z/OS Cyber Security Systems Programmer

Job Summary::

DDC is seeking a Cyber Security Systems Programmer.

This position is contingent upon contract award.

Deploying measures to protect communications to and from z/OS and zLinux.

• Implementing system authorization facility (SAF) controls through z/OS resource managers.
• Planning, installing, customizing, and implementing security controls under z/OS software products.
• Planning, installing, customizing and implementing Application Transparent security with z/OS Policy Agent.
• Planning, installing, customizing and implementing Transport Layer Security with z/OS Policy Agent.
• Planning and configuring the Policy Agent (PAGENT) to manage the rules and policies that define how
• SSL is used to connect to components under z/OS such as IBM Integration Bus.
• Planning and configuring the PAGENT to integrate with RACF such as using RACF key ring for certificate.
• Planning and implementing Resource Access Control Facility (RACF) definitions for security controls.
• Planning and configuring z/OS Intrusion Detection Services (IDS) to detect and report of scan attacks.
• Planning and configuring z/OS IDS to detect, report, and prevent all well-known attacks.
• Planning and configuring Port security under z/OS Communications Server TCP/IP security.
• Planning and configuring Stack security features under z/OS Communications Server TCP/IP.
• Planning and configuring IP filtering rules under PAGENT.
• Planning and configuring network access using SAF to control access to the entire networks or sub networks by individuals.
• Executing Packet tracing to perform problem determination and resolution of network security.
• Providing technical expertise in the design and implementation of Data Center’s external communications interfaces.
• Develops, implement, maintains, and executes network security controls in support of Disaster Recovery where the recovery site is geographically remote using a data mirroring strategy for Recovery.
• Develops, maintains, and executes security plans which conform to US government directives.
• Planning and configuring security for z/OS UNIX System Services daemons.
• Planning and configuring security for the z/OS UNIX System Services kernel.
• Planning and configuring permissions bits z/OS UNIX directories and files.
• Planned, implemented, and configured z/OS UNIX auditing capabilities.
• Working with Security Operation Center to perform security scan and resolving Common Vulnerabilities and Exposures (CVEs) vulnerabilities.

• Ten (10) years of demonstrated experience working with z/OS Communication Server SNA and IP networks.
• Ten (10) years of demonstrated experience working with the z/OS operating system, IP and SNA protocols, z/OS UNIX System Services, and Time Sharing Option (TSO)/ Interactive System Productivity Facility (ISPF).
• Ten (10) years of demonstrated experience enabling IP address spaces, servers, and applications under z/OS Communications server.
• Ten (10) years of demonstrated experience enabling and securing z/OS Commination Server TCP/IP stack and applications.
• Five (5) years recent experience securing application communication sessions with Application Transparent Transport Layer Security (AT-TLS).
• Five (5) years recent experience protecting TCP/IP from unauthorized access using System Authorization Facility (SAF) resource profiles defined in the SERAUTH class.
• Five (5) years recent experience protecting resources through such functions as intrusion detection services (IDS) and IP filtering.
• Five (5) years recent experience enabling the ability to access TN3270E Telnet server based on SAFuser id associated with a personal identity verification (PIV) card x.509 client certificate.
• Five (5) years recent experience enabling IBM Express Logon Feature and Web Express Logon.
• Five (5) years recent experience protecting IP port access against unauthorized use.
• Five (5) years of demonstrated experience enabling cryptographic standards such as FIPS 140.
• Five (5) years of recent network security expertise in Internet, Intranet, Web Applications, Routers, Switches, Hubs, Transaction Servers, and Web Application Servers.
• Five (5) years of recent experience analyzing SSL trace, Packet trace and GTF traces in performing problem determination and resolution.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60–1.4(a), 60–300.5(a) and 60–741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

#LI-DNP