Software Engineering Senior Engineer - Security, Compliance & Policy Engineering Professional M[...]

Overview At IBM Software, we transform client challenges into solutions. Building the world’s leading AI-powered, cloud-native products that shape the future of business and society. Our legacy of innovation creates endless opportunities for IBMers to learn, grow, and make an impact on a global scale.

Working in Software means joining a team fueled by curiosity and collaboration. You’ll work with diverse technologies, partners, and industries to design, develop, and deliver solutions that power digital transformation. With a culture that values innovation, growth, and continuous learning, IBM Software places you at the heart of IBM’s product and technology landscape.

Here, you’ll have the tools and opportunities to advance your career while creating software that changes the world. Your role and responsibilities We are building a core platform that enforces safety, policy, and compliance across all infrastructure and agent operations. This role owns the policy engine, identity layer, and audit/compliance foundations that make autonomous and supervised systems secure, auditable, and regulator‑ready.

You will design and implement a declarative policy engine that enforces safety tiers, agent constraints, and approval gates; build authentication and authorization for both humans and AI agents (OIDC, RBAC, mTLS); and deliver compliance frameworks and evidence pipelines suitable for regulated environments (PCI‑DSS v4.0 at GA). What you’ll do Build a unified policy enforcement stack spanning authentication, RBAC, transport safety, and per‑agent policy envelopes. Design policy as auditable, declarative configuration (YAML), including safety tiers and resource‑level controls.

Implement enterprise‑grade identity: OIDC/SAML SSO, RBAC roles, agent identity via certificates and mTLS, and gateway‑level ACLs. Deliver the compliance evidence framework, including PCI‑DSS v4.0 control mappings and auditor‑ready evidence exports (JSON/CSV/PDF). Implement drift detection between declared and observed infrastructure state, with guided remediation and approval workflows.

Harden audit infrastructure with structured, signed, immutable logs using FIPS‑aligned cryptography. What the first 90 days look like Month 1: Onboard onto the codebase. Understand the existing safety tier enforcement, transport‑level safety controls, and unified audit logging.

Review design documents covering the compliance evidence framework, SSO/RBAC design, and agent policy architecture. Map the gap between current implementation and compliance readiness requirements. Deliver policy engine MVP — safety tier enforcement via a generic policy framework.

Month 2: Implement RBAC. Build the compliance evidence framework. Begin PCI‑DSS v4.0 control mapping implementation.

Stand up OIDC authentication path alongside existing session tokens. Month 3: Ship PCI‑DSS control mappings. Implement drift detection engine.

Begin evidence export (JSON/CSV). Implement per‑connection ACLs on the gateway proxy. Ship audit log enhancements (structured, signed records).

Required education High School Diploma/GED Preferred education Bachelor’s Degree Required technical and professional expertise Security engineering experience. Built authentication, authorization, or policy enforcement systems. OIDC, RBAC, certificate‑based auth, session management — implemented in production.

Compliance intuition. Understand how regulatory control requirements (PCI‑DSS, SOX, HIPAA, NIST) translate into technical enforcement and evidence collection. Know what auditors need.

Go proficiency. The policy engine, auth layer, and audit system are Go. Be productive in Go from day one.

Adversarial thinking. Design for the failure case. Write tests that try to break things.

Consider misconfigurations, expired tokens, or agent violations. Preferred technical and professional experience IBM Z security architecture (RACF, LDAP, SSH key management on z/OS) and mainframe security models. Our safety tier enforcement model and how it integrates with the gateway proxy.

Agent policy envelopes — how to bound what AI agents can do within their sessions. Equal‑Opportunity Employer IBM is proud to be an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law.

IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. Benefits Healthcare benefits including medical and prescription drug coverage, dental, vision, and mental health & well‑being. Financial programs such as 401(k), cash balance pension plan, IBM Employee Stock Purchase Plan, financial counseling, life insurance, short- and long‑term disability coverage, and performance‑based salary incentive programs.

Generous paid time off: 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. Paid family leave benefits to eligible employees where required by applicable law. Training and educational resources on our personalized AI‑driven learning platform where IBMers can grow skills and obtain industry‑recognized certifications to achieve their career goals.

Diverse and inclusive employee resource groups, giving and volunteer opportunities, and discounts on retail products, services & experiences. Compensation Projected minimum salary per year: $131,000.00. Projected maximum salary per year: $245,000.00. #J-18808-Ljbffr