Talent.com
Upstaff
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – SeniorUpstaff • Halifax South Central, NS, ca
No longer accepting applications
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Upstaff • Halifax South Central, NS, ca
16 days ago
Job type
  • Full-time
Job description
Job Description
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior
Client: Government of Nova Scotia – Cyber Security & Digital Solutions (CSDS)
Project: Land Modernization Initiative (LMI)
Location: Halifax, Nova Scotia (Remote with optional onsite work)
Contract Duration: July 20, 2026 – May 31, 2027
Engagement Type: Competitive-Sourced
Openings: 2
Work Arrangement: Remote (with occasional collaboration with CSDS stakeholders)
Project Overview
The Government of Nova Scotia is seeking experienced cybersecurity professionals to support the Land Modernization Initiative (LMI), a major transformation program modernizing the Province’s Land Registry services.
The selected consultants will work closely with the CSDS/LMI Technical Manager, Cyber Security and Risk Management (CSRM) team, and business stakeholders to conduct:
  • Threat Risk Assessments (TRA)
  • Penetration Testing (PT)
  • Security risk analysis
  • Vulnerability assessments
  • Security recommendations and remediation guidance
The initial engagement focuses on the MVS 1.0 release, with potential future work supporting releases 1.1, 1.2, and 1.3

Requirements

Key Responsibilities
Threat Risk Assessment (TRA)
Scope
  • Identify and document security threats, vulnerabilities, and risks across the Nova Scotia Land Registry ecosystem.
  • Assess people, processes, technologies, communications, and information assets.
  • Evaluate likelihood and business impact of identified risks.
  • Recommend mitigation strategies and security controls.
  • Perform assessments using the NIST SP 800-53 Revision 5 High Baseline framework.
  • Review security certifications and reports including:
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
Activities
  • Conduct workshops and stakeholder interviews.
  • Review system architecture, integrations, and data flows.
  • Analyze operational effectiveness of security controls.
  • Assess compliance across applicable NIST control families.
  • Document threat actors, attack vectors, vulnerabilities, and risk treatments.
  • Produce executive and technical reports.
  • Present findings to senior leadership and project stakeholders.

Penetration Testing (PT)
Scope
Conduct penetration testing against:
  • Web Applications
  • APIs
  • Cloud Environments
  • Networks
  • Mobile Applications
  • Endpoints
Testing Methodologies
  • White Box Testing
  • Grey Box Testing
  • Black Box Testing
Activities
  • Execute penetration testing using industry best practices.
  • Identify, validate, and document vulnerabilities.
  • Analyze prior security testing results.
  • Conduct remediation verification and retesting.
  • Produce executive and technical reports.
  • Immediately escalate Critical vulnerabilities using CVSS standards.
  • Participate in ongoing security assessments and risk management activities.

Required Deliverables
Threat Risk Assessment Deliverables
  • Draft TRA Report
  • Final TRA Report
  • Completed TRA Checklist
  • Risk Response Form
  • Executive Presentation
Penetration Testing Deliverables
  • Final Penetration Testing Report
  • Executive Presentation
  • Remediation Validation / Retest Results

Mandatory Qualifications (Required)
Candidates who do not meet the following requirements should not be submitted.
Threat Risk Assessment Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting Threat Risk Assessments (TRAs) on digital systems.
  • At least one proposed resource must have completed two (2) or more TRAs on digital systems within the last three (3) years.
  • Experience conducting TRAs within Canadian public sector environments.
  • Experience working with:
    • NIST SP 800-53
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
  • Experience assessing:
    • Cloud environments (AWS, Azure)
    • Network infrastructure
    • Enterprise applications
    • Technology platforms
  • Ability to work with business, security, and technical teams.
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Penetration Testing Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting penetration testing.
  • At least one proposed resource must have completed two (2) or more penetration tests within the last twelve (12) months.
  • Experience conducting penetration testing in Canadian public sector organizations.
  • Strong experience testing:
    • Web applications
    • APIs
    • Cloud environments
    • Networks
    • Enterprise systems
Mandatory Certifications
Tier 1 Certification (Required)
At least one proposed resource must hold one of the following:
  • OSCP (Offensive Security Certified Professional)
  • CREST CRT (Registered Penetration Tester)
Tier 2 Certification (Required)
At least one proposed resource should hold one of the following:
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Preferred Qualifications
The following are considered strong assets:
Security Certifications
  • CISSP
  • CISM
  • CRISC
  • OSCP
  • CREST CRT
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Government Experience
  • Previous experience performing Threat Risk Assessments for Canadian government organizations.
  • Previous experience conducting Penetration Testing for Canadian government organizations.
  • Direct experience supporting the Government of Nova Scotia.
  • Familiarity with Government of Nova Scotia cybersecurity standards, risk frameworks, and governance processes.

Technical Skills
Candidates should demonstrate expertise in:
  • Threat Risk Assessment Methodologies
  • Penetration Testing Methodologies
  • NIST SP 800-53 Rev. 5
  • ISO/IEC 27001
  • ISO/IEC 42001
  • SOC 2 Type II
  • PCI DSS
  • Cyber Risk Management
  • Vulnerability Assessment
  • Security Architecture Review
  • Risk Analysis and Treatment Planning
  • Security Control Assessment
  • Cloud Security (AWS / Azure)
  • Application Security
  • Network Security
  • Security Reporting and Executive Presentations
  • CVSS Scoring Framework

Evaluation Highlights
Candidates and vendors will be evaluated based on:
  • TRA experience and expertise
  • Penetration testing experience
  • NIST and security framework knowledge
  • Tier 1 and Tier 2 security certifications
  • Public sector cybersecurity experience
  • Government of Nova Scotia experience
  • Client references
  • Pricing competitiveness
This opportunity is ideal for senior cybersecurity consultants with proven expertise in both Threat Risk Assessments and Penetration Testing within government and highly regulated environments. The successful team will play a critical role in securing one of Nova Scotia's most significant digital modernization initiatives.



Requirements
Key Responsibilities Threat Risk Assessment (TRA) Scope Identify and document security threats, vulnerabilities, and risks across the Nova Scotia Land Registry ecosystem. Assess people, processes, technologies, communications, and information assets. Evaluate likelihood and business impact of identified risks. Recommend mitigation strategies and security controls. Perform assessments using the NIST SP 800-53 Revision 5 High Baseline framework. Review security certifications and reports including: ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Activities Conduct workshops and stakeholder interviews. Review system architecture, integrations, and data flows. Analyze operational effectiveness of security controls. Assess compliance across applicable NIST control families. Document threat actors, attack vectors, vulnerabilities, and risk treatments. Produce executive and technical reports. Present findings to senior leadership and project stakeholders. Penetration Testing (PT) Scope Conduct penetration testing against: Web Applications APIs Cloud Environments Networks Mobile Applications Endpoints Testing Methodologies White Box Testing Grey Box Testing Black Box Testing Activities Execute penetration testing using industry best practices. Identify, validate, and document vulnerabilities. Analyze prior security testing results. Conduct remediation verification and retesting. Produce executive and technical reports. Immediately escalate Critical vulnerabilities using CVSS standards. Participate in ongoing security assessments and risk management activities. Required Deliverables Threat Risk Assessment Deliverables Draft TRA Report Final TRA Report Completed TRA Checklist Risk Response Form Executive Presentation Penetration Testing Deliverables Final Penetration Testing Report Executive Presentation Remediation Validation / Retest Results Mandatory Qualifications (Required) Candidates who do not meet the following requirements should not be submitted. Threat Risk Assessment Requirements Mandatory Experience Minimum 3 years of experience conducting Threat Risk Assessments (TRAs) on digital systems. At least one proposed resource must have completed two (2) or more TRAs on digital systems within the last three (3) years. Experience conducting TRAs within Canadian public sector environments. Experience working with: NIST SP 800-53 ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Experience assessing: Cloud environments (AWS, Azure) Network infrastructure Enterprise applications Technology platforms Ability to work with business, security, and technical teams. Mandatory Documentation Criminal Record Check completed within the last six (6) months. Penetration Testing Requirements Mandatory Experience Minimum 3 years of experience conducting penetration testing. At least one proposed resource must have completed two (2) or more penetration tests within the last twelve (12) months. Experience conducting penetration testing in Canadian public sector organizations. Strong experience testing: Web applications APIs Cloud environments Networks Enterprise systems Mandatory Certifications Tier 1 Certification (Required) At least one proposed resource must hold one of the following: OSCP (Offensive Security Certified Professional) CREST CRT (Registered Penetration Tester) Tier 2 Certification (Required) At least one proposed resource should hold one of the following: CEH Master GPEN CompTIA PenTest+ Mandatory Documentation Criminal Record Check completed within the last six (6) months. Preferred Qualifications The following are considered strong assets: Security Certifications CISSP CISM CRISC OSCP CREST CRT CEH Master GPEN CompTIA PenTest+ Government Experience Previous experience performing Threat Risk Assessments for Canadian government organizations. Previous experience conducting Penetration Testing for Canadian government organizations. Direct experience supporting the Government of Nova Scotia. Familiarity with Government of Nova Scotia cybersecurity standards, risk frameworks, and governance processes. Technical Skills Candidates should demonstrate expertise in: Threat Risk Assessment Methodologies Penetration Testing Methodologies NIST SP 800-53 Rev. 5 ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Cyber Risk Management Vulnerability Assessment Security Architecture Review Risk Analysis and Treatment Planning Security Control Assessment Cloud Security (AWS / Azure) Application Security Network Security Security Reporting and Executive Presentations CVSS Scoring Framework Evaluation Highlights Candidates and vendors will be evaluated based on: TRA experience and expertise Penetration testing experience NIST and security framework knowledge Tier 1 and Tier 2 security certifications Public sector cybersecurity experience Government of Nova Scotia experience Client references Pricing competitiveness This opportunity is ideal for senior cybersecurity consultants with proven expertise in both Threat Risk Assessments and Penetration Testing within government and highly regulated environments. The successful team will play a critical role in securing one of Nova Scotia's most significant digital modernization initiatives.
Create a job alert for this search

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior • Halifax South Central, NS, ca

Similar jobs

Safety Professional (College) - Richmond, VA

M.C. Dean, Inc.Halifax Regional Municipality, NS, CA
Full-time

Safety Professional (College) - Richmond, VA.Safety Professional (College) - Richmond, VA.The Safety Professional is responsible for overseeing Construction Project Safety, Health (S&H), and Risk M... Show more

 • Promoted

Sr. Claims Representative - Rideshare

Definity Financial CorporationDartmouth, NS, CA
Full-time

What can you expect in this role?.Provide prompt, courteous, accurate and fair claims service to all customers, internal and external.Manage complex and/or commercial auto claims.Fully explain the ... Show more

 • Promoted

Territory Pharmaceutical Sales Pro — Drive Patient Impact

Innovativ Pharma, Inc.NS, CA
Full-time

A national pharmaceutical company is seeking a Pharmaceutical Sales Representative to join their team in Nova Scotia, Canada.The role involves partnering with healthcare professionals to tailor sol... Show more

 • Promoted

Game Tester - Remote

AlmediaHalifax, Canada
Remote
Full-time

Get paid for testing apps, games and surveys.Almedia runs a dynamic platform where users earn money online by completing tasks, playing games, and filling out surveys.Since our launch 5 years ago, ... Show more

 • Promoted

Remote Registered Dietitian or CNS - Flexible Hours, Work from Anywhere

Berry StreetNS, CA
Remote
Full-time +2

We’re looking for entrepreneurial, empathetic Registered Dietitians (RDs) and Certified Nutrition Specialists (CNSs) licensed in any state to help us bring medical nutrition therapy (MNT) to all.Th... Show more

 • Promoted

Part-Time Family Physician - Correctional Health (NS)

Nova Scotia Healthcare SystemNS, CA
Full-time

A regional healthcare provider in Nova Scotia seeks a dedicated part-time Family Physician for the Southwest Nova Scotia Correctional Facility.The role involves providing essential primary care ser... Show more

 • Promoted

Project Manager, Clinical Operations - dartmouth

Stiris Research Inc.dartmouth, ns, ca
Full-time

Stiris Research is an entrepreneurial Clinical Trial Management Company providing Phase I through IIIB full-service support to Biotechnology and Biopharmaceutical companies.We make a difference by ... Show more

 • Promoted

Assurance & Advisory Manager — Remote Audit Leadership

Baker Tilly Canada CooperativeNS, CA
Remote
Full-time +1

A leading advisory firm in Dartmouth, NS is seeking an Assurance and Advisory Manager to lead audit engagements and mentor team members.The ideal candidate will have over 4 years of experience in a... Show more

 • Promoted

Risk Management Expert at IKEA

IKEA GruppeDartmouth, NS, CA
Full-time

Step into the role of Unit Business Risk and Compliance Co-worker at IKEA, focusing on developing a culture of safety and compliance.Your expertise will be vital in promoting risk management across... Show more

 • Promoted

Regional Safety Trainer /H&S Trainer

Battlefield Equipment RentalsDartmouth, NS, CA
Permanent

Position: Regional Health & Safety Trainer.Canada’s leading construction equipment rental company and you can find our equipment powering projects on job sites across Canada! If you want a career w... Show more

 • Promoted

Construction Security Lead - Site & Compliance

EllisDonNS, CA
Full-time

A leading construction firm located in Nova Scotia is seeking a Security Manager to oversee site security and manage security personnel.The ideal candidate will have a business administration degre... Show more

 • Promoted

MBSE Project Requirements Traceability Engineer - NETE

Weir GroupDartmouth, NS, CA
Full-time +1

MBSE Project Requirements Traceability Engineer - NETEWeir Canada, Inc.Halifax NS, CanadaPermanent Full Time, Hybrid WorkAbout the role: Provide expertise in modelling, requirements management, dat... Show more

 • Promoted

Senior Incident Response Consultant At Crowdstrike

CrowdStrikeHalifax, Canada
Full-time

Join CrowdStrike as a Senior Incident Response Consultant and play a critical role in modern cybersecurity.This position allows you to shape responses to sophisticated cyber threats.We are looking ... Show more

 • Promoted

Flexible Telehealth Mental Health Therapist — AI Tools

SonderMindNS, CA
Full-time

A leading mental health care platform is seeking compassionate and skilled clinicians to join their expanding network.The role offers flexibility to manage one's own practice and provide therapy us... Show more

 • Promoted

Clinical Software Validation Specialist

0420 Varian Medical Systems Canada, Inc.NS, CA
Full-time

A leading oncology solutions company in Nova Scotia seeks a Software Validation Specialist to ensure that software products meet regulatory standards.Responsibilities include developing validation ... Show more

 • Promoted

Skilled Licensed Practical Nurse in Acute Care Needed for Travel

Tahir Medix StaffingNS, CA
Full-time

Advance your career as a Licensed Practical Nurse in an Acute Care unit.This travel position offers the chance to deliver exceptional patient care in a high-energy hospital environment.Ideal candid... Show more

 • Promoted

Management Trainee

EnterpriseDartmouth, NS, CA
Permanent

Start your career with Enterprise Mobility! We’re hiring immediately for our Management Training Program.Whether you see yourself in sales, business development, customer service, retail management... Show more

 • Promoted

Project Manager, Pre-Clinical Pipeline Development - dartmouth

Kisoji Biotechnology Inc.dartmouth, ns, ca
Full-time

Project Manager, Pre-Clinical Pipeline Development.VP of Research and Translational Science.Remote, Canada or United States.KisoJi Biotechnology is headquartered in Montreal, Canada.May require tra... Show more

 • Promoted

Re-Entry Specialist - Tri-County

Volunteers of America Delaware ValleyNS, CA
Full-time

Safe Return - Cumberland County.Responsible for recruitment, information and referral to resources for ex-offenders.Maintaining contact with clients in the community in an effort to offer support a... Show more

 • Promoted

Travel RN: Emergency Dept in Nova Scotia — 12 Weeks

Mimak Care CorporationNS, CA
Full-time

A healthcare organization is seeking experienced Registered Nurses (RNs) for a 12-week travel assignment in the Emergency Department in Nova Scotia.This role is ideal for nurses confident in delive... Show more