Please excuse this rather long post about an open position as an ACF2 security architect. I have no stake, interest, cut, finders or referral fee, I offer this just to inform and hope to help; I want to give away my old job as it's a pretty good one.
I am a mainframe z/OS sysprog, security specialist, and developer. I was working lucrative contracts for the County of Los Angeles for about 5 years, and quite enjoyed it but after a long hiring freeze things fell apart in salary negotiation for a permanent position instead of term contracting. They had good intentions but fell short in composing salary justification to HR in order to keep their promises to me. There also may have been too many intermediaries making promises beyond their authority or not communicating my requirements. Like a divorce, if it ended really well we'd still be together but it all worked out well for me with a new job paying my relocation to the opposite coast, except I miss the fabulous LA weather. Too bad, we were a really good match of skills and needs at the old job too, and I suspect things are better there now as the economy turns around. Anyway I moved to the East Coast beltway region for a really great mainframe job for a supportive manager and truly incredible benefits, so I'm happy and not looking back. Now a year later the County got funds for another contract and it's out for bid. This definitely has potential for renewals and then to turn permanent, as the need is obvious. The pay is good, but the hiring manager is sometimes not punctual at managing the contract renewals, which in the past soured things for multiple contractors in this particular position. The economy may have had something to do with it too. The group leader is pleasant, supportive, respectful, and knows he needs you. I always contracted thru Staff Tech, Inc. Office: 916-932-1227 because the County gives points to favor them as a local female-owned small business. This is primarily an ACF2 job, so you need a clue about ACF2 rules and concepts like "stoppers" in rulesets, or go read the relevant chapters of the admin guide. A locally-developed secondary security system controls mostly IMS and CICS transactions to circumvent ACF2 UID string length constraints. This secondary security system uses resident transaction tables and one long LID field, and sits in ACF2 exits to determine whether the user's application transaction authority value matches one for the transaction being attempted. This is all for you to replace with the new ACF2 X(ROL) facility which groups to user roles. You can learn that in an hour. It's a straightforward technical conversion from one configuration to the other with no risk or business discovery complications. There are some details in correct handling of some special types of secondary transaction calls. It helps to be able to read assembler but the task is to eliminate those exits and resident tables etc. It makes your life easy if you can write REXX to create conversion tools. There is also a locally-developed ISPF application in BAL assembler for distributed ACF2 administration, which also translates those esoteric application transaction group values into business terms the human ACF2 admin can understand. There's also some ACF2 user provisioning via batch JOBs. That all goes away in favor of IBM's identity manager product making LDAP calls to ACF2. So if you don't know how to configure identity managers, this is a fabulous opportunity to learn a valuable modern skill that's applicable outside the mainframe arena. I can send the official statement of work for the contract, and I'd be happy to forward it. You don't need a CISSP. STI has been known to sponsor foreign workers when necessary. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
