United Kingdom Hydrographic Office

Technical Security Consultant and Assurance Coordinator

Incomplete applications

5
Incomplete applications
3 SME, 2 large

Completed applications

5
Completed applications
5 SME, 0 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 27 December 2017
Deadline for asking questions Wednesday 3 January 2018 at 11:59pm GMT
Closing date for applications Wednesday 10 January 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Reporting to the Head of Information Security the candidate will provide technical security and assurance support to the Marine Intelligence Programme and the Defence Maritime Geospatial Intelligence Centre teams
Latest start date Monday 29 January 2018
Expected contract length 3 Months
Location South West England
Organisation the work is for United Kingdom Hydrographic Office
Maximum day rate £670

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The candidate will work within the Marine Intelligence Programme and the Defence Maritime Geospatial Intelligence Centre teams
What the specialist will work on Manage security accreditation activities for three key programmes: 1. A critical ‘Big Data’ digital transformation programme due for LIVE release Mar 2018, 2. A sensitive software development project, 3. A range of projects in support of a wider Defence programme.
Key deliverables for each programme will include Accreditation documentation, IT Health Check scoping document, entry onto DART and Security Requirements Specification.
Involvement in all three pieces of work will require the applicant to work unsupervised and under own initiative also to organise and lead Security Working Groups and conduct security activities in accordance with MOD policies and procedures.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place United Kingdom Hydrographic Office, Admiralty Way, Taunton, Somerset, TA1
Working arrangements Working arrangements Full-time, 5 days a week. The specialist will generally be expected to be on site for at least four days a week to attend any relevant meetings and provide briefs/updates as required. There is scope for distance working on the other day.
Security clearance Security Check (SC)

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Extensive and recent experience of working with big data platforms, specifically Hadoop (Cloudera distribution).
  • • Good working knowledge and demonstrable experience with the following technologies and specifically the security related to them: Docker, Ansible, Apache Hive, Jenkins, NiFi, NginX, Maven, Nexus.
  • • Knowledge and exposure to cloud environments (specifically AWS) and ensuring necessary security assurance is in place/obtained to offer assurance for OFFICIAL workloads.
  • • Demonstrable experience of working as a technical security SME within a project environment, using Agile methodologies.
  • • Experience of providing technical security support on Government projects, working to HMG Policy.
  • • Experience of scoping ITHC activity and remediating ITHC Recommendations.
  • • Experience of information management procedures and processes at the very highest levels of UK security classification
  • • Experience of working within MOD Security regime and understanding of security policy and requirements (JSP 440 etc)
  • • Experience of advising on the deployment of application and infrastructure security controls.
  • • Experience of working to MOD accreditation processes and liaising with MOD accreditors
  • • Experience of using DART to register and manage Targets of Accreditation
  • • Experience identifying, recording&managing risk at programme project level, producing& maintaining risk documentation for use in system accreditation (RMADS, risk registers, risk assessments using HMG IA Standards 1&2)
  • • Experience of leading Security Working Groups as a way of managing project security risks
  • • Managing compliance against security requirements
  • • Familiar with using Microsoft TFS for managing work backlogs
  • • Demonstrable ability to maintain strong relations with internal and external stakeholders.
  • • Understanding of security of UNIX systems – especially CentOS and RedHat
  • • Familiarity with OWASP top 10
  • • Excellent verbal and written communication skills. Ability to translate technical and security aspects into coherent business terms.
  • • Familiarity with SIEM systems
Nice-to-have skills and experience
  • • Experience of ‘DevSecOps’ and vulnerability management using Jenkins OWASP dependency checker
  • • Ex-CLAS
  • • Familiarity with GIS products especially ESRI ArcGIS suite
  • • CISSP
  • • CCP SIRA
  • • DevOps experience

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria Can work within a team and also within an agile environment
Assessment methods Work history
Evaluation weighting

Technical competence

70%

Cultural fit

10%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is this requirement inside or outside IR35? Outside