Australian Taxation Office (ATO)

Elastic Stack Specialist

Important dates

Opportunity ID
Deadline for asking questions
Wednesday 28 March 2018 at 6PM (in Canberra)
Closing date for applications
Friday 30 March 2018 at 6PM (in Canberra)
Friday 23 March 2018


Write a summary of your brief

The Contractor will work in the ATO Cyber Security Operations Centre as an Elastic SME with demonstrated experience in Cyber security. They will have the capacity to accept challenges, take the initiative, meet tight time-frames and think strategically and analytically.

What is the latest start date?
How long is the contract?

Three months initial with a possible option for extension exercised at the ATO discretion.

Where can the work take place?
Australian Capital Territory
Who will the specialist work for?
Australian Taxation Office (ATO)
Budget range

As per Industry Standard Rates

About the work

Why is the work being done?

The Australian Taxation Office requires the services of a suitable Elastic Stack Specialist to implement a User and Entity Behavioral Analytics solution that is being integrated with a range of ATO online services. The suitable candidate will support the implementation of behavioral analytics and machine learning capabilities required to support the ATO’s growing big data monitoring needs, enhance cyber security and strengthen fraud detection and prevention capabilities.

What's the key problem you need to solve?

The problem ATO is aiming to solve is in regards to near real time detection of cyber security and fraud related risks generated by client interactions with ATO online services including API’s, MyGov, AtoGov and other web services. The solution comprises three basic components – data integration, data analytics and data presentation/visualisation.

Describe the users and their needs

The ATO is seeking an Elastic Stack specialist and subject matter expert for implementation of the cyber security and fraud use cases. The candidate will have hands on skills and demonstrated experience around use case implementation activities particularly around the User and Entity Behavioral Analytics solutions to support cyber security, insider threats and fraud outcomes. The technical skills being sought are around data collection, log-parsing, analytics rules and models and visualisation.

What work has already been done?

Elastic Stack is being implemented as the chosen platform for ATO's real time monitoring needs. Some of the use cases have been developed and are in the process of being implemented.

Who will the work be done with?

The Elastic SME will work with the ATO Cyber Security Operations Centre team, business teams, service providers and vendors within ATO onsite.

Any additional relevant information?

Knowledge of security tools and methodologies and data analytics platform with some development background will be highly regarded.

What phase is the work in?

Work setup

Where will the work take place?

ATO National Office, 21 Genge Street, Canberra City

What are the working arrangements?

This work must be based onsite only in the Canberra National Office in a secure location.

Is security clearance required?

Baseline Security clearance.

Additional information

Additional terms and conditions

Confidentiality and Non-Disclosure Agreement will be required to be completed.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.

Essential skills and experience
  • Experience in Administration of the Elastic Stack (Elasticsearch, Logstash, Kibana).
  • Experience in developing and implementing complex correlation rules for monitoring and alerting.
  • Experience in using Elastic Machine Intelligence capabilities.
  • Experience with programming and scripting languages and text manipulation tools.
Nice-to-have skills and experience
  • Good understanding of the strategic objectives of the ATO
  • Breadth of expertise and knowledge of cyber security and understanding of IT Security issues across all layers of technology (network architecture, system architecture, coding, connectivity, configuration, etc.) in an enterprise environment

How sellers will be evaluated

How many shortlisted sellers will you evaluate?
Proposal criteria
  • Technical solution & Approach and methodology
  • How the approach or solution meets user needs
  • How the approach or solution meets your organisation’s policy or goal.
  • Estimated timeframes for the work.
  • How they’ve identified risks and dependencies and offered approaches to manage them
  • Team structure
  • Value for money
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Transparent and collaborative when making decisions.
  • Have a no-blame culture and encourage people to learn from their mistakes.
Payment approach
Fixed price
Assessment methods
  • Written proposal
  • Case study
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence

Cultural fit


Seller questions

Seller questions
Seller question Buyer answer
1. Does the candidate require baseline Security Clearance as a pre-requisite? Yes.
2. When you say the payment approach is fixed price, what do you mean by that? Can you provide some assistance on what your salary expectation is? Seller is contractually bound to provide all the work specified in each particular ‘statement of work’ within the stated timeframes at a quoted fixed price.

Interested in this opportunity?

Before you can apply for this opportunity, you need to:

  1. Register to join the Marketplace.
  2. Submit a case study and pricing and check your documents are up-to-date.
  3. Request an assessment of your chosen case study.