Application Security Engineer

Description and RequirementsHybrid LI-Hybrid At BMC trust is not just a word - it s a way of life We are an award-winning equal opportunity culturally diverse fun place to be Giving back to the community drives us to be better every single day Our work environment allows you to balance your priorities because we know you will bring your best every day We will champion your wins and shout them from the rooftops Your peers will inspire drive support you and make you laugh out loud We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation The IZOT product line includes BMC s Intelligent Z Optimization Transformation products which help the world s largest companies to monitor and manage their mainframe systems The modernization of mainframe is the beating heart of our product line and we achieve this goal by developing products that improve the developer experience the mainframe integration the speed of application development the quality of the code and the applications security while reducing operational costs and risks We acquired several companies along the way and we continue to grow innovate and perfect our solutions on an ongoing basis We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments In this role you will assess application-layer security risks identify vulnerabilities in product implementations and lead secure architecture reviews The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems Primary Roles and Responsibilities Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem Perform code-assisted and black-box penetration testing against enterprise applications systems interacting with RACF DB2 CICS MQ and related subsystems Identify risks in authentication authorization data handling and communications within mainframe-integrated products Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC Drive remediation efforts through hands-on collaboration and secure design guidance Author technical reports and deliver executive summaries tailored to various audiences Stay current on vulnerabilities exploits and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems Assess common integration patterns SOA REST JSON MQ for security risks To ensure you re set up for success you will bring the following skillset experience 5 years of experience in penetration testing with a specialization in systems applications integrating with mainframe environments Deep knowledge of mainframe communication protocols and security mechanisms Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems Proficient in tools such as Mainframe utilities REXX ISPF panels NetView Security tools Nmap Burp Suite Wireshark custom scripts Strong scripting and automation skills Python REXX Bash or similar Strong communication and leadership skills with a proven ability to lead technical teams or projects Experience producing board-level reports and presenting findings to senior stakeholders Exposure to hybrid environments mainframe to cloud integrations modernization efforts Familiarity with modern enterprise integration methods REST SOAP MQ FTP that interface with mainframe services Whilst these are nice to have our team can help you develop in the following skills Industry certifications such as OSCP OSCE CRTP GIAC GPEN GXPN or CISSP Background in regulated industries such as banking insurance or government where mainframes are core infrastructure Knowledge of COBOL PL I or other mainframe-centric programming languages Experience with compliance standards like PCI-DSS NIST or SOX as they apply to mainframes CA-DNPOur commitment to you BMC s culture is built around its people We have 6000 brilliant minds working together across the globe You won t be known just by your employee number but for your true authentic self BMC lets you be YOU If after reading the above You re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team we still encourage you to apply We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas BMC is committed to equal opportunity employment regardless of race age sex creed color religion citizenship status sexual orientation gender gender expression gender identity national origin disability marital status pregnancy disabled veteran or status as a protected veteran If you need a reasonable accommodation for any part of the application and hiring process visit the accommodation request page