Department for Work and Pensions

Department For Work And Pensions - DevOps/DevSecOps and Developer Support

8 Incomplete applications

6 SME, 2 large

6 SME, 2 large

Summary of the work: Design and automate the provision of security products, microservices, toolings and key infrastructure. Design out/introduce remediation for vulnerabilities identified by external penetration testing and continuous vulnerability management tool. Our estimates suggest we will need a service delivery team consisting of 1 experienced DevOps, 1 DevSecOps, and a developer.
Latest start date: Monday 7 August 2017
Expected contract length: This will be a two year contract with an initial Statement of Works for up to 4 months
Location: London
Organisation the work is for: Department for Work and Pensions
Budget range

Why the work is being done: In order to ensure that this key DWP application is able to support the scaling and security requirements, it is being re-engineered for resilience and to allow it to operate in a commodity cloud hosting environment. In support of this, Agile and adaptable vulnerability management within production, support and development environments is required to support risk management activity.
Problem to be solved: The scaling and security goals for the application have led to a strategy of commodity cloud hosting. There is a need to develop and implement solutions to remediate any identified vulnerabilities.
Who the users are and what they need to do: Universal Credit Claimants will use the the system to mange and progress their claim online.
DWP Job Centre and Services Centre Agents will use the system to perform their roles in support of the Universal Credit Applicants.
Early market engagement
Any work that’s already been done: Work to deliver a Minimum Viable Product (MVP) is concluding.
Existing team: The supplier will be working as a part of a multi-disciplinary team dedicated to the work to migrate the service to a commodity cloud platform. This team consists of internal DevOps, QA, network engineers, Security and delivery / project managers. The team is 10 strong and follows agile processes to prioritise and manage the activities.
Current phase: Discovery

Address where the work will take place: Caxton House, London
Working arrangements: On-site in London office for the majority of the time with some scope for remote working. The collaborative nature of the team means that face to face interaction and presence at daily stand-ups is essential.
Security clearance: SC clearance.

Additional terms and conditions: Additional DWP Terms and Conditions will apply. These can be found at https://dwp.bravosolution.co.uk/web/login.shtml.

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience: Experience designing and implementing secure, resilient, highly available configurations of infrastructure components.- 5%

Extensive, demonstrable knowledge of system security vulnerabilities and remediation techniques.- 5%

Experience of automation of cloud deployments and developing infrastructure as code using terraform.- 5%

Experience creating destructive testing frameworks including the use of Jepsen to simulate failure scenarios.- 4%

Experience of cloud migrations for large microservice architectures- 5%

Capacity to supply,experienced DevOps, DevSecOps engineer and developer with technical skills (>3 years’ experience) in Terraform, puppet, github, bash, python, java, Mongo, ActiveMQ, jepsen, microservice architectures,commodity cloud environments- 5%

Have experience of working within DWP or a comparable organisation within the last 3 years- 5%
Nice-to-have skills and experience: Ability to provide technical leadership in multi-supplier team environments- 3%

Experience working with AWS- 3%

How many suppliers to evaluate

Proposal criteria

Please provide details of situations where your resources have delivered DevOps and testing engineering / development capability within the context of vulnerability management using agile methodologies- 7%
What experience do you have delivering major cloud migration projects for a comparable customer. Please clarify how your resources added value, delivery focus and technical leadership- 7%
Experience of aligning activities with other parallel work streams, ensuring quality standards are maintained- 7%
In past assignments,how have you ensured that you gain at pace, a detailed understanding of the service and project requirements to allow rapid, involvement in design and decision activities- 7%
Describe your processes for identification of risks and dependencies and the approaches to manage them- 7%

Cultural fit criteria

Describe your processes for identification of risks and dependencies and the approaches to manage them- 5%

Payment approach

Capped time and materials

Assessment methods

Evaluation weighting

Technical competence

75%

Cultural fit

Price

20%

1. Will the role fall within IR35 legislation?: At this time the role has been deemed as outside of IR35 however, should the features of the engagement change, a further assessment will be made which could change the determination.
2. Does this fall within the IR35 rules?: At this time the role has been deemed as outside of IR35 however, should the features of the engagement change, a further assessment will be made which could change the determination.
3. Is there flexibility to propose a revised resourcing profile, or is the requested profile decided upon and agreed internally?: We require the skillsets and (team) composition specified in order to meet the requirements of this crucial piece of work. However, we are willing to consider an alternative resourcing profile as part of any proposal.