Type of document: Contract Notice
Country: United Kingdom
1. Title: LAW ENFORCEMENT COMMUNITY NETWORK (LECN) – CYBER SECURITY CONSULTANT – SHORT DEADLINE
2. Awarding Authority: Home Office Police & Public Protection Technology (PPPT), GB. Web:
3. Contract type: Service contract
4. Description: Reporting to the Programme Delivery Manager the Specialist will provide technical security and assurance support to the Law Enforcement Community Network.
5. CPV Code(s): 72700000, 72400000, 72222300, 72000000
6. NUTS code(s): UKI, UKI6, UKI62, UKI, UKI3, UKI32
7. Main site or location of works, main place of delivery or main place of performance: Location South East England
Address where the work will take place Bernard Weatherill House, 8 Mint Walk, Croydon, CR0 1EA.
There will also be a requirement to work at Home Office, 2 Marsham Street, London SW1P 4DF.
8. Reference attributed by awarding authority: Not provided.
9. Estimated value of requirement: Maximum day rate : £650 per day maximum. Higher day rates will not be considered due to budget constraints.
10. Closing date for applications 22.10.2019 (23:59).
11. Address to which they must be sent: For further information regarding the above contract notice please visit
12. Other information: Deadline for asking questions Thursday 17 October 2019 at 11:59pm GMT
Specialist role Cyber security consultant
Latest start date Monday 11 November 2019
Expected contract length Up to 12 months. Initial Statement of Work will be for 6 months.
Organisation the work is for Home Office Police & Public Protection Technology (PPPT)
Maximum day rate £650 per day maximum. Higher day rates will not be considered due to budget constraints.
Early market engagement
Who the specialist will work with The specialist will work as part of the Law Enforcement Community Programme team reporting to the Programme Delivery Manager and will engage with the different stakeholders from GDS (PSN / FN4G), NCSC, NPTC, NEP and the wider DDaT directorate as well as all relevant portfolios / programme projects / work streams.
What the specialist will work on Develop/manage a new Security Risk Assessment strategy, policy and process.
Perform hands-on gap and risk assessments associated with:
Applications (Home Office Open Systems and Police-to-Police);
Data Centres (WAN-NNI);
Cloud and physical IT infrastructure;
Vendors, suppliers and other third parties.
Map controls to policies, standards, procedures and process.
Review and monitor IT Security controls to identify operational effectiveness.
Interface with CSOC and IAM teams.
Interface with security architects, National Information Risk Management, NCSC and other security stakeholders.
Provide and contribute to risk assessments.
Maintain broad knowledge of standard methodologies and trends in the field of Information Security.
Working arrangements A typical working day is 9am-5pm, however working outside of these hours may be required due to business/project need. The role requires flexibility as individuals may be required to work at any of the Customer premises and/or at supplier sites.
The role is currently deemed out of scope of the IR35 regulations. However, at the point of contract award to a successful supplier, the IR35 assessment will be re-visited based on the individual circumstances of the DOS Specialist.
Security clearance Must be prepared to obtain SC level security clearance, required for access to Home Office facilities/deliverables, if not already SC cleared. Must also be prepared to undergo NPPV-3 (Non-Policing Personnel Vetting Level 3).
Additional terms and conditions T&S will not be payable for travel to sites within the M25. Travel outside of the M25 will be subject to Home Office T&S policy.
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
Experience implementing or assessing security in a PSN network and cloud-as a service environment.
Experience of Cyber Assurance assessments.
Experience of working in a Policing environment.
Extensive knowledge of security technologies and risk assessment methodologies, policies and processes.
4+ years’ experience working within the technical arena with 2 plus years of information security work experience.
Solid technical background in IT systems and networking in both on-premise and cloud environments.
Knowledge &experience of: AWS (or similar) cloud security &infrastructure Web-infrastructure security (Applications &APIs) Network-security tools (IDS/IPS, firewalls etc.) Network-visualization (SD-WAN-Networks, network function virtualisation etc.) Encryption technology & implementation
SC security cleared
Nice-to-have skills and experience
Experience using vulnerability assessment tools and writing risk mitigation plans resulting from the assessment.
Excellent analytical, evaluative, and problem-solving abilities.
Demonstrable ability to collaborate with technical and non-technical teams to further the goals and mission of the programme.
Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
Experience in security standards such as ISO 27001, 27002, 27005; NIST.
Certifications within the security area are a strong plus (CISSP, CRISC, CCSK, CCSP, GIAC or equivalent).
Experience in the alignment of solutions with NCSC guidance.
Ability to work independently and multi-task effectively.
A bachelor’s degree in Cyber Security, Information Security, or Computer Science.
How many specialists to evaluate 3
Cultural fit criteria
Seek constructive outcomes in discussions.
Actively involve colleagues and partners to deliver an outcome.
Challenge assumptions but remain willing to compromise when it’s beneficial to progress.
Make recommendations for decisions and options.
Additional assessment methods