Web App Firewall Specialist

IMPORTANT NOTE: CANDIDATES WITH A PERMANENT COMPUTER SPECIALIST (SOFTWARE) OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

DOF's Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

DOF is currently seeking a highly talented and experienced Web Application Firewall (WAF) and Web Application API Protection Specialist, preferably with a solid background in Akamai WAF and WAAP solutions, to join our Cybersecurity team. They should also have a strong understanding of web application security principles, OWASP Top 10, and common attack vectors such as SQL injection, XSS, and DDOS.

The WAF Security Specialist's responsibilities will include but not be limited to the following:
- Ensuring the security, performance, and availability of critical applications by utilizing a cloud-based WAF platform to prevent attacks and mitigate security risks.
- Managing, configuring, and optimizing WAF solutions to protect the organization's web applications from a wide range of online threats.
- Deploy and configure WAF and WAAP to protect web applications, APIs, and other critical services. Customize security rules to fit specific application needs and business requirements, such as preventing SQL injection attacks and cross-site scripting and ensuring compliance with industry regulations.
- Regularly optimize WAF and WAAP policies to reduce false positives and ensure application security. Maintain and update custom security rules to reflect evolving Cyber threats.
- WAF and WAAP detects security incidents, such as attacks and policy violations. Investigate and escalate these incidents with the IT and security teams. Collaborate to troubleshoot issues and escalate immediately if needed. Examples of policy violations may include unauthorized access attempts or data breaches.
- Use analytics and reporting tools to monitor traffic, identify trends, and detect security events. Provide detailed reports on WAF and WAAP performances, attack trends, and incidents to management and security teams.
- Work with vulnerability management teams to identify and remediate security vulnerabilities in web applications. Implement and enforce security policies within WAF to block known attack patterns.
- Work closely with the development, DevOps, and network operations team to ensure the successful integration of WAF and WAAP into the broader infrastructure. This involves actively participating in secure software development practices and contributing to the CI/CD pipelines to ensure continuous security.
- Threat Intelligence & Research: Stay updated on emerging threats such as phishing scams and malware attacks, as well as web application security trends like cross-site scripting and SQL injection and WAF and WAAP feature enhancements. Implement regular security audits and penetration testing to defend against new attack vectors and vulnerabilities.
- Documenting troubleshooting steps for common security issues, such as SQL injection and cross-site scripting, in Web Application Firewall configuration and Web Application API Protection. Creating security guidelines and best practices for the organization.

Additional Information:
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

COMPUTER SPECIALIST (SOFTWARE) - 13632

(1) A baccalaureate degree from an accredited college, including or supplemented by twenty-four (24) semester credits in computer science or a related computer field and two (2) years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or
(2) A four-year high school diploma or its educational equivalent and six (6) years of full-time satisfactory software experience as described in “1" above, including one year in a project leader capacity or as a major contributor on a complex project; or
(3) A satisfactory combination of education and experience that is equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. A masters degree in computer science or a related computer field may be substituted for one year of the required experience in (1) or (2) above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one (1) year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project.
NOTE: In order to have your experience accepted as Project Leader or Major Contributor experience, you must explain in detail how your experience qualifies you as a project leader or as a major contributor. Experience in computer operations, technical support, quality assurance (QA), hardware installation, help desk, or as an end user will not be accepted for meeting the minimum qualification
requirements.
Special Note
To be eligible for placement in Assignment Level IV, in addition to the Qualification Requirements stated above, individuals must have one year of satisfactory experience in a project leader capacity or as a major contributor on a complex project in data administration, database management systems, operating systems, data communications systems, capacity planning, and/or on-line applications programming.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.