Engineering Technical - Support Analyst Support Analyst - Expedite Technology Solutions
ATLANTA, GA 39901
About the Job
Job Description: TPP Support Services
1. Security Vulnerabilities
Vulnerabilities reported by the security reporting applications will be reviewed and actioned according to the security risk level assigned by the security scan, including:
severity score assigned to the vulnerability.
reasonable possibility of exploiting the risk in the production environment.
whether the vulnerability is attributed to the third-party component versus the applications that rely on the third-party component.
Provide TPP Support for Vulnerabilities when:
The remedial action is not established and requires review and assist with determining corrective steps.
The corrective remedial action identified by Client requires *** consultation prior to applying the corrective action.
Reporting and actioning a vulnerability will include:
a review performed by Client prior to engaging ***.
Client supplying *** with a vulnerability report, including suggested remediation, when available.
*** reviewing the vulnerability report and consulting to determine if a remedial action is available.
***, with assistance from Client and/or the vendor when applicable, will apply the remedial action in a non-Production environment.
Client will perform application regression testing and run a new security scan to validate the changes implemented have remediated the vulnerability.
Client will be responsible for applying proven remedial actions/changes in Production environment(s). *** will be available for consulting during an agreed upon maintenance window, coordinating with the third-party vendor as required.
If a remedial action cannot be identified or agreed upon, *** will engage the third-party vendor to determine next steps.
2. Patch or Minor Release Updates
*** will engage with Client to provide TPP Support for Patch or Minor Release updates when Client has determined or if additional consulting is required to determine the third-party update is applicable/required. *** will provide TPP Support for Patch and/or Minor release updates when the version has been certified by *** for use with the current Software application version release(s) installed in production.
Performing a patch or minor release update will include:
a review of the release documentation by Client and ***.
an initial review of the update by Client and *** to determine if the update should be applied and identify any potential issues.
*** will engage the third-party vendor if there are any potential issues or lack of clarity prior to applying the update.
***, with assistance of Client (and vendor if needed), will apply the update to a non-production environment.
Client will perform application regression testing.
Client will be responsible for applying the upgrade in the Production environment(s). *** will be available for consulting during an agreed upon maintenance window, coordinating with the third-party vendor as required.
3. Production Support
*** will provide issues resolution and resolution for corrective actions pertaining to the third-party components running in production as follows:
Severity 1 *** resources will return the system to a functional state, a root cause and/or permanent resolution will be provided, with the assistance of the third-party component vendor as required.
Severity 2 or lower *** resources will remedy the issue during coverage hours, with appropriate updates to be provided in accordance with the Services defined herein.
Remedial actions can be applied without engaging *** resources, based on Client s technical resource capacity, and may be performed independently by Client.
Client will document changes that have been or are scheduled to be applied in the environment(s) and provide that documentation to *** within a timely manner.
*** will engage with Client, after initial triage, to perform the following:
o review the triage activities performed by Client
o perform an independent system review, when applicable to determine root cause and consult with Client and/or third-party vendor as required to determine if remediation is applicable/required.
If the issue is deemed to be an issue with the third-party component, where no immediate remediation is available, the third-party vendor will take ownership of the issue. *** will actively work with the third-party vendor to identify a remediation plan.
Once an acceptable remediation plan has been determined, *** with the assistance of Client and third-party component vendor (when required), will apply the remediation changes to a non-production environment.
Client will perform testing in the non-production environment to confirm the remediation changes work as expected.
Additional Services
high level health assessment and optimization.
Solution capacity consulting.
configuration consulting as related to the third-party components.
consulting on proactive measures to keep system running optimally.
consulting on preventative measures and alerting/monitoring requirements to be put in place by Client.
TPP Support Hours
All Services will be performed during the following operating hours:
7:00 pm 10:00 pm ET Monday through Friday
8:00 am 5:00 pm ET Saturday and Sunday
Third-party components include:
- DataStax Enterprise built on Apache Cassandra version 4.x
- Elasticsearch 7.x
Comments for Suppliers: Pricing and Fee Structure:
A flat fee of *** per month covers availability during off-hours.
This fee includes the first 5 hours of support.
Any additional support required beyond the initial 5 hours will be billed at a rate of *** per hour.
Agreement Terms:
The arrangement begins with a 1-year agreement.
Context and Expectations:
Over the last 3 months, there was only one issue that needed attention during regular business hours (not during the after-hours period).
The purpose of this on-call role is to have someone available in case urgent calls come in, but overall activity is not expected to be high.
1. Security Vulnerabilities
Vulnerabilities reported by the security reporting applications will be reviewed and actioned according to the security risk level assigned by the security scan, including:
severity score assigned to the vulnerability.
reasonable possibility of exploiting the risk in the production environment.
whether the vulnerability is attributed to the third-party component versus the applications that rely on the third-party component.
Provide TPP Support for Vulnerabilities when:
The remedial action is not established and requires review and assist with determining corrective steps.
The corrective remedial action identified by Client requires *** consultation prior to applying the corrective action.
Reporting and actioning a vulnerability will include:
a review performed by Client prior to engaging ***.
Client supplying *** with a vulnerability report, including suggested remediation, when available.
*** reviewing the vulnerability report and consulting to determine if a remedial action is available.
***, with assistance from Client and/or the vendor when applicable, will apply the remedial action in a non-Production environment.
Client will perform application regression testing and run a new security scan to validate the changes implemented have remediated the vulnerability.
Client will be responsible for applying proven remedial actions/changes in Production environment(s). *** will be available for consulting during an agreed upon maintenance window, coordinating with the third-party vendor as required.
If a remedial action cannot be identified or agreed upon, *** will engage the third-party vendor to determine next steps.
2. Patch or Minor Release Updates
*** will engage with Client to provide TPP Support for Patch or Minor Release updates when Client has determined or if additional consulting is required to determine the third-party update is applicable/required. *** will provide TPP Support for Patch and/or Minor release updates when the version has been certified by *** for use with the current Software application version release(s) installed in production.
Performing a patch or minor release update will include:
a review of the release documentation by Client and ***.
an initial review of the update by Client and *** to determine if the update should be applied and identify any potential issues.
*** will engage the third-party vendor if there are any potential issues or lack of clarity prior to applying the update.
***, with assistance of Client (and vendor if needed), will apply the update to a non-production environment.
Client will perform application regression testing.
Client will be responsible for applying the upgrade in the Production environment(s). *** will be available for consulting during an agreed upon maintenance window, coordinating with the third-party vendor as required.
3. Production Support
*** will provide issues resolution and resolution for corrective actions pertaining to the third-party components running in production as follows:
Severity 1 *** resources will return the system to a functional state, a root cause and/or permanent resolution will be provided, with the assistance of the third-party component vendor as required.
Severity 2 or lower *** resources will remedy the issue during coverage hours, with appropriate updates to be provided in accordance with the Services defined herein.
Remedial actions can be applied without engaging *** resources, based on Client s technical resource capacity, and may be performed independently by Client.
Client will document changes that have been or are scheduled to be applied in the environment(s) and provide that documentation to *** within a timely manner.
*** will engage with Client, after initial triage, to perform the following:
o review the triage activities performed by Client
o perform an independent system review, when applicable to determine root cause and consult with Client and/or third-party vendor as required to determine if remediation is applicable/required.
If the issue is deemed to be an issue with the third-party component, where no immediate remediation is available, the third-party vendor will take ownership of the issue. *** will actively work with the third-party vendor to identify a remediation plan.
Once an acceptable remediation plan has been determined, *** with the assistance of Client and third-party component vendor (when required), will apply the remediation changes to a non-production environment.
Client will perform testing in the non-production environment to confirm the remediation changes work as expected.
Additional Services
high level health assessment and optimization.
Solution capacity consulting.
configuration consulting as related to the third-party components.
consulting on proactive measures to keep system running optimally.
consulting on preventative measures and alerting/monitoring requirements to be put in place by Client.
TPP Support Hours
All Services will be performed during the following operating hours:
7:00 pm 10:00 pm ET Monday through Friday
8:00 am 5:00 pm ET Saturday and Sunday
Third-party components include:
- DataStax Enterprise built on Apache Cassandra version 4.x
- Elasticsearch 7.x
Comments for Suppliers: Pricing and Fee Structure:
A flat fee of *** per month covers availability during off-hours.
This fee includes the first 5 hours of support.
Any additional support required beyond the initial 5 hours will be billed at a rate of *** per hour.
Agreement Terms:
The arrangement begins with a 1-year agreement.
Context and Expectations:
Over the last 3 months, there was only one issue that needed attention during regular business hours (not during the after-hours period).
The purpose of this on-call role is to have someone available in case urgent calls come in, but overall activity is not expected to be high.
Source : Expedite Technology Solutions