Web App Firewall Specialist

IMPORTANT NOTE: CANDIDATES WITH A PERMANENT COMPUTER SPECIALIST (SOFTWARE) OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly efficiently and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

DOFs Information Technology (FIT) Division designs builds and supports all facets of DOFs computer systems including hardware software applications infrastructure telephone and data security. FIT delivers and administers taxrelated payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments land records property assessment parking adjudications customer service and the Sheriffs public safety work.

DOF is currently seeking a highly talented and experienced Web Application Firewall (WAF) and Web Application API Protection Specialist preferably with a solid background in Akamai WAF and WAAP solutions to join our Cybersecurity team. They should also have a strong understanding of web application security principles OWASP Top 10 and common attack vectors such as SQL injection XSS and DDOS.

The WAF Security Specialists responsibilities will include but not be limited to the following:
Ensuring the security performance and availability of critical applications by utilizing a cloudbased WAF platform to prevent attacks and mitigate security risks.
Managing configuring and optimizing WAF solutions to protect the organizations web applications from a wide range of online threats.
Deploy and configure WAF and WAAP to protect web applications APIs and other critical services. Customize security rules to fit specific application needs and business requirements such as preventing SQL injection attacks and crosssite scripting and ensuring compliance with industry regulations.
Regularly optimize WAF and WAAP policies to reduce false positives and ensure application security. Maintain and update custom security rules to reflect evolving Cyber threats.
WAF and WAAP detects security incidents such as attacks and policy violations. Investigate and escalate these incidents with the IT and security teams. Collaborate to troubleshoot issues and escalate immediately if needed. Examples of policy violations may include unauthorized access attempts or data breaches.
Use analytics and reporting tools to monitor traffic identify trends and detect security events. Provide detailed reports on WAF and WAAP performances attack trends and incidents to management and security teams.
Work with vulnerability management teams to identify and remediate security vulnerabilities in web applications. Implement and enforce security policies within WAF to block known attack patterns.
Work closely with the development DevOps and network operations team to ensure the successful integration of WAF and WAAP into the broader infrastructure. This involves actively participating in secure software development practices and contributing to the CI/CD pipelines to ensure continuous security.
Threat Intelligence & Research: Stay updated on emerging threats such as phishing scams and malware attacks as well as web application security trends like crosssite scripting and SQL injection and WAF and WAAP feature enhancements. Implement regular security audits and penetration testing to defend against new attack vectors and vulnerabilities.
Documenting troubleshooting steps for common security issues such as SQL injection and crosssite scripting in Web Application Firewall configuration and Web Application API Protection. Creating security guidelines and best practices for the organization.

Additional Information:
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic including but not limited to an individuals sex race color ethnicity national origin age religion disability sexual orientation veteran status gender identity or pregnancy.

In compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

COMPUTER SPECIALIST (SOFTWARE) 13632

Qualifications :

1 A baccalaureate degree from an accredited college including or supplemented by twentyfour 24 semester credits in computer science or a related computer field and two 2 years of satisfactory fulltime software experience in designing programming debugging maintaining implementing and enhancing computer software applications systems programming systems analysis and design data communication software or database design and programming including one year in a project leader capacity or as a major contributor on a complex project; or
2 A fouryear high school diploma or its educational equivalent and six 6 years of fulltime satisfactory software experience as described in 1 above including one year in a project leader capacity or as a major contributor on a complex project; or
3 A satisfactory combination of education and experience that is equivalent to 1 or 2 above. College education may be substituted for up to two years of the required experience in 2 above on the basis that sixty 60 semester credits from an accredited college is equated to one year of experience. A masters degree in computer science or a related computer field may be substituted for one year of the required experience in 1 or 2 above. However all candidates must have a four year high school diploma or its educational equivalent plus at least one 1 year of satisfactory fulltime software experience in a project leader capacity or as a major contributor on a complex project.
NOTE: In order to have your experience accepted as Project Leader or Major Contributor experience you must explain in detail how your experience qualifies you as a project leader or as a major contributor. Experience in computer operations technical support quality assurance (QA) hardware installation help desk or as an end user will not be accepted for meeting the minimum qualification
requirements.
Special Note
To be eligible for placement in Assignment Level IV in addition to the Qualification Requirements stated above individuals must have one year of satisfactory experience in a project leader capacity or as a major contributor on a complex project in data administration database management systems operating systems data communications systems capacity planning and/or online applications programming.

Additional Information :

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic including but not limited to an individuals sex race color ethnicity national origin age religion disability sexual orientation veteran status gender identity or pregnancy.

Remote Work :

No

Employment Type :

Fulltime