United Kingdom Hydrographic Office

Core Data Platform Environments Consultancy, Requirement 2- Server Hardening

Incomplete applications

4
Incomplete applications
3 SME, 1 large

Completed applications

7
Completed applications
7 SME, 0 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 27 December 2017
Deadline for asking questions Wednesday 3 January 2018 at 11:59pm GMT
Closing date for applications Wednesday 10 January 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Developer
Summary of the work The requirement is to extend an existing CentOS server hardening script, written in Ansible, to apply Centre for Information Security (CIS) Level 1 server hardening to diverse target CentOS instances. Active Directory integration into new environments.
Latest start date Monday 29 January 2018
Expected contract length Aprox 3 months
Location South West England
Organisation the work is for United Kingdom Hydrographic Office
Maximum day rate £650

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The Marine Intelligence Programme
What the specialist will work on Extend an existing Ansible playbook to apply changes to new&existing servers, to bring into line with Level 1 server hardening requirements defined by the Centre for Information Security.
As the target instances perform diverse functions, including Hadoop cluster nodes, the hardening implementation will need to be tailored to suit the role of the target instance. The hardening playbook should contain logic to determine role given server is performing, &to apply appropriate hardening measures.
The playbook will be used for the secondary purpose of verification, &reporting on server security hardening, for auditing&compliance. Implemented with clear output on the steps being performed.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Admiralty Way, Taunton, Somerset TA1 2DN
Working arrangements Full time, 5 Days a Week
Security clearance Security Check (SC) or Disclosure of Scotland as a minimum

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • • Demonstrable experience of working as a technical SME within a project environment, using Agile methodologies.
  • • Expertise in the following technologies: Ansible, Docker
  • • Expertise in Linux system administration, especially CentOS and Red Hat
  • • Expertise in security of UNIX systems, especially CentOS and Red Hat
  • • Experience of administering network security including configuring firewalls, Kerberos, LDAP and SSSD
  • • Experience of administering containerised applications using Docker
  • • Experience of version control using Git
Nice-to-have skills and experience Experience of working with Hadoop clusters

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 5
Cultural fit criteria Ability to work within a team
Assessment methods Work history
Evaluation weighting

Technical competence

70%

Cultural fit

10%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is this requirement inside or outside of IR35? Outside
2. Does the BPSS level clearance have to be via Disclosure Scotland or will other BPSS screening services be acceptable? Disclosure Scotland is required.