Awarded to Blue Personnel Limited

Start date: Monday 18 March 2019
Value: £245,100
Company size: SME

The Financial Conduct Authority (FCA)

SecOps Engineer

26 Incomplete applications

24 SME, 2 large

19 Completed applications

18 SME, 1 large

• Published: Wednesday 23 January 2019
• Deadline for asking questions: Wednesday 30 January 2019 at 11:59pm GMT
• Closing date for applications: Wednesday 6 February 2019 at 11:59pm GMT

Overview

• Specialist role: Cyber security consultant
• Summary of the work: SecOps Platform improvement and optimisation, incident management, Change Management, and working to best practice security principles to manage risk.
• Latest start date: Monday 18 February 2019
• Expected contract length: 12 Months
• Location: London
• Organisation the work is for: The Financial Conduct Authority (FCA)
• Maximum day rate: £925/day (excluding VAT)

About the work

• Who the specialist will work with: The specialist will work within the Infrastructure Product Group team, with other SecOps Engineers, DevOps Engineers and Security Architects.
• What the specialist will work on: • Providing the security triage and resolution for the cloud infrastructure ; • Responsible for 1st line of defence activities and deliver remediation activities ; • Assist with deployments of security tools/services ; • Assist with integrating security feeds to security tooling and services ; • Develop, maintain and document relevant security documentation ; • Advise on security best practices and enforcing security and access policies ; • Work closely with the central security function ; • Review and assess all change requests; • Act as first line reviewer for security requests; • Perform Continuous Service Improvement

Work setup

• Address where the work will take place: 12 Endeavour Square,; Stratford,; London ; E20 1JN
• Working arrangements: 5 days in the office, A week's on-call duties (rota based) will be paid an additional 6th day. ; On-Call is not currently in place, but will start in the next few months,
• Security clearance: SC cleared, or willing to undertake clearance procedure while in the role.

Additional information

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • 3+ years proven RedHat Enterprise Linux experience, or RHCE certified RHEL7 - Provide specific examples
  • 2+ years experience with SELinux - Provide specific examples
  • 3+ years experience securing AWS for large enterprises,
  • AWS Certified in Security Speciality
  • 3+ years hands on experience with Chef/Ansible/Puppet scripting - Provide specific examples
  • 3+ years as a security analyst managing security incidents in cloud estates - Reflected in work history
  • 2+ years experience working on security programmes to address risks including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
  • 2+ years experience with data analysis – extracting information from large sets of data to correlate security events and to tune alerting policies within a SIEM tool. (eg. Splunk, Qualys
  • Knowledge of security standards and frameworks; ISO 27001/2, NIST, PCI DSS, etc. - Provide specific examples
• Nice-to-have skills and experience:
  • Experience with migrating to cloud platforms such as Amazon Web Services
  • Experience using dev tools (Git, Jenkins, Nexus)

How suppliers will be evaluated

• How many specialists to evaluate: 15
• Cultural fit criteria:
  • Willing to take ownership of incidents, not only resolve them, but to prevent incidents in the future
  • Work as a team with our organisation and other suppliers
  • Knowledge share and provide on the job training to your colleagues
  • Collaborative and communicate to colleagues with respect
  • Positive attitude and supportive of a no-blame culture where the personal drive is all about continuous improvement
• Assessment methods: Work history
• Evaluation weighting:

  Technical competence

  60%

  Cultural fit

  20%

  Price

  20%

Questions asked by suppliers

• 1. Can the Authority confirm if they have any flexibility on rates for the right candidate?: The day rate advertised is the maximum day rate as noted in the listing,
• 2. Is this role inside or outside IR35?: The role is Outside of IR35
• 3. is there a current incumbent in this role?: No, this is a new role.
• 4. Will the end client be willing to support and hold DV clearance?: The clearance required is SC clearance and this can be applied for while on site.
• 5. Will there be any remote working available with this project?: Occasional remote working is available. This will be on an ad-hoc basis
• 6. Please can you provide more details about 'on call'? E.i. how much notice are you given: On call will be on a rota basis. Which will be advertised up to 3 months in advance. Each period of on call is for a length of 1 week.