Awarded to TAAHB Limited

Start date: Monday 26 June 2017
Value: £57,850
Company size: SME
Government Digital Service (GDS) part of the Cabinet Office

WP1391: Security Operations Engineer

9 Incomplete applications

8 SME, 1 large

14 Completed applications

12 SME, 2 large

Important dates

Monday 15 May 2017
Deadline for asking questions
Wednesday 17 May 2017 at 11:59pm GMT
Closing date for applications
Monday 22 May 2017 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
Working to deliver security tooling:
Monitoring, Threat Intelligence.
Scaling of our engineering capabilities.
Latest start date
Monday 26 June 2017
Expected contract length
18 weeks
Organisation the work is for
Government Digital Service (GDS) part of the Cabinet Office
Maximum day rate
£650 (Excluding VAT) per day

About the work

Early market engagement
Who the specialist will work with
You will be working within a core team of security specialists including: security engineers, security architect, security operations, security analyst, security intelligence anlyst, ethical hacker. The wider 'matrix managed' team that is made up of tech architects, developers, user support managers, product managers, delivery managers and the Enabling Delivery and Support team.
What the specialist will work on
Monitoring, Threat Intelligence.
Scale our engineering capabilities by taking on business as usual work:
- managing our internal KPI
-Work with external suppliers, such as penetration testers, to ensure the integrity of the systems
-Cyber Sec Ops Engineering as directed.

Alpha Deliverables:
- Build and deploy Security Operations environments
- Build additional monitoring capability for specific products using AWS alongside existing teams
- Set up monitoring on new product(s)
- Perform gap analysis and build on attack trees and threat feeds for specific products.

Work setup

Address where the work will take place
Government Digital Service
Aviation House, 125 Kingsway, London, WC2B 6NH until July 2017.
Whitechapel building, Aldgate, London from July 2017.
Working arrangements
Onsite, co-located with the core team. There may be some need for travel to other government/third parties for reference visits - only when needed.
We would like the person to start as soon as possible. The latest start date to allow for any delays in the procurement process is 26th June 2017.
Security clearance
SC clearance

Additional information

Additional terms and conditions
Digital Outcomes and Specialist's Terms and conditions will apply, the only addition, if required, would be Cabinet Office T&S Policy will apply for any Supplier expenses which will need to be pre-approved by Cabinet Office

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • At least 2 years Significant experience of system operational security, network and/or application security
  • At least 2 years Technical knowledge in security engineering, system and network security, (authentication and security protocols, cryptography), operation of a PKI, and application security
  • At least 2 years Knowledge of system security vulnerabilities and remediation techniques
  • At least 2 years Analytic skills to understand security implications of technical events
  • At least 2 years Extensive troubleshooting and research skills with a positive and proactive approach to customer service and getting things done
  • At least 2 years Strong experience working in an operational role in a secure environment
  • At least 2 years Knowledge of network and web related protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Minimum 2 years Strong scripting skills in at least one of the following is highly desirable: Ruby, Python, shell (bash, ksh, csh). Working knowledge of Java would be an advantage
  • At least 2 years Working knowledge of Linux
Nice-to-have skills and experience
  • At least 2 years Experience of working within a software development team/writing code
  • At least 2 years Experience of managing security in an environment with frequent change
  • At least 2 years CEH, CISSP, SANS/GIAC or CREST certifications or other security certifications
  • At least 2 years Technical qualification or experience in low level software, network security, malware analysis, penetration testing or vulnerability discovery and mitigation
  • At least 2 years penetration testing, network security monitoring or incident response experience
  • At least 2 years Experience supervising technical specialists
  • At least 2 years Experience of configuration management processes and tools - eg Puppet, Ansable or Chef
  • At least 2 years Experience of working with IaaS
  • Minimum 2 years Dev Ops experience
  • Must have worked in an AGILE environment

How suppliers will be evaluated

How many specialists to evaluate
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative when making decisions
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Take responsibility for their work
  • Share knowledge and experience with other team members
  • Challenge the status quo
  • Be comfortable standing up for their discipline
  • Can work with clients with low technical expertise
Assessment methods
  • Work history
  • Reference
  • Interview
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Can you confirm whether the role is inside or outside of IR35?
This role is outside IR35. The intermediaries legislation does not apply to this engagement.
2. Regarding the SC clearance status, if the candidate does not hold active SC clearance and is willing to go through the process, can this be considered, if yes will you sponsor the security clearance?
"It is preferred that the candidate already has SC clearance. If not currently held, the candidate must be willing to undertake the SC clearance process. This DOS requirement made it clear that SC clearance is required then suppliers are required to pay and arrange for that security clearance themselves to become eligible and compliant to perform the contract.

We can however arrange for special dispensation to allow suppliers to begin their contract and allow them onsite whilst the security process is underway.
A caveat to this is that the suppliers contract would be terminated if SC clearance was not granted."
3. Can a candidate with DV clearance be considered for this role?
Yes, DV clearance is higher than SC clearance and SC clearance is higher than BPSS clearance
4. What is the lead time for feedback once the application is submitted?
Depending on the volume of bids received at the outset, we would aim to get back to suppliers within 5 days to let them know if they have been successful at getting through to the next stage. If unsuccessful, feedback would also be provided
5. Can more than one candidate per supplier be submitted for this role?
No, only one candidate can be submitted by each supplier for the role
6. What are the other expenses which will be paid?
Expenses would be paid if, for example, travel to a site other than GDS' premises outside the M25 is required.
Expenses will need to be authorised in advance by the Programme, and also need to be in line with Cabinet Office T&S Policy.
7. Is occasional remote working allowed?
Yes, occasional remote working will be allowed upon negotiation with the supervising manager.
8. What is the total number for positions open for this role?
One position
9. Will travel expenses be paid?
Expenses would be paid if, for example, travel to a site other than Aviation House or the new Aldgate premises outside the M25 is required.
This would need to be pre-authorised in advance by the Programme, and expenses would need to be in line with Cabinet Office T&S Policy.