Awarded to Secure Cyber Solutions Limited

Start date: Monday 22 January 2018
Value: £408,000
Company size: SME

Her Majesty’s Passport Office

Security Operations Engineer

10 Incomplete applications

9 SME, 1 large

9 Completed applications

8 SME, 1 large

• Published: Wednesday 18 October 2017
• Deadline for asking questions: Friday 20 October 2017 at 11:59pm GMT
• Closing date for applications: Wednesday 25 October 2017 at 11:59pm GMT

Overview

• Specialist role: Cyber security consultant
• Summary of the work: • Security Operations lead for Cloud Platform and in-house on Premise hosting; • Lead embedding of security in cloud based, microservices based architecture, automating where possible; • Conducting vulnerability assessments and penetration tests; • Ensure services kept in line with security architecture and standards
• Latest start date: Friday 1 December 2017
• Expected contract length: Up to two years (24 months)
• Location: London
• Organisation the work is for: Her Majesty’s Passport Office

About the work

• Who the specialist will work with: Working with Platform Engineers, and developers, tech architects
• What the specialist will work on: • Ensuring that deployed code is secure and assured. ; • Ensuring Cloud infrastructure complies with security architecture and policies; • Conducting or ensuring internal security testing for each Agile sprint/release; • Leading/conducting code & configuration security reviews; • Leading/implementing remediation activity; • Vulnerability management; • Liaison with Her Majesty’s Passport Office Information Assurance team to provide the required security assurances for code releases; • Operational security support ; • Porting security (protective monitoring) log feeds to the CSOC/SEIM.; • Subject matter expert on DevOps security, ; • Provisioning, administering and reviewing Developer user access & privileges

Work setup

• Address where the work will take place: Petty France, London
• Working arrangements: The individual will work full time from the primary office in Petty France, London five days a week. Option to work from home one day a week. ; ; Candidate should be prepared to use their own company laptop which may be needed to undertake some duties. ; ; There may be an occasional need to attend our other office in Central London (Victoria). No travel expenses will be paid for this purpose. Expenses for any exceptional travel authorised outside of Central London will fall under the Standard Government Terms and Conditions for Expenses as covered in the DOS Contract
• Security clearance: DV Clearance is required.

Additional information

• Additional terms and conditions: We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis. ; ; Standard Government Terms and Conditions for Expenses as covered in the DOS Contract.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • 10+ years hands-on security experience, with a focus on endpoint, network devices, and applications.
  • Experience with vulnerability management tools such as Nessus, Qualys, etc.
  • Experience with SIEM tools, such as AlienVault, Splunk ES, ELK/Logstash, etc
  • Experience with security testing tools such as BurpSuite, ZAP, etc.
  • Understanding of secure coding development practice, e.g. OWASP Top Ten, etc.
  • Incident Response analysis and investigations.
  • Ethical Hacker experience
  • Experience and working knowledge of Linux/Unix.
• Nice-to-have skills and experience:
  • Knowledge of networking protocols and technologies, e.g. TCP/IP, Switching & Routing, etc.
  • Recognised security qualification (e.g CREST, AWS Security, CCSP etc)
  • Programming and scripting skills, Python, JAVA, etc.
  • General knowledge around endpoint security, malware analysis, BYOD, etc.
  • Have exisiting, valid DV Clearance

How suppliers will be evaluated

• How many specialists to evaluate: 3
• Cultural fit criteria:
  • Work as a team with our organisation and other suppliers
  • Take responsibility for their work
  • Be transparent and collaborative when making decisions
  • Share knowledge and experience with other team members
• Assessment methods: Work history
• Evaluation weighting:

  Technical competence

  70%

  Cultural fit

  10%

  Price

  20%

Questions asked by suppliers

• 1. Could you please clarify the security clearance requirement for this role as is states DV clearance is required but it is also listed as a nice to have skill.: Existing DV Clearance has been included as a Nice to have, however Her Majesty’s Passport Office will sponsor and support the security process if the candidate does not have valid DV Clearance.
• 2. Would this role require AWS / Cloud Computing expertise / experience?: Yes.
• 3. Does the Passport Office have a maximum day rate in mind , or are they open to current commercial rates based on experience?: The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.
• 4. What is the rate for this role?: The day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements
• 5. How many individuals are required?: One
• 6. Does HMPO have a maximum daily rate for this role?: The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.
• 7. Will HMPO sponsor DV for those candidates holding SC already?: Current DV clearance is preferred but Her Majesty's Passport Office will support the process for the successful candidate.
• 8. Would you consider individuals with the ability to apply for DV Clearance?: Yes.
• 9. Would this position be inside IR35?: We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
• 10. Please indicate your maximum day rate for this role.: The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.