Government Digital Service, part of the Cabinet Office

WP1524 - Senior Cyber Security Analyst/Coach

Incomplete applications

4
Incomplete applications
2 SME, 2 large

Completed applications

10
Completed applications
10 SME, 0 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Friday 15 December 2017
Deadline for asking questions Tuesday 19 December 2017 at 11:59pm GMT
Closing date for applications Friday 22 December 2017 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Specialist to manage day-to-day cyber security issues. Contribute to the team and train and coach Civil Service staff to be able to perform the role of Cyber Security Analyst without supervision.
Mentor 6 team members; 4 need further training and 2 have some background experience, so require top up training.
Latest start date Monday 12 February 2018
Expected contract length Estimated Initial contract length of 6 months
Location London
Organisation the work is for Government Digital Service, part of the Cabinet Office
Maximum day rate

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement None
Who the specialist will work with This is part of the Cyber Security team for GDS products. The winning supplier will be working with Devs and SecOps as well as cross-functional colleagues in GDS. They will also be working with other government departments such as GCHQ.
What the specialist will work on - Train Security Analyst and Junior Analysts on the effective and proactive analysis of security logs to determine if cyber attacks are occurring against GDS. As well as training staff, we require this specialist to run service infrastructure and user transactions.
- Provide subject matter expertise as a Senior Security Analyst to investigate technical security incidents across GDS.
- Provide support to wider GDS for Security incidents, in line with the GDS's Incident Handling procedures.
- Support the Cyber Threat Intelligence specialist in the analysis of technical threat information.
- Work with programmes to remediate known and newly discovered vulnerabilities.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Government Digital Service, The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS
Working arrangements We expect the Specialist to be on site at GDS's Whitechapel Building.
Working hands on as part of the team and training members of the Cyber Security team. The core hours of the role will be 9am to 5pm but this can be discussed once the contract has started as their is some flexibilty to this. There is also scope to work from home.

This role is outside IR35.
Security clearance SC Clearance as a minimum must already be valid before starting work and not expire during the duration of the contract. Due to the nature of the work, it is preferred the Specialist is DV cleared but this is not essential.
BPSS is essential to be on site at GDS.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions All expenses must be pre-agreed with between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.

All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects. For further information please see the Information Commissioner's Office website:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • 7 years experience in training Mid level and Junior Cyber Security Analysts
  • 7 years experience in intrusion analysis and security monitoring experience
  • 7 years experience of proactively investigating, analysing and mitigating/resolving security events
  • Rounded knowledge of digital security tools and technologies, with a particular focus on monitoring, analysis and intrusion detection tools
  • 5 years extensive experience of computer forensic and forensic readiness planning
  • CEH, CISSP, SANS/GIAC or CREST certifications or other security certifications
  • Technical qualification or experience in low level software, network security, malware analysis, penetration testing or vulnerability discovery and mitigation
Nice-to-have skills and experience
  • Vast experience of working in government
  • Experience of working in an Agile software development environment
  • Experience managing cyber security in an environment with frequent change
  • Experience of working with IaaS
  • 2 years experience incident response

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Your approach to data privacy and security
  • Your approach to transferring knowledge and experience to civil servants to support learning from this engagement.
  • Culture of taking responsibility for owning issues and resolving and problems
  • Your approach to resolving technical and business risks or issues in a collaborative way that maximises productivity and business outcomes.
  • Commitment to team working
Assessment methods
  • Work history
  • Interview
Evaluation weighting

Technical competence

65%

Cultural fit

15%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is there a max rate for this roles? The budget has been left blank intentionally; we will assess the price suppliers provide using the evaluation weighting we have disclosed on the requirements.
2. How many people will be required, up to 2? This role is for one specialist only.
3. Is there a guide on budget for this role? The budget has been left blank intentionally; we will assess the price suppliers provide using the evaluation weighting we have disclosed on the requirements.
4. is this contract open to a team approach, whereby 1 x FTE is resourced from a number of specialists from the same supplier? No, unfortunately not. We would prefer to work with one specialist as opposed to a pool of specialists from the same supplier.
5. Is there any indication of the maximum day rate The budget has been left blank intentionally; we will assess the price suppliers provide using the evaluation weighting we have disclosed on the requirements.
6. is there any provision for hotel and expenses if required? All expenses must be pre-agreed between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy. This can be discussed prior to awarding a winner.
7. Can you please clarify which incident platform GDS are using? No platform currently in use, CyberCPR in trial.
8. 1.Regarding the SC clearance status, if the candidate does not hold active SC clearance and is willing to go through the process, can this be considered, if yes will you sponsor the security clearance? 1) Due to the contract length, it is preferred the candidate already has SC clearance as it takes a couple of months to obtain. However, we are willing to consider candidates who are prepared to go through the SC process. We do sponsor SC but we do not pay. Suppliers contract would be terminated if SC clearance was not granted.
9. 2.Can any other security clearance be considered? 2) Yes we are willing to accept DV cleared Specialists as that is a clearance level above SC.
10. 3.What is the lead time for feedback once the application is submitted? 3) We aim to feedback within a week but please bear in mind due to the holiday season this may be a bit longer
11. 4.Any chances of change in start date as the latest date mentioned is Monday 12 February 2018 4) The latest start date will remain Monday 12th February 2018.
However if we finish the DOS process before this date, the Specialist may be able to start sooner if the contract is signed by both parties.
12. 5.What are the other expenses which will be paid? 5) We do not expect any expenses to be required however if any are pre- agreed they will be for travelling on business outside the M25.
and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy. This can be discussed prior to awarding a winner.
13. 6.What are the exact work locations? 6) The work location will be The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS and any other locations agreed by Cabinet Office during the contract
14. 7.Any specific format(pdf,doc) in which CVs to be sent later? 7) We do not expect CV's, we expect Work History on the template provided.
15. 8.Is occasional remote working allowed? 8) Yes this can be discussed at later stages of the process
16. 9.Is there any travel involved in this role and will the travel expenses be paid? 9) There is no travel involved but if this changes then it would be pre-agreed and expenses must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.
17. 10. Is the rate inclusive or exclusive of VAT? 10) The rate is exclusive of VAT
18. 11.Would you consider work permit holders (e.g. Tier 2 General Visa) and EU passport holders for this role? 11) Cabinet Office do not sponsor Tier 2 visas.
Workers with an EU passport are allowed to work for Cabinet Office.
19. For this particular role both security clearances (SC & BPSS) are required? Yes due to the nature of the work: SC is required and BPSS is needed to get into the building. It is preferred the specialist has DV if possible but SC will suffice.
20. Can you please advice on what SIEM platform is being used so that I can advise candidates.For example, is it based on Enterprise Security platform like Splunk or Archsight? AlienVault, ELK, Splunk
21. Can this opportunity be furnished by several individuals who all hold sufficient clearance and have differing but complementary skills to add value to this role? No this requirement is only for one Specialist
22. Where do I upload the answers to the Cultural fit criteria questions? Cultural Fit Criteria are listed in the Work History and are evaluated during Interview stage