Product/Platform Security Engineer (Zero Trust) - ITDIOCS (Contractual)

Work for the IMF. Work for the World.

 

Background 

The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.  

Our commitment is to:  

• Maintain and elevate the performance of pivotal IT systems and infrastructure.  

• Fortify and mature the IMF’s cybersecurity posture, safeguarding the integrity and resilience of global financial and economic systems.  

• Align IT initiatives with the IMF's strategic objectives, maximizing the impact of technology on global economic policies.  

• Deliver unparalleled value, optimizing the blend of quality, cost-effectiveness, and stakeholder satisfaction in every project.  

• Empower the IMF's business technology strategy, ensuring it aligns with both current needs and future visions.  

As we expand our capabilities, we seek experts in cybersecurity ready to dive deep into the complexities of capabilities that enable global finance and economics. Your expertise is vital in securing the future of international economic stability. 

Job Summary 

The Information Technology Department (ITD) Infrastructure and Operations (IO) division of the International Monetary Fund (IMF) is seeking to fill a Product/Platform Security Engineer (Zero Trust). 

  

Under the general supervision of the Section Chief- Cybersecurity Platforms, this role will be responsible for the solution design, engineering, implementation, operations, and maintenance of the IMF’s zero trust capabilities as part of the IMF’s Zero Trust architecture, including Secure Web Gateway, CASB, ZTNA, and DLP. The role will also provide support to broader network security solutions and will play an essential role in ensuring that the IMF’s network is secured from both internal and external threat landscape.  

Minimum Qualifications 

Advanced degree in information security, computer science, engineering, mathematics or related field of study or equivalent, plus a minimum of 4 years of relevant professional experience; or a bachelor’s degree in computer science or a related field of study plus a minimum of 10 years of relevant professional experience, is required. 

•  Candidate should possess one or more (preferred) of the following certifications— CISSP, CISM, SABSA, CEH, GCSA, GDSA, GCIH, ITIL, Cisco/Microsoft advanced security certifications. Certifications from OEMs like Netskope, Zscaler, and/or Palo Alto are an added advantage. 

• Must have a minimum of 3 years’ experience managing enterprise-wide network and cloud security services based on zero-trust.   

Knowledge and/or experience (preferred) in: 

• Engineering, implementation and operations of networking technologies and protocols (routing, switching), and on-prem and cloud security tools such as Secure Service Edge (Zscaler, Netskope, Palo Alto), network proxy, firewalls (Checkpoint, Palo Alto), web application firewalls, NDR, network analyzers, Network Access Control, micro segmentation, container security (Kubernetes preferred), logging and alerting with SIEM, strong authentication, IPS/IDS, VPNs, DDoS etc.  

• Implementing Zero Trust at scale across hybrid environments.  

• Managing SASE, CASB, ZTNA, SWG technologies in distributed and decentralized hybrid environments.  

• Hands-on experience with SSE enhanced functionalities like Remote Browser Isolation, DLP, Deep Packet Inspection, Advanced Threat Protection, Agentless Access, Remote User Protection, Remote User Protection, User Behavioral Analysis, and Identity Based Security Policy. 

• Ability to engineer solutions and workarounds specific to the IMF’s requirements (agentless endpoints, routed traffic, IOT devices and guest Wi-Fi protection). 

• Cloud Native Application Protection Platforms (CNAPP) including CSPM, CWPP, CSNS, DevSecOps for protecting multi-cloud environments (Microsoft preferred).   

• Infrastructure security automation, capacity monitoring and automated scaling solutions. Security Orchestration and Automated Response solution (Palo Alto SOAR) to enhance security toolsets.  

• Using cloud technologies to provide data protection, container security, networking, system administration and zero-trust architectures.  

• Scripting languages (e.g., PowerShell, Python, Terraform, Ansible, Bash).  

• MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration, and scoring.  

• Enterprise level IT service management, including continuous service improvement.  

Work Management Skills: 

• Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.   

• Excellent insight of business and technology trends and their impact (risks and opportunities) to business enablement.  

• Curiosity and thoroughness in problem-solving — leaving no stone unturned.  

• Analytical skills that enable synthesis and correlation of inputs from many sources and allow for strategic thinking and tactical implementation.   

• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.  

• Excellent management, organizational and interpersonal skills to influence others towards a shared vision and positive results with or without the line of command.  

• Excellent written and verbal communication skills that are compelling, convincing, and reassuring, with the ability to articulate complex technical ideas to non-technical stakeholders.  

• Personal drive, ownership, and accountability to meet deadlines and achieve agreed-upon results.   

• Proven ability to collaborate with IT colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.  

Major Duties and Responsibilities 

1. As the technical owner, engineers, implements and maintains enterprise zero trust capabilities (including SSE) that are pragmatic, user friendly, and meets the IMF’s information security and privacy policies, standards, and architectural principles, working closely with the Information Security, Enterprise Architecture and Application teams.   

2. Collaborates with business, and technical stakeholders to develop data flows, user profiles, protocols, release notes, technical specification, roadmaps and process flows for future design of zero trust capabilities. 

3. Ensures best practices are implemented, zero trust solutions are used to their full capacity, service levels are met, and all licensed modules/features are enabled and properly configured.   

4. Supports the Section Chief in developing and implementing effective processes and an operating model for zero trust services. Manages relevant network and cloud security operations teams comprising contractors and MSP personnel ensuring timely delivery of key services.  

5. Manages the security, availability (HA and DR), and performance of the IMF’s zero trust solutions implementing rigorous resiliency measures to safeguard critical assets.    

6. Understands all aspects of dependencies for business processes on network and cloud security systems and applications, including for zero trust solutions, troubleshoots escalated multiuser incidents, and manages resolution of root causes for security, performance, reliability, or availability issues.  

7. Researches and stays at the forefront of emerging network and cloud security technologies, standards, attack trends, zero-day vulnerabilities, and best practices, and apply this knowledge to enhance IMF’s security management strategies.   

8. Works with the IMF’s Security Operations Center, implements effective monitoring through integration with XDR and SEIM platforms, and assists in defining relevant use cases to identify potential security breaches or policy violations.  

9. Collects, tracks and reports on zero trust service SLAs/metrics/KPIs/KRIs  

10. Develops and maintains up-to-date documentation, standard operating procedures and playbooks related to on-prem and cloud security, including SSE solution design and operations. Creates end user training materials and conduct user training.  

This is a two -year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability and continuous business need.

Department:

ITDIOCS Information Technology Department Infrastructure & Operations Cyber Security Platforms Section

Hiring For:

A11, A12

The IMF is committed to hiring diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process. Information on how to request accommodations will be provided during the application process.