The Financial Conduct Authority (FCA)

SecOps Engineer

Incomplete applications

26
Incomplete applications
24 SME, 2 large

Completed applications

19
Completed applications
18 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 23 January 2019
Deadline for asking questions Wednesday 30 January 2019 at 11:59pm GMT
Closing date for applications Wednesday 6 February 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work SecOps Platform improvement and optimisation, incident management, Change Management, and working to best practice security principles to manage risk.
Latest start date Monday 18 February 2019
Expected contract length 12 Months
Location London
Organisation the work is for The Financial Conduct Authority (FCA)
Maximum day rate £925/day (excluding VAT)

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The specialist will work within the Infrastructure Product Group team, with other SecOps Engineers, DevOps Engineers and Security Architects.
What the specialist will work on • Providing the security triage and resolution for the cloud infrastructure
• Responsible for 1st line of defence activities and deliver remediation activities
• Assist with deployments of security tools/services
• Assist with integrating security feeds to security tooling and services
• Develop, maintain and document relevant security documentation
• Advise on security best practices and enforcing security and access policies
• Work closely with the central security function
• Review and assess all change requests
• Act as first line reviewer for security requests
• Perform Continuous Service Improvement

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place 12 Endeavour Square,
Stratford,
London
E20 1JN
Working arrangements 5 days in the office, A week's on-call duties (rota based) will be paid an additional 6th day.
On-Call is not currently in place, but will start in the next few months,
Security clearance SC cleared, or willing to undertake clearance procedure while in the role.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • 3+ years proven RedHat Enterprise Linux experience, or RHCE certified RHEL7 - Provide specific examples
  • 2+ years experience with SELinux - Provide specific examples
  • 3+ years experience securing AWS for large enterprises,
  • AWS Certified in Security Speciality
  • 3+ years hands on experience with Chef/Ansible/Puppet scripting - Provide specific examples
  • 3+ years as a security analyst managing security incidents in cloud estates - Reflected in work history
  • 2+ years experience working on security programmes to address risks including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
  • 2+ years experience with data analysis – extracting information from large sets of data to correlate security events and to tune alerting policies within a SIEM tool. (eg. Splunk, Qualys
  • Knowledge of security standards and frameworks; ISO 27001/2, NIST, PCI DSS, etc. - Provide specific examples
Nice-to-have skills and experience
  • Experience with migrating to cloud platforms such as Amazon Web Services
  • Experience using dev tools (Git, Jenkins, Nexus)

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 15
Cultural fit criteria
  • Willing to take ownership of incidents, not only resolve them, but to prevent incidents in the future
  • Work as a team with our organisation and other suppliers
  • Knowledge share and provide on the job training to your colleagues
  • Collaborative and communicate to colleagues with respect
  • Positive attitude and supportive of a no-blame culture where the personal drive is all about continuous improvement
Assessment methods Work history
Evaluation weighting

Technical competence

60%

Cultural fit

20%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Can the Authority confirm if they have any flexibility on rates for the right candidate? The day rate advertised is the maximum day rate as noted in the listing,
2. Is this role inside or outside IR35? The role is Outside of IR35
3. is there a current incumbent in this role? No, this is a new role.
4. Will the end client be willing to support and hold DV clearance? The clearance required is SC clearance and this can be applied for while on site.
5. Will there be any remote working available with this project? Occasional remote working is available. This will be on an ad-hoc basis
6. Please can you provide more details about 'on call'? E.i. how much notice are you given On call will be on a rota basis. Which will be advertised up to 3 months in advance. Each period of on call is for a length of 1 week.