The Financial Conduct Authority (FCA)

Senior SecOps Analyst (focus on automating security compliance checks and controls)

Incomplete applications

14
Incomplete applications
12 SME, 2 large

Completed applications

16
Completed applications
13 SME, 3 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 27 November 2018
Deadline for asking questions Tuesday 4 December 2018 at 11:59pm GMT
Closing date for applications Tuesday 11 December 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Platform improvement and optimisation, incident management, and on-call duties (additional pay)
Latest start date Friday 1 February 2019
Expected contract length 12 months
Location London
Organisation the work is for The Financial Conduct Authority (FCA)
Maximum day rate £925/day (excluding VAT)

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The specialist will work with the Infrastructure Product Group team, which consists of other DevOps Lead, DevOps engineers, team manager, and SecOps engineers.
What the specialist will work on Support and maintain a cloud estate (AWS) and enforce best practice security principles to manage risk. Furthermore, automate security controls (detective and preventative) in an enterprise environment.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place 12 Endeavour Square,
Stratford,
London E20 1JN
Working arrangements 5 days in the office, A week's on-call duties (rota based) will be paid an additional 6th day.
Security clearance SC cleared, or willing to undertake clearance procedure

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • 3+ years RedHat Enterprise Linux experience, or RHCE certified RHEL7
  • 2+ years experience with SELinux
  • 3+ years enterprise securing AWS for large enterprises, or AWS Certified Security
  • 3+ years Chef/Ansible/Puppet scripting experience, or software development background in Ruby/Python
  • 3+ years as a security analyst managing security incidents in cloud estates
  • 2+ years as a security architect design and implementing security solutions
  • Experience using monitoring tools (Splunk, DataDog, Qualys)
  • Experience in security hardening IaaS and PaaS
Nice-to-have skills and experience
  • Proven experience of implementing cloud security best practices
  • Experience using dev tools (Git, Jenkins, Nexus)
  • Experience in architecting a immutable CI/CD pipeline with audit trails
  • ITIL Foundation certified

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 10
Cultural fit criteria
  • Willing to take ownership of incidents, not only resolve them, but to prevent incidents in the future
  • Work as a team with our organisation and other suppliers
  • Knowledge share and provide on the job training to your colleagues
  • Collaborative and communicate to colleagues with respect
  • Positive attitude and supportive of a no-blame culture where the personal drive is all about continuous improvement
Assessment methods
  • Work history
  • Interview
  • Scenario or test
Evaluation weighting

Technical competence

60%

Cultural fit

20%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Can the authority please confirm the IR35 status of this requirement? The supplier shall warrant that any proposed resource falls outside the scope of the intermediaries legislation (also known as IR35). The FCA reserves the right to use HMRC’s online employment status tool to confirm that status of the resource and will not award the contract if IR35 applies.
2. Can the authority please confirm if there is a current incumbent for this role? There is no incumbent. This is a new vacancy due to increased workload.
3. Hi, is there any preference for person holding valid SC clearance or will all the candidates be considered at par without having any preference for the existing SC clearance holder? All candidates will be considered equally. Non SC holders will need to able to qualify for SC clearance.
4. What is the earliest date the successful Senior SecOps analyst start? 2nd January 2019.
5. Are you looking for a consultant with domain experience in the essential skills or do you need a hands-on engineer? A hands-on engineer is required.
6. Please advise whether this is a new role or is there are incumbent in place? There is no incumbent. This is a new vacancy due to increased workload.