IBM Safer Payments Support Engineer

IBM Safer Payments Support Engineer – to provide production support and ensure stability and performance of the IBM Safer Payments platform. This onsite Technology Operation Support Engineer to support all the L1 and L2 pre-production and production deployments, investigation, enhancement and issues resolution.

Technical Requirements:

One onsite support engineer: -

IBM Safer Payments Support Engineer

· Monitor and support the IBM Safer Payments preproduction and production environment 24\7.

· Troubleshoot and resolve incidents and performance issues.

· Collaborate with internal teams for escalations and fixes.

· Ensure compliance with operational SLAs and security standards.

· Provide documentation and knowledge transfer as needed.

· 8+ experience in IBM Safer Payment

Cyber-Security Requirements:

During the course of the engagement with the consulting partner, several areas will be guided and influenced by the cyber security policies and rules which are derived from the central bank guidelines.

Such as:

• Should have the right to Audit and Assess the provided solution at any time.

• The solution should be on premises

• All employees working on the solution shall be on site, no remote working is allowed.

• System should have Data encryption at rest, display, and in-motion.

• Integration with SIEM, and the system must have a logging capability. (Audit logging, security logging)

o System must produce logs to be stored on file on the server level or streamed to SIEM.

Description Qty

Onsite IBM Safer Payments Support Engineer 12

o System must generate audit trails of all activities done by the admin/user/customer such as (creating meetings, meeting reminders, etc.).

o System must generate security logs of each activity to cover (Login, logout, password reset, password change, change of permissions, change of roles, etc.)

o System must store logs for at least 30 days and then archived for one year with sharing process of how to restore archives during security incidents.

o System must generate event logs when logs are tampered with or changed.

o System must have protected logs from tampering or deleting.

o System must generate logs when configuration changed by admin/user.

o System must generate logs when files or folders are changed.

o Databases are tables to store data and won’t be accepted as logs.

o System must provide enriched data on the event log where it shows (Src IP, Dest IP, event type, time, user, actioned user, details of action, any additional information that might support cybersecurity cases).

o Middleware systems that transfer logs are not accepted as log sources.

o System must generate logs on all attempts including successful, or failed attempts.

o System must generate logs when start, stop, restart, of system processes and events.

• Integration with AD/LDAP.

• Role-based access control (RBAC) access control.

• Multi-factor Authentication.

• If the system supports multiple user rules the permission should be defined

• Implement a strong password policy

• A secure session management system that includes authentication, session locking, and session expiration.