Awarded to Cyber Security Specialists Limited

Start date: Friday 27 May 2022
Value: £370,696
Company size: SME
Department of Work & Pensions

Security Architect CCMP

7 Incomplete applications

6 SME, 1 large

12 Completed applications

11 SME, 1 large

Important dates

Tuesday 12 April 2022
Deadline for asking questions
Thursday 14 April 2022 at 11:59pm GMT
Closing date for applications
Tuesday 19 April 2022 at 11:59pm GMT


Specialist role
Cyber security consultant
Off-payroll (IR35) determination
Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company
Summary of the work
Lead, deliver and support the technical and security architecture design elements of DWP Digital projects / initiatives.
Own the security product architecture, develop security product roadmaps and represent product designs at governance forums.
Provide clear communication of security architecture design and decision making.
Latest start date
Tuesday 3 May 2022
Expected contract length
Maximum contract length will be 12 months, initial statement of works will be for 6 months
No specific location, for example they can work remotely
Organisation the work is for
Department of Work & Pensions
Maximum day rate

About the work

Early market engagement
Who the specialist will work with
DWP Digital seek an exceptional experienced Security Architect to join a new function in the Digital Architecture team, creating a Secure Design team that will ensure security architecture considerations are built into all DWP Digital solution designs from the outset. These roles will engage with, and sometimes be embedded in, projects from the Discovery phase and throughout the life cycle through to disposal, and will be based across our Digital Hubs.
What the specialist will work on
Support the production and adoption of the DWP’s Enterprise Security Architecture, including:
· Security architecture policies, principles and standards for application across the organisation
· Alignment to industry standards and regulations e.g. ISO/IEC 27001/27002/27005
· Defined as-is and to-be security architectures to be adopted to the Programme
· Security architecture specific tools and methodologies
• Provide advice and guidance to Technical and Technical Specialist Architects and delivery teams, to support the delivery of the future security architecture through solutions that are consistent with the domain roadmap, security standards, patterns and blueprints, and which balance the contribution to business value.

Work setup

Address where the work will take place
The supplier will work remotely however in line with DWP Hybrid working the supplier must be aligned to a DWP Technology Hub either Manchester or Newcastle Upon Tyne
Working arrangements
In line with DWP Hybrid working policy the individual will be required to work from the DWP Technology Hub 2 days per week and remotely 3 days per week. Expenses will not be covered.
Should the individual be required to attend another DWP Site than expenses will be covered in line with DWP Expenses policy
Security clearance
The appointed individual will require a minim of SC Clearance

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Application Architecture design and modelling techniques, tools and standards.
  • Application Security Testing e.g. OWASP and Secure Code Assessment tools, and security of container/cluster based solutions e.g. Docker, Kubernetes.
  • Identity Management and federation including SSO.
  • Cloud Acceleration, SD-WAN, DDoS and network based controls.
  • Cloud based assurance and risk models and their application, including NIST and other associated frameworks.
  • Information Security innovation as part of the future of Application Reference Architecture.
Nice-to-have skills and experience
  • • Azure/AWS Architecture certified.
  • • CCSK Certified /CCSP Certified.
  • • Certified Information Systems Security Professional (CISSP).
  • • Certified Information Security Manager (CISM).

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
Cultural fit criteria
  • • Describe how your organisation would perform the contract to ensure staff mental health, is promoted, and how you would monitor and measure this?
  • Describe how your organisation would perform the contract to encourage increased representation of Black, Asian and Minority Ethnic representation in the workforce, and how you would measure this?
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Is there an incumbent supplier who is currently (or recently been) delivering these services?
There is no incumbent currently delivering these services. No incumbent has recently delivered these services.
2. Would you consider 1 day pw on-site and 4 day pw remotely?
Yes DWP would consider this but it should be noted that DWP will not reimburse expenses for hybrid working and attendance to offices.
3. Do DWP have a budget for this requirement.
DWP decline to answer this question.
4. Declining to answer a question on day rate / budget makes absolutely no sense. How are we supposed to provide you a candidate for a role like this one where candidates rates can range from £500 to over £1000 per day? We need to work to budget – why would we waste our time providing you with a candidate that is a fit for the role if we are not assured that you have the budget?
DWP decline to answer this question as we have done in previous competitions and have still been able to secure resource requirements. The technical requirements carry a heavier weighting for this role and as such ensuring that a candidate meets the technical requirements fully is more important.