Security Operations Center Solution

Overview

Cybersecurity & Data Privacy

Albany, New York, United StatesPosted 21 days agoDeadline: May 1st, 2026

Fit Score

Settle Intelligence

Settle helps teams find, evaluate, and respond to public RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.

SUMMARY

RFP for a fully managed, always-on Security Operations Center solution to provide threat monitoring, analysis, incident response, and real-time security analytics for both cloud and on-premises environments.

KEY REQUIREMENTS

Must be based in the Continental United States
Must assign staff to this project that are all based in the Continental United States
Must be in good standing with NYeC, the Department, and the New York State Workers Compensation Board
Must have a minimum of 3 years providing the same or similar service
Must be SOC2 Certified and/or ISO27001 Certified
Must have documented ability to complete the work defined in Section V
Must complete the New York State Vendor Responsibility Questionnaire
Must execute NYeC’s Master Services Agreement
Must utilize onshore resources only

BUDGET

Estimate

$150,000 – $300,000

CONTRACT DURATION

12 months

TIMELINE

RFP Release: April 10th, 2026

Deadline to submit Questions to NYeC: April 17th, 2026

Q&A Document posted: April 22nd, 2026

Proposals due: May 1st, 2026

Contract Awarded: May 15th, 2026

QUESTION DEADLINE

April 17th, 2026

Issuing Agency

New York Ehealth Collaborative

Organization overview and procurement intelligence available on paid plans.

See Issuer Research

DESCRIPTION

The agency seeks a vendor to implement a fully managed, 24x7x365 Security Operations Center (SOC) solution. The chosen provider will be responsible for proactively monitoring, securing, and enhancing services and infrastructure availability for agency members. The SOC will serve as the first responder to critical alerts and notifications, acting as the primary point of response for agency security events. Responsibilities include threat analysis, incident triage, data collection and analysis, evaluation of security events and cyber–attacks, review of threat vectors, and assessment of suspected internal and external breaches.

The solution must assimilate, analyze, and report log data points, alerting technical teams and stakeholders to potential security issues and imminent infrastructure outages. Continuous security hardening and posture improvement are expected, with appropriate incident-to-analyst ratios and threat response metrics maintained. Vendors must provide 24x7x365 threat monitoring across both cloud environments (AWS, Snowflake, SharePoint, O365) and on-premises infrastructure, offering cloud-based analytics and operations tools for real-time threat detection and response. Near real-time situational awareness using all applicable security data is also required.

Source attribution

This Settle analysis is based on the issuing organization’s public RFP listing.