Home Office Police & Public Protection Technology (PPPT)

Home Office Law Enforcement Community Network (LECN) - Cyber Security Consultant

Incomplete applications

28
Incomplete applications
27 SME, 1 large

Completed applications

28
Completed applications
27 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 15 October 2019
Deadline for asking questions Thursday 17 October 2019 at 11:59pm GMT
Closing date for applications Tuesday 22 October 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Reporting to the Programme Delivery Manager the Specialist will provide technical security and assurance support to the Law Enforcement Community Network.
Latest start date Monday 11 November 2019
Expected contract length Up to 12 months. Initial Statement of Work will be for 6 months.
Location South East England
Organisation the work is for Home Office Police & Public Protection Technology (PPPT)
Maximum day rate £650 per day maximum. Higher day rates will not be considered due to budget constraints.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The specialist will work as part of the Law Enforcement Community Programme team reporting to the Programme Delivery Manager and will engage with the different stakeholders from GDS (PSN / FN4G), NCSC, NPTC, NEP and the wider DDaT directorate as well as all relevant portfolios / programme projects / work streams.
What the specialist will work on Develop/manage a new Security Risk Assessment strategy, policy and process.
Perform hands-on gap and risk assessments associated with:
o Applications (Home Office Open Systems and Police-to-Police);
o Data Centres (WAN-NNI);
o Cloud and physical IT infrastructure;
o Vendors, suppliers and other third parties.
Map controls to policies, standards, procedures and process.
Review and monitor IT Security controls to identify operational effectiveness.
Interface with CSOC and IAM teams.
Interface with security architects, National Information Risk Management, NCSC and other security stakeholders.
Provide and contribute to risk assessments.
Maintain broad knowledge of standard methodologies and trends in the field of Information Security.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Bernard Weatherill House, 8 Mint Walk, Croydon, CR0 1EA.

There will also be a requirement to work at Home Office, 2 Marsham Street, London SW1P 4DF.
Working arrangements A typical working day is 9am-5pm, however working outside of these hours may be required due to business/project need. The role requires flexibility as individuals may be required to work at any of the Customer premises and/or at supplier sites.
The role is currently deemed out of scope of the IR35 regulations. However, at the point of contract award to a successful supplier, the IR35 assessment will be re-visited based on the individual circumstances of the DOS Specialist.
Security clearance Must be prepared to obtain SC level security clearance, required for access to Home Office facilities/deliverables, if not already SC cleared. Must also be prepared to undergo NPPV-3 (Non-Policing Personnel Vetting Level 3).

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions T&S will not be payable for travel to sites within the M25. Travel outside of the M25 will be subject to Home Office T&S policy.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Experience implementing or assessing security in a PSN network and cloud-as a service environment.
  • Experience of Cyber Assurance assessments.
  • Experience of working in a Policing environment.
  • Extensive knowledge of security technologies and risk assessment methodologies, policies and processes.
  • 4+ years’ experience working within the technical arena with 2 plus years of information security work experience.
  • Solid technical background in IT systems and networking in both on-premise and cloud environments.
  • Knowledge &experience of: AWS (or similar) cloud security &infrastructure Web-infrastructure security (Applications &APIs) Network-security tools (IDS/IPS, firewalls etc.) Network-visualization (SD-WAN-Networks, network function virtualisation etc.) Encryption technology & implementation
  • SC security cleared
Nice-to-have skills and experience
  • Experience using vulnerability assessment tools and writing risk mitigation plans resulting from the assessment.
  • Excellent analytical, evaluative, and problem-solving abilities.
  • Demonstrable ability to collaborate with technical and non-technical teams to further the goals and mission of the programme.
  • Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
  • Experience in security standards such as ISO 27001, 27002, 27005; NIST.
  • Certifications within the security area are a strong plus (CISSP, CRISC, CCSK, CCSP, GIAC or equivalent).
  • Experience in the alignment of solutions with NCSC guidance.
  • Ability to work independently and multi-task effectively.
  • A bachelor’s degree in Cyber Security, Information Security, or Computer Science.

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Seek constructive outcomes in discussions.
  • Actively involve colleagues and partners to deliver an outcome.
  • Challenge assumptions but remain willing to compromise when it's beneficial to progress.
  • Make recommendations for decisions and options.
Additional assessment methods
  • Reference
  • Interview
Evaluation weighting

Technical competence

60%

Cultural fit

10%

Price

30%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is there an incumbent? No.
2. What is the IR35 status? It is outside of IR35.
3. Is the £650pd day rate inclusive of agency fees? Yes, the specified rate is inclusive of day rate and all fess.
4. Can you please provide details of Home Office T&S policy? We cannot share the policy as a whole outside of a contractual relationship. We can advise that any travel etc. outside the M25 will only incur expenses if authorised beforehand and is subject to Home Office financial limits.
5. Would you consider providing SC clearance for the right candidate? if not what level of SC would you accept for the incumbent? Would you consider providing SC clearance for the right candidate? if not what level of SC would you accept for the incumbent.
6. Would you consider providing SC clearance for the right candidate? if not what level of SC would you accept for the incumbent? No, as the lead time to gain the necessary clearance could take some months before the candidate could start. There is only one level of SC clearance. (this was meant to be the previous answer; typographical error).
7. SC Clearance is listed as an essential skill but you mention you will put the successful candidate through the clearance if they don't have it. Can you please confirm non-cleared (but clearable) candidates will also be considered ? For the avoidance of doubt we will be able to transfer a non-Home Office clearance; this is why one essential requirement is an SC clearance. However due to the shortness of time needed to start the role we cannot take a totally non-cleared candidate from the very start of the process. Clearance can take several months.

(nb we realise now the advertisement was unclear as to our intentions and will ensure clarity in future advertisements).
8. Could the specialist be based at the Marsham Street office rather than Croydon? No, as the team is based in Croydon and the nature of the discussions will require on-site availability. Occasional travel to other sites including Marsham Street will be required.
9. Are you looking for technical architect with cyber consultancy knowledge as some of the questions lean that way and are quite ambiguous? Are you looking for technical architect with cyber consultancy knowledge as some of the questions lean that way and are quite ambiguous?
10. Please clarify – if an applicant is willing to undergo SC/NPPV then can they be submitted? The Essential Skills questions states SC, but the brief says "Willing to undergo SC". Must be SC cleared already and be prepared to undergo NPPV3 clearance (even if holding DV clearance). Please also refer to previous answers relating to clearance.
11. This is a very low budget for such a highly qualified technical specialist – How quickly will you be able to arrange interviews as consultants of this calibre are snapped up for much higher paid roles. Sifting will commence immediately responses are received. The level of response will determine how quickly we can arrange interviews however ideally this would be in the week commencing 28th October.
12. Are you looking for technical architect with cyber consultancy knowledge as some of the questions lean that way and are quite ambiguous?

(Clarity for Question 9).
No, the requirement is for a security architect who has a fundamental understanding of complex enterprise architecture, especially relating to the PSN network.

(Clarity for Answer 9).
13. On some of the questions you have answered with the "question" – can you please re-clarify? Certainly.

Questions 5 & 6 are the same; please ignore answer 5 and refer to answer 6.

Questions 9 and 12 are the same; please ignore answer 9 and refer to answer 12.