Tuesday 3 October 2017

RFP for Security Consulting Services

Hi I was asked to post this RFP, if you are interested DM me on Twitter and I'll put you in touch with the relevant party

Project brief:
Company X is performing a number of Security Projects that require specialised security skills and experience.

During this RfP process, we will approach the App/InfoSec community to invite responses from Europe-based consultancies interested in engaging with our Group Security team to work in the following areas:
  • Map, normalise, and validate known Risks (already in Jira)
  • Review and validate vulnerabilities discovered in previous security-reviews/pen-tests and map them to Risks
  • Update existing Diagrams and Threat Models with mapped Risks
    • Create info-graphs with information collected
  • Perform Threat Models on specific applications and features
  • Review alerts currently generated by existing SIEM and Logging solutions (ideally helping to consolidate some of the views)
  • Perform 'GDPR implications' mapping for specific Applications' user journeys
  • Augment current DoS and Performance testing

We welcome responses from industry-leading InfoSec and AppSec companies, which have full-stack technical experience of performing these activities.
Advanced communication, analytic, technical architecture, and application security experience are essential, and must be demonstrated.
Company X has a mature Project Management workflow and team, which will support this engagement and will provide detailed information about the tasks to be executed. 
We are looking for the talent (i.e., individuals) to perform the work required. 
Proposal should be focused on:
  • WHO is available? (i.e. LinkedIn, GitHub, Twitter and Blog)
  • WHEN are they available?
  • WHAT is their daily rate? (in GBP)

Project details
  • Budget: £20k for App/InfoSec consultant time
  • Available timescales: 
    • Slot 1: 9 – 19 October 2017
    • Slot 2: 17 – 31 October 2017
    • Slot 3: – 15 November 2017 
  • At least one consultant will need to be based onsite in London (others can work remotely)
A quick start is required to meet project timelines.