This opportunity is closed for applications

The deadline was Thursday 5 May 2022
Ministry of Defence

Cyber Attack Recovery Planning (CARP) Technical Cyber Consultant

11 Incomplete applications

8 SME, 3 large

7 Completed applications

7 SME, 0 large

Important dates

Thursday 28 April 2022
Deadline for asking questions
Monday 2 May 2022 at 11:59pm GMT
Closing date for applications
Thursday 5 May 2022 at 11:59pm GMT


Specialist role
Cyber security consultant
Off-payroll (IR35) determination
Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company
Summary of the work
"There is a requirement to deliver short-term outputs/gains to develop MOD capability to 'Recover' from a Cyber-Attack. The Discovery Phase for Cyber Attack Recovery Planning (CARP) highlighted 14 areas where immediate benefit can be realised in defence recovery. The requirement involves enabling an improved stance against these areas.
Latest start date
Wednesday 25 May 2022
Expected contract length
up to 31st October 2022
South West England
Organisation the work is for
Ministry of Defence
Maximum day rate

About the work

Early market engagement
Who the specialist will work with
"Resilient by Design Project Board
Theme Lead
Cyber Attack Recovery Planning Project Manager
Principal Technical Consultant
Cyber Security Consultant
Defensive Cyber Future - Project Manager - CRP
Policy team - CRP
What the specialist will work on
"1. Assess the maturity of existing systems and processes based on whether they meet a set of identified recovery best practices (Short Term Gains).

2. Develop and deliver the technical strategy for enabling an improved stance against the recovery best practices to reduce cyber risk and to improve MOD capability to recover from a cyber attack.


Work setup

Address where the work will take place
Remote Working/ MOD Corsham/MOD Main Building London
Working arrangements
Your primary location will be a hybrid of remote working, MOD Corsham and possibly MOD Main Building London .
Expenses will be within your daily rate for your regular work location. Additional travel expenses will be available should you need to travel to other sites beyond MOD Corsham,. The MOD supports flexible working (when possible), at the discretion of the programme manager."
Security clearance
"Active SC clearance is required by the start date of the contract and this will not be sponsored by the MOD.

Additional information

Additional terms and conditions
"All expenses must be pre-agreed between the parties and must comply with the MOD Travel and Subsistence (T&S) Policy.

Off-payroll working rules apply (IR35 in-scope). Any Personal Services Company (PSC) candidates will require to come through an umbrella company."

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Proven experience as a Cyber Technical Consultant
  • Technical system architecture/expertise within Cyber domain.
  • Excellent communication and presentation skills and ability to communicate effectively with both technical and non-technical audiences
Nice-to-have skills and experience
  • Worked on similar projects within the cyber 'Recover' space
  • BSc/BA in Computer Science, Engineering or relevant field; graduate degree.

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
Cultural fit criteria
Encourages and creates and environment of inclusivity and diversity
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Could the Authority confirm whether there is an incumbent?
There is no incumbant
2. Could The Authority please confirm their budget for the role?
The Authority will not disclose
3. Can you please provide max/min day rate for this role
The Authority requires bidders to submit their most competitive day rate
4. What is the expected time commitment for this role
5. Can you confirm the £950 is the maximum date rate
The Authority requires bidders to submit their most competitive day rate
6. How many systems are there to be assessed?
whilst not yet confirmed, it is expected 1-4 systems will be assessed.
7. What classification of systems are in scope? Will there be any read on briefings?
Whilst not yet confirmed, the classification of the systems is expected to primarily be Official Sensitive and should not exceed Secret.
8. What certifications are you expecting the candidates to have?
There are no mandatory certifications.
9. Can we use our own equipment or would we need to use equipment provisioned by the project?
The supplier will be expected to use the appropriate equipment provided by the Authority when handling sensitive information.
10. Is there a specific framework you want the assessment done against, if so what is it? If not are we expected to define it?
The role will involve working alongside the project team to define an approach to assessing systems.
11. How flexible are you on remote working?
The role will be flexible to accommodate remote working.