Awarded to Blue Personnel Limited

Start date: Monday 18 March 2019
Value: £245,100
Company size: SME
The Financial Conduct Authority (FCA)

SecOps Engineer

26 Incomplete applications

24 SME, 2 large

19 Completed applications

18 SME, 1 large

Important dates

Wednesday 23 January 2019
Deadline for asking questions
Wednesday 30 January 2019 at 11:59pm GMT
Closing date for applications
Wednesday 6 February 2019 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
SecOps Platform improvement and optimisation, incident management, Change Management, and working to best practice security principles to manage risk.
Latest start date
Monday 18 February 2019
Expected contract length
12 Months
Organisation the work is for
The Financial Conduct Authority (FCA)
Maximum day rate
£925/day (excluding VAT)

About the work

Early market engagement
Who the specialist will work with
The specialist will work within the Infrastructure Product Group team, with other SecOps Engineers, DevOps Engineers and Security Architects.
What the specialist will work on
• Providing the security triage and resolution for the cloud infrastructure
• Responsible for 1st line of defence activities and deliver remediation activities
• Assist with deployments of security tools/services
• Assist with integrating security feeds to security tooling and services
• Develop, maintain and document relevant security documentation
• Advise on security best practices and enforcing security and access policies
• Work closely with the central security function
• Review and assess all change requests
• Act as first line reviewer for security requests
• Perform Continuous Service Improvement

Work setup

Address where the work will take place
12 Endeavour Square,
E20 1JN
Working arrangements
5 days in the office, A week's on-call duties (rota based) will be paid an additional 6th day.
On-Call is not currently in place, but will start in the next few months,
Security clearance
SC cleared, or willing to undertake clearance procedure while in the role.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • 3+ years proven RedHat Enterprise Linux experience, or RHCE certified RHEL7 - Provide specific examples
  • 2+ years experience with SELinux - Provide specific examples
  • 3+ years experience securing AWS for large enterprises,
  • AWS Certified in Security Speciality
  • 3+ years hands on experience with Chef/Ansible/Puppet scripting - Provide specific examples
  • 3+ years as a security analyst managing security incidents in cloud estates - Reflected in work history
  • 2+ years experience working on security programmes to address risks including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
  • 2+ years experience with data analysis – extracting information from large sets of data to correlate security events and to tune alerting policies within a SIEM tool. (eg. Splunk, Qualys
  • Knowledge of security standards and frameworks; ISO 27001/2, NIST, PCI DSS, etc. - Provide specific examples
Nice-to-have skills and experience
  • Experience with migrating to cloud platforms such as Amazon Web Services
  • Experience using dev tools (Git, Jenkins, Nexus)

How suppliers will be evaluated

How many specialists to evaluate
Cultural fit criteria
  • Willing to take ownership of incidents, not only resolve them, but to prevent incidents in the future
  • Work as a team with our organisation and other suppliers
  • Knowledge share and provide on the job training to your colleagues
  • Collaborative and communicate to colleagues with respect
  • Positive attitude and supportive of a no-blame culture where the personal drive is all about continuous improvement
Assessment methods
Work history
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Can the Authority confirm if they have any flexibility on rates for the right candidate?
The day rate advertised is the maximum day rate as noted in the listing,
2. Is this role inside or outside IR35?
The role is Outside of IR35
3. is there a current incumbent in this role?
No, this is a new role.
4. Will the end client be willing to support and hold DV clearance?
The clearance required is SC clearance and this can be applied for while on site.
5. Will there be any remote working available with this project?
Occasional remote working is available. This will be on an ad-hoc basis
6. Please can you provide more details about 'on call'? E.i. how much notice are you given
On call will be on a rota basis. Which will be advertised up to 3 months in advance. Each period of on call is for a length of 1 week.