threats? We are seeking a Security Architect who will join our team and take the lead on developing, implementing, and maintaining our security strategy within our Service Provider organization. 

As our Security Architect, you will work closely with our leadership team to design and implement effective security solutions that not only protect our business objectives and regulatory requirements, but also provide innovative solutions to stay ahead of emerging threats.

You will conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design and implementation within a Service Provider environment to create a cutting-edge security architecture framework. You will also work to maintain policies, standards, and guidelines related to information security within our organization, collaborating with cross-functional teams to implement security controls and technologies such as encryption, authentication, and authorization solutions.

Your role will also involve conducting security reviews of vendors and third-party partners to ensure they meet our rigorous security standards, as well as performing regular security and risk reviews of our Service Provider environment to identify vulnerabilities and recommend remediation activities.

At the forefront of security trends and technologies, you will advise our senior leadership team on the latest security best practices, and stay ahead of emerging security threats, always keeping our organization one step ahead. Join us on this exciting journey of securing our Service Provider organization and protecting our customer’s assets.

Your Future at Kyndryl
Every position at Kyndryl offers a way forward to grow your career, from a Junior Architect to Principal Architect – we have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms.

Kyndryl currently does not require employees to be fully vaccinated against COVID-19, however, if you are hired to work at a client, customer, or partner location, you may be required to show proof of vaccination to align with their respective COVID-19 vaccination policies.  Those who believe they are eligible may apply for a medical or religious accommodation prior to the start of employment.

Who You Are

You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others.

Required Technical and Professional Expertise

· Minimum of 7 years of experience in the related technology, with a preference for more experience aligned to seniority grading (up to 15 years).

· Experience in working on Mainframe services delivery or consulting.

· Experience in working with global teams, including presentation and client-facing roles.

· Experience on the Z platform, with a focus on z/OS, and fair knowledge/experience on other domains such as database, middleware, storage, network, and performance.

· Working knowledge of Mainframe ESM such as RACF/ACF2/TopSecret, including the basics, commands, operations, capabilities, and integrations.

· Knowledge on Z security concepts, such as PR/SM Virtualization, Common Criteria, HMC/SE Security, SAF, APF, Problem State vs. Supervisor State, Supervisor Calls, ACEE, SMF, Role-based Access, Principle of Least Privilege, Privileged Access Management, Database/Middleware/Network Security.

Theoretical (preferred) or Practical (optional) knowledge on some (if not all) of the following Mainframe Security concepts/technologies:

· ESM Management - ESM DB Sharing/Clustering/Plex, ESM Migrations, DB2 ESM Security Management, Failure Recovery, Disaster Recovery, Reporting, Auditing, Exits.

· Mainframe IAM - Passphrases, MFA, Digital Certificate Management, Password Tokens (including JWT), Single Sign-on, and Enterprise Integrations (LDAP).

· Encryption Management - Symmetric/Asymmetric Encryption (methods and algorithms), Key Management aspects (including KMS such as UKO, SKLM), Data-at-rest/Data-in-transit/Data-in-memory encryption methods, Pervasive Encryption Features, z/OS Dataset Encryption, zERT, Database Encryption, Secure Key Operations, ICSF, Key Datasets (PKDS/CKDS/TKDS), CPACF, Crypto Adapters, TKE, Data Compression (zEDC), and awareness of Advanced Z Encryption Capabilities (such as Quantum-safe Encryption, Secure Boot, Fully Homomorphic Encryption, Data Privacy Passports).

· Mainframe Security Intelligence/Monitoring - Security Healthchecks, Monitoring Solutions (such as IBM zSecure, Broadcom CEM, or BMC AMI), SIEM Integration.

· Mainframe Security Patch Management - IBM Security/Integrity APAR Confidentiality, z/OS System Integrity Statement, Z Security Portal, Major Vulnerability Handling, and ISV/OEM Software security patch management.

· Mainframe Security Compliance/Privacy Management concepts - Regulatory Standards/Policies (NIST/PCI/HIPAA/GDPR/DORA), Vulnerability scanning, Penetration testing, Solutions such as zSCC/DPfD/zCT.

· Other security concepts - Zero Trust Framework, DevSecOps on Z, Threat Analytics, Fraud detection, Ransomware protection, Breakglass Logon, AI adoption in Z Security, Hyperscaler Integrations, API Security, Network Security (Intrusion Detection/Prevention, IPSec, IP Filtering, SSL/AT-TLS, Port Control), Solutions such as zACS/zACM/VAP.

· Data Resiliency concepts - Security vs. Resiliency, File Integrity Monitoring, Immutable Copies, Disaster Recovery, Data Replication, RTO/RPO, Replication/Resiliency Solutions (GDPS/Safeguarded Copy/Cyber Vault/LWORM).

The compensation range for the position in the U.S. is - $107,400 to $204,000 based on a full-time schedule.  

Your actual compensation may vary depending on your geography, job-related skills and experience.  For part time roles, the compensation will be adjusted appropriately. The pay or salary range will not be below any applicable state, city or local minimum wage requirement.

There is a different applicable compensation range for the following work locations: 

California: $118,200 to $244,920 

Colorado: $107,400 to $204,000 

New York City: $128,880 to $244,920 

Washington: $118,200 to $224,520 

Washington DC: $118,200 to $224,520 

This position will be eligible for Kyndryl’s discretionary annual bonus program, based on performance and subject to the terms of Kyndryl’s applicable plans. You may also receive a comprehensive benefits package which includes medical and dental coverage, disability, retirement benefits, paid leave, and paid time off.  Note: If this is a sales commission eligible role, you will be eligible to participate in a sales commission plan in lieu of the annual discretionary bonus program.
Applications will be accepted on a rolling basis.

Being You

Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way.

What You Can Expect

With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations.  At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred!
If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.