Morgan Stanley is a leading global financial services firm providing investment banking, securities, investment management, and wealth management services. As market leaders, the talent and passion of our people are critical to our success. Our values-integrity, excellence, and strong team ethic-form the foundation of a career where you can learn, grow, and make meaningful impact.

Enterprise Technology & Services (ETS) delivers shared technology services that support all business applications and over 3,000 production systems globally. ETS enables the full software development lifecycle-from development and testing to release engineering, monitoring, and operational support.

The Enterprise Z Security team is responsible for engineering and operating IBM Z mainframe authentication and authorization services. This position will be member of the Enterprise Z Security team and responsible for design, implementation and monitoring security controls for z/OS UNIX System Services, ensuring that USS identity and permissions are properly integrated with mainframe security controls (RACF / Top Secret) and aligned to least privilege, auditability, and operational resilience.

Role Overview

The USS Security Engineer is responsible for securing and administering z/OS UNIX System Services (USS) environments on the mainframe. This role focuses on enforcing least privilege, protecting privileged access, and ensuring alignment between UNIX permissions, ESM controls (RACF/TSS), and enterprise security standards. The engineer will partner closely with Enterprise Z security architect, system programmers, middleware teams, and audit/compliance stakeholders to maintain a secure and compliant USS platform.

Key Responsibilities

• Administer and manage USS identities, including UIDs, GIDs, OMVS segments, and service/shared IDs based on policy.
• Enforce naming standards, ownership traceability, and lifecycle controls for USS users and services.
• Manage and audit POSIX permissions, ownership, and execution rights across critical USS file systems.
• Control and monitor privileged access, including UID(0), setuid/setgid programs, and elevated authorities.
• Administer USS related ESM controls (RACF/TSS), including UNIXPRIV, FACILITY resources, and STARTED task identities.
• Secure USS configuration files, shell environments, PATH settings, and file system mount options.
• Monitor USS security events, logs, and audit records.
• Support production issues, security incidents, and access related investigations.
• Develop and maintain USS security standards, procedures, and documentation

Qualifications Required

• Bachelor's degree and 5+ years of experience with mainframe and z/OS UNIX System Services.
• Strong hands on experience securing USS environments.
• Proven experience administering RACF or equivalent ESM for USS.
• Solid understanding of:
• UIDs, GIDs, OMVS segments, and service IDs
• POSIX permissions, ownership, and execution controls
• Experience with USS related security controls, including:
• UNIXPRIV class
• FACILITY class resources impacting OMVS
• STARTED task identities for USS services
• Working knowledge of zFS/HFS file systems, mount options, and USS SMF/audit logging.
• Strong understanding of least privilege and separation of duties principles.

Desired

• Experience with PKI, digital certificates, Kerberos, SSL/TLS, SSH, or OpenSSL.
• Exposure to systems programming concepts (e.g., SMP/E, SYS1 datasets, Assembler).
• Understanding of mainframe networking concepts.
• Experience supporting or securing middleware technologies (e.g., MQ).

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents.

Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences.

For more information, please visit: https://www.morganstanley.com/people-opportunities/eeo.