JOB DESCRIPTION

Firewall Engineer

Job #: req32695 Organization: World Bank Sector: Information Technology Grade: GE Term Duration: 3 years 0 months Recruitment Type: Local Recruitment Location: Chennai,India Required Language(s): English Preferred Language(s): Closing Date: 4/27/2025 (MM/DD/YYYY) at 11:59pm UTC

Description

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org

ITS Vice Presidency Context:

The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w

Our vision is to transform how the Bank Group accomplishes its mission through information and technology. In this fast-paced, constantly evolving world, the formulation and implementation of the ITS strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout the World Bank Group.

ITS shapes its strategy in response to changing business priorities and demonstrates new technologies to achieve three high-level business outcomes: business enablement, by providing Bank Group units with innovative digital tools and technologies to transform how they deliver value for their clients; empowerment & effectiveness, by ensuring that all Bank Group staff are connected, able to find information, and productive to accelerate the delivery of development solutions globally; and resilience, by equipping the Bank Group to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.

Implementation of the strategy is guided by three core principles. The first is to deliver solutions for business partners that are customer-centric, innovative, and transformative. The second is to provide the Bank Group with value for money with selective and standard technologies. The third principle is to excel at the basics by providing an impactful, robust, and resilient IT environment for the organization.
The ITS Technology Infrastructure unit provides a wide range of technical services. ITSIN manages and maintains WBG’s core technology infrastructure, including servers, storage, backup, networks, and data centers. ITSIN excels in proactive problem-solving, optimizing system performance, and driving scalable solutions.

We provide a meaningful, open, and collaborative environment. We have many interesting problems to solve, providing you an opportunity to develop your skills while contributing to the mission of the bank. We value teamwork, openness, curiosity, and persistence.

Role

Firewall Analyst, reporting to LAN/FW Team Coach.

Responsibilities:

Main responsibility of this position is listed below:

Essential Job Functions:

• The ideal candidate will combine Next Generation Firewall and Network Engineering skills.

• Maintaining WBG’s Next Gen Firewall infrastructure on-prem and in the cloud.

• Candidate should be familiar with User Identification design for a zero trust environment.

• Understanding of SSL Decryption and troubleshooting related issues.

• Ability to convert device configurations to templates and Template Stacks.

• Experience configuring the Cloud Identity Engine.

• Knowledge of Palo Alto SD-WAN design and support

• Evaluating Palo Alto CVEs and recommendations for mitigating risk.

• Zone Protection and DOS protection policies design and deployment.

• Good understanding of Strata Cloud Manager.

• Enhance the team’s proactive monitoring capability by creating automated reports/alerts for firewall events.

• Enhancing the team’s proactive monitoring capability by creating automated reports/alerts (using Splunk) for Firewall events.

• Work with AWS/Azure platforms.

• As part of project requirements, will use modern scripting languages and automation engines to automate firewall and network tasks.

• Use APIs to integrate the automation tasks with other enterprise systems.

• Monitoring the performance and diagnosing problems in all aspects of the network infrastructure (switches, routers, firewalls, WAN accelerators, DHCP, DNS), so that acceptable levels of performance are always maintained.

• Updating documentation (drawings, spreadsheets, procedures) of firewalls and related network and producing reports for peer and management review.

• Handling escalation calls from the NOC, performing triage, resolving problems, or escalate to team members.

• Travel as needed to other WBG offices to promote mobility support advocacy, knowledge sharing, and facilitate deployments and improvements.

• Flexibility to work in shifts including night shift if required.

• Providing on call support on rotational basis based on the need.

Required Skills/Abilities:

• Hands-on experience with firewalls (e.g. Palo Alto), virtual and physical including security policy management and troubleshooting of issues.

• Hands-on Experience with Palo Alto Panorama Management tool

• Hands-on experience with Spanning Tree, OSPF and BGP routing protocols.

• Solid understanding of TCP/IP, subnetting, VLSM, VLANs, STP, OSFP and BGP.

• Solid understanding of network engineering fundamentals/services: DHCP, OSI model, VRF, VPN, ACLs, GRE, policy-based routing.

• Ability to work independently with minimum supervision.

• Ability to quickly grasp new ideas and concepts.

Desired Skills/Abilities (not required but highly recommended):

• Solid understanding of Cisco routers and switches for IOS, IOSXE and NXOS

• Solid understanding of AWS Route53 and AWS APIs.

• Solid understanding of DDI infrastructure (e.g. Infoblox).

• Experience with Linux and modern scripting languages (Perl, Python) is desirable.

• Network automation tools including Python, Ansible, GIT, Jenkins

• Hands-on experience using APIs to import/export/manipulate data from enterprise systems (for ex. ServiceNow).

• Hands-on experience in Linux environments.

• Solid understanding of the broader IT environment (servers, databases, web). This includes understanding common applications and protocols (e.g. HTTP, RADIUS, NFS, NTP, SMTP) at a network level in a global corporate environment.

Selection Criteria

• Master’s degree with 2 years relevant experience or bachelor’s degree with a minimum of 4 years relevant experience is required.

• Palo Alto Firewall experience is required.

• Network engineering experience is required.

• SAFe Certification is required.

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.

Level of Education: Bachelor Degree

Work Hours: 8

Experience in Months: No requirements