Stotles logo
Closed

Sentinel Security Engineer

Published

Description

Work done so far This is an operational service, where various security use cases built from various Sentinel data sources have been developed and actively in use by CRC. The work required here will be to assess the effectiveness of some of these active use cases in terms of their ability to provide mitigating controls to observed security risks, as well as define additional use cases based on additional data sources available. Which phase the project is in Live Existing team The supplier will be working with multiple teams spanning across Digital and S and DP to utilise their vast knowledge of security products, governance mechanisms, data sources, outputs and requirements. These teams come together as part of a Cyber SOC Factory Operating Model; who's aim is to identify mitigating controls off the back of security risks assessments that are carried out across DWP's business services. This includes Security Analysts, Security Engineers, Security Architects, Business Analysts, Product Owners, Risk Managers, all of whom have a stake in identifying the required mitigating controls across these services and working together to manage the risk to them as effectively as possible. Address where the work will be done No specific location, although occasional travel to the Digital Hubs may be requested to assist with workshop activities. Working arrangements No specific location, although occasional travel to the Digital Hubs may be requested to assist with workshop activities. Provide more information about your security requirements: Security Check (SC) Latest start date 2024-11-15 Enter the expected contract length: 2 years Extension period: 1 year Special terms and conditions DWP Minimum Security Schedule - Attached Special terms and conditions DWP Offshoring Clauses - Attached Write the term or acronym: SecurePlace Write the term or acronym: SMI Write the term or acronym: SOC Write the term or acronym: C and C Explain the term or acronym: DWP iteration of ServiceNow Security Modules (VR, SIR and IRM) Explain the term or acronym: Security Monitoring and Investigations Explain the term or acronym: Security Operations Centre Explain the term or acronym: Communication and Collaboration - Internal team responsible for comms and collab technical solutions Are you prepared to show your budget details?: Yes Indicative maximum: 2300000 Indicative minimum: 650000 Confirm if you require a contracted out service or supply of resource Supply of resource: the off-payroll rules may apply Summary of work We required third-party expertise in Microsoft Sentinel skills to define, build and test security use cases in collaboration with the wider security functions defined in the operating model. These third-party engineering services will coordinate with team members across SecurePlace, Comms and Collab, and SMI, as these are the key stakeholders defined in the Cyber SOC Factory Model, they are the primary contributors/users of its inputs/outputs along with various other product and operational teams to discover and prioritise security use cases achieved through analysis of data sources being ingested into our Microsoft Sentinel instance. This will ensure we have relevant mitigating controls in place for risks and control gaps defined as part of our Security Risk Management process. Following contract award, upon commission of a statement of work the Department reserves the right to hold a discussion with any workers the supplier may provide, alongside a CV review, to ensure the suitability of skills and experience of the worker. The Department therefore will reserve a right to reject a worker that it seems to not have the appropriate skills or cultural fit to deliver under the given statement of work. Where the supplied staff will work No specific location (for example they can work remotely) Why the work is being done Access to DWP critical services and its data remains at constant risk of exposure to internal and external threats. Significant investment is made to continually assess the risk likelihood and impact across all of the Departments Digital services, lead by the Digital Security Risk Management team. The Cyber SOC Factory process aims to apply mitigating controls against identified risks by bringing together security experts across Digital and SandDP, to collectively review the residual risks to prioritise and scope risk treatment activities. Within the Cyber SOC Factory process exists a federated Sentinel SOC Factory, which takes outputs from the holistic operating model and enables a virtual team of cross functional security SME's to to design, build and test security use cases to effectively manage the identified risks. We require a security engineer with advanced Microsoft Sentinel skills to collaborate with team members across SecurePlace, Comms and Collab, Security Monitoring and various other product and operational teams to build security use cases, achieved through analysis of data sources being ingested into our Microsoft Sentinel instance. This will ensure we have relevant mitigating controls in place for risks and control gaps defined as part of our Security Risk Management process. The business problem you need to solve Procure Security Engineering support to undertake the tasks to define and build security use cases within MS Sentinel, by analysing data sources and events from across all of our integrating products. With a built-in knowledge transfer element to pass knowledge and skills to DWP engineering colleagues. Work will be outcome based and payments will be tied to delivery milestones. Strategic: - Analyse our requirements and priorities to collaborate in delivering against our wider strategic roadmap - Help configure and develop our Azure Subscription that hosts our Sentinel production instance - Mature our monitoring, alerting, hunting, reporting based on data ingested into Sentinel (specifically on Azure/M365 logs) - Improve our security status by reducing risks and attacks against our Azure / M365 environments - Help discover threat vectors to our Azure / M365 environments - Provide guidance on how to best meet industry best practices for the deployment and operational live service of Sentinel Tactical: - Co-Design, Develop, Deploy and Review Sentinel Analytics rules - Co-Design, Develop, Deploy and Review Sentinel Workbooks and Notebooks - Co-Design, Develop, Deploy and Review Sentinel automation and integration playbooks - Configure and optimise (health and cost) our Sentinel connected Log Analytics Workspace - Co-Design, Develop, Deploy and Review our SysLog Connector First user type: Security Incident Manager First user type: Security Risk Manager First user type: Sentinel Product Owner First user type: Cyber SOC Factory Model Process Owner First user type: Service Owner Enter more details about this user type: I need to understand the security use cases required for monitoring so that I can respond to them effectively Enter more details about this user type: I need a vehicle to progress risk treatment activities so that identified risks are managed Enter more details about this user type: I need engineering skills in my team so that identified use cases can be scoped, designed and built Enter more details about this user type: I need a process to manage the identified risks so that mitigating controls can be identified and applied Enter more details about this user type: I need a process to submit identified security risks to so that mitigating controls can be defined and implemented Questions and Clarifications 0. Do “logging policies” or standards exist already within the organisation? Yes Last Updated: <strong>2024-09-17T13:49:48.717718Z</strong> 1. Please could you confirm whether an example of previous experience is required for every essential/nice to have question response (as is usual for DOS bids) or just those where it is specified? Yes an example of previous experience is required for every essential/ nice to have question Last Updated: <strong>2024-09-17T13:45:47.743862Z</strong> 2. Is there a list of data sources being considered? Yes, M365 and Azure Entra logs - XDR logs. Last Updated: <strong>2024-09-17T13:46:35.699526Z</strong> 3. Skills cross Sentinel and M365/Azure security. Can this be addressed by multiple individuals in an outcome-based model? No, any single individual should have deep knowledge required of the XDR logs. Last Updated: <strong>2024-09-17T13:47:28.930843Z</strong> 4. Has threat-modelling been conducted upstream, within the Security Risk Management process? Is there a specific framework being used? No Last Updated: <strong>2024-09-17T13:48:31.528581Z</strong> 5. Other than ServiceNow and Microsoft XDR/Sentinel, are there a lot of technologies that may require integration for security automation? Sentinel Analytics Rules and Azure automation - Logic Apps. Last Updated: <strong>2024-09-17T13:49:10.509123Z</strong> 6. Do any systems already exist, such as micro-simulation for assurance purposes? They may, however the individual will not have access to these. Last Updated: <strong>2024-09-17T13:51:00.411256Z</strong> 7. Can it be confirmed that the response limit is per requirement? i.e. 17 x 750 character responses for 'Essential Skills and Experience' and 9 x 750 character responses for 'Nice-to-have Skills and Experience'? Correct. The word count is 750 characters per skill/ experience. Last Updated: <strong>2024-09-17T13:52:39.571156Z</strong>

Timeline

Publish date

4 months ago

Close date

3 months ago

Buyer information

Explore contracts and tenders relating to Department For Work and Pensions (DWP)

Go to buyer profile
To save this opportunity, sign up to Stotles for free.
Save in app
  • Looking glass on top of a file iconTender tracking

    Access a feed of government opportunities tailored to you, in one view. Receive email alerts and integrate with your CRM to stay up-to-date.

  • ID card iconProactive prospecting

    Get ahead of competitors by reaching out to key decision-makers within buying organisations directly.

  • Open folder icon360° account briefings

    Create in-depth briefings on buyer organisations based on their historical & upcoming procurement activity.

  • Teamwork iconCollaboration tools

    Streamline sales workflows with team collaboration and communication features, and integrate with your favourite sales tools.

Stop chasing tenders, start getting ahead.

Create your free feed

Explore other contracts published by Department For Work and Pensions (DWP)

Explore more open tenders, recent contract awards and upcoming contract expiries published by Department For Work and Pensions (DWP).

Explore more suppliers to Department For Work and Pensions (DWP)

Sign up