Job Description

Description and RequirementsHybrid: #LI-Hybrid"At BMC trust is not just a word - it's a way of life!"We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud!We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation!The IZOT product line includes BMC's Intelligent Z Optimization & Transformation products, which help the world's largest companies to monitor and manage their mainframe systems. The modernization of mainframe is the beating heart of our product line, and we achieve this goal by developing products that improve the developer experience, the mainframe integration, the speed of application development, the quality of the code and the applications' security, while reducing operational costs and risks. We acquired several companies along the way, and we continue to grow, innovate, and perfect our solutions on an ongoing basis.We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems.Primary Roles and Responsibilities:

• Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem.

• Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems.

• Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products.

• Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC.

• Drive remediation efforts through hands-on collaboration and secure design guidance.

• Author technical reports and deliver executive summaries tailored to various audiences.

• Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems.

• Assess common integration patterns (SOA, REST/JSON, MQ) for security risks.

To ensure you're set up for success, you will bring the following skillset & experience:

• 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments.

• Deep knowledge of mainframe communication protocols and security mechanisms.

• Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems.

• Proficient in tools such as:

• Mainframe utilities: REXX, ISPF panels, NetView

• Security tools: Nmap, Burp Suite, Wireshark, custom scripts

• Strong scripting and automation skills (Python, REXX, Bash, or similar).

• Strong communication and leadership skills, with a proven ability to lead technical teams or projects.

• Experience producing board-level reports and presenting findings to senior stakeholders.

• Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts).

• Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services

Whilst these are nice to have, our team can help you develop in the following skills:

• Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP.

• Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure.

• Knowledge of COBOL, PL/I, or other mainframe-centric programming languages.

• Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

CA-DNPOur commitment to you!BMC's culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won't be known just by your employee number, but for your true authentic self. BMC lets you be YOU!If after reading the above, You're unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas!BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.

BMC Software