System Security Specialist

This Request for Quote is being issued under -23-STC-ITSA

Contract position: System Security Specialist Scope: N/A Job 6840

•   PURPOSE This scope of work is for consulting services to support the development, implementation and life-cycle management of new and existing enterprise technologies required to support the Florida Department of Health, Office of Information Technology, Security Administration Team. Contractor will provide these services to the Department.

2. TERM

This scope of work will begin on 7/1/2024 or the date on with the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on 6/30/2027. The State of Florida's performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.

3. LOCATION OF WORK :

The worksite for this resulting Scope of Work is the following location(s):

4052 Bald Cypress Way Tallahassee, FL 32399
Supervisor may approve remote work.

Florida Department of Health Office of Information Technology

4. CRIMINAL BACKGROUND SCREENING
The Department will conduct a criminal history record check, including fingerprinting, on the consultant assigned by the Contractor prior to the consultant commencing work for the Department. The Department retains sole discretion as to whether the results of the criminal

history record check will result in the Contractor's employee being disqualified from performing services pursuant to this agreement.

5CONTRACTOR QUALIFICATIONS AND EXPERIENCE:
Contractor staff assigned to this agreement must possess the following minimum qualifications and experience:
•   6 years of combined IT and security work experience with infrastructure/network and multi-platform environments including on-premises and cloud environments across IaaS, PaaS, SaaS, VM, bare metal, and other common IT platforms.
•   4 years of experience in operations and maintenance of endpoint-related security products (AV, EDR, XDR, drive encryption).
•   2 years of experience in operations and maintenance of Azure Active Directory security (events, incidents, login events, MFA).
•   2 years of experience in operations and maintenance of Office 365 Security and Compliance (one or all of Exchange online, SharePoint, Teams, OneDrive, Purview).
•   2 years of experience working in IT security identifying and assessing risks, developing risk management strategies, and implementing risk mitigation measures.
•   2 years of experience working in IT security operations in all stages of the Identify, Protect, Detect, Respond, and Recover lifecycle.
•   2 years of experience analyzing and investigating security alerts, events, and logs from various security tools and systems to determine the cause and extent of security breaches.
•   2 years of experience designing, implementing, and maintaining management systems to track progress of complex IT projects at an enterprise scale, to completion.
•   2 years of experience working with automated IT performance reporting (any tools).
•   2 years of experience applying outcomes of incident analysis, risk management, and performance reporting to enable Continual Service Improvement (CSI).

6.CONTRACTOR RESPONSIBILITIES:
•   SERVICE TASKS : Contractor will perform the following tasks in the time and manner specified, at the direction of the Department:
•   Technical Analyst for IT Security Continual Service Improvement:
•   Perform activities within the Plan, Do, Check, Act lifecycle related to the effectiveness of security controls, as directed by the Department.
•   Service Reviews: maintain inventories of services and infrastructure utilized by the Security Administration Team and review their applicability to accomplishing team goals, as directed by the Department.
•   Process Evaluations: in coordination with the IT risk management process, evaluate the effectiveness of services by identifying and analyzing metrics and benchmarks in the interest of the Security Administration Team, as directed by the Department.
•   Initiatives: define initiatives to improve services and processes based on reviews and evaluations, as directed by the Department.
•   Monitoring: track initiative effectiveness and assist in troubleshooting and refining changes to security operations, as directed by the Department.
•   Security Analyst for Security Administration Team:
•   Analyze large amounts of data to identify patterns and potential risks. Use data to make informed decisions and develop mitigation strategies, as directed by the Department.
•   Perform information security and privacy incident response, as directed by the Department.
•   Communicate complex technical information to technical and non- technical stakeholders while demonstrating strong written and verbal communication skills, as directed by the Department.
•   Provide technical expertise to users, management, vendors, and peers for issues involving other Department business offices and vendors, as directed by the Department.
•   Support nd drive continuous service improvement efforts within the risk management process, as directed by the Department.
6.1.3DATA SECURITY AND CONFIDENTIALITY TASK:
The Contractor, its employees, subcontractors, and agents must comply at all times with all Department data security procedures and policies in the performance of this scope of work as specified in the Data Security and Confidentiality document attached to the purchase order.

6.2. DELIVERABLES:
Contractor will complete and submit the following deliverables to the Department in the time and manner specified:

1.1.1. Monthly: Provision of System Security Specialist consulting services in the time and manner specified in Tasks 6.1.1 Through 6.1.2.

9. REQUIREMENTS FOR RFQ RESPONSE

Contractors must address each of the following in its response to this RFQ. Failure to provide all requested information may result in disqualification. The Department reserves the right to reject any response that does not properly address the above requirements, that fails to include the requested information, or that deviates from the requirements of this RFQ in any manner.
•   With ALL candidate submittals, attach a quote on official letterhead, include the following information: name, State of Florida contract number, address, candidate name, hourly rate, etc. This is required.
•   With ALL submittals, make sure EACH candidate resume has a skills matrix referencing their years of experience compared to the Required Experience section of the Scope of Work (SOW). This is required.
•   With ALL candidate submittals, make sure each candidate has completed a current Resume Certification form and the information is authentic and complete. The candidate must sign and both witnesses to the signature must sign the document to be valid. This is required.
•   If submitting more than one candidate for the RFQ, combine all documents into separate submittals for each candidate- Submittals should include: quote for each candidate, candidate resume, corresponding skills matrix, and the resume certification form. Attach documents in Ariba on Demand.
•   For additional information using the Vendor Information Portal, go to: htt ps: w ww. dms.myflo r tions/state purchasing /myfloridamarketplace/mfmp vendors/training for vendors

10. DEPARTMENT'S POINT OF CONTACT

The sole point of contact for all communication regarding this RFQ is:

Florida Department of Health Attention: Natasha Small-Brown

Title: Government Operations Consultant I E-mail:

NOTE: ALL EMAILS TO THE POINT OF CONTACT MUST CONTAIN THE RFQ TITLE IN THE SUBJECT LINE OF THE EMAIL.
•   SUBMISSION OF RFQ RESPONSES Responses to this RFQ must be submitted by the date and time specified in the Request for Quote Event in MyfloridaMarketPlace . The Department will ONLY accept electronic responses . It is the Contractor's responsibility to ensure their response is submitted timely. The Department reserves the right to reject responses delivered after the submission deadline. The Contractor's response to this RFQ must be addressed with the subject line as " RFQ TITLE " and delivered to the individual identified in Section 110 . Department's Point of Contact . If accepting electronic responses, please include the following: All required documentation must be included as an attachment to the email.
•   Confidential Response Designation and Redaction Requirements: If the Contractor considers any portion of its Response to be: 1) Confidential Information (which is defined as "confidential and not subject to disclosure pursuant to chapter 119, Florida Statutes., the Florida Constitution, or other authority"); or 2) exempt from disclosure under chapter 119, Florida Statutes, or other authority (Public Records Law), then the Respondent must simultaneously provide the Department with an unredacted version of the materials and a separate redacted copy of the materials . click apply for full job details