Talent.com
Upstaff
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – SeniorUpstaff • Halifax South Central, NS, ca
Les candidatures ne sont plus acceptées
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Upstaff • Halifax South Central, NS, ca
Il y a 13 jours
Type de contrat
  • Temps plein
Description de poste
Job Description
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior
Client: Government of Nova Scotia – Cyber Security & Digital Solutions (CSDS)
Project: Land Modernization Initiative (LMI)
Location: Halifax, Nova Scotia (Remote with optional onsite work)
Contract Duration: July 20, 2026 – May 31, 2027
Engagement Type: Competitive-Sourced
Openings: 2
Work Arrangement: Remote (with occasional collaboration with CSDS stakeholders)
Project Overview
The Government of Nova Scotia is seeking experienced cybersecurity professionals to support the Land Modernization Initiative (LMI), a major transformation program modernizing the Province’s Land Registry services.
The selected consultants will work closely with the CSDS/LMI Technical Manager, Cyber Security and Risk Management (CSRM) team, and business stakeholders to conduct:
  • Threat Risk Assessments (TRA)
  • Penetration Testing (PT)
  • Security risk analysis
  • Vulnerability assessments
  • Security recommendations and remediation guidance
The initial engagement focuses on the MVS 1.0 release, with potential future work supporting releases 1.1, 1.2, and 1.3

Requirements

Key Responsibilities
Threat Risk Assessment (TRA)
Scope
  • Identify and document security threats, vulnerabilities, and risks across the Nova Scotia Land Registry ecosystem.
  • Assess people, processes, technologies, communications, and information assets.
  • Evaluate likelihood and business impact of identified risks.
  • Recommend mitigation strategies and security controls.
  • Perform assessments using the NIST SP 800-53 Revision 5 High Baseline framework.
  • Review security certifications and reports including:
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
Activities
  • Conduct workshops and stakeholder interviews.
  • Review system architecture, integrations, and data flows.
  • Analyze operational effectiveness of security controls.
  • Assess compliance across applicable NIST control families.
  • Document threat actors, attack vectors, vulnerabilities, and risk treatments.
  • Produce executive and technical reports.
  • Present findings to senior leadership and project stakeholders.

Penetration Testing (PT)
Scope
Conduct penetration testing against:
  • Web Applications
  • APIs
  • Cloud Environments
  • Networks
  • Mobile Applications
  • Endpoints
Testing Methodologies
  • White Box Testing
  • Grey Box Testing
  • Black Box Testing
Activities
  • Execute penetration testing using industry best practices.
  • Identify, validate, and document vulnerabilities.
  • Analyze prior security testing results.
  • Conduct remediation verification and retesting.
  • Produce executive and technical reports.
  • Immediately escalate Critical vulnerabilities using CVSS standards.
  • Participate in ongoing security assessments and risk management activities.

Required Deliverables
Threat Risk Assessment Deliverables
  • Draft TRA Report
  • Final TRA Report
  • Completed TRA Checklist
  • Risk Response Form
  • Executive Presentation
Penetration Testing Deliverables
  • Final Penetration Testing Report
  • Executive Presentation
  • Remediation Validation / Retest Results

Mandatory Qualifications (Required)
Candidates who do not meet the following requirements should not be submitted.
Threat Risk Assessment Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting Threat Risk Assessments (TRAs) on digital systems.
  • At least one proposed resource must have completed two (2) or more TRAs on digital systems within the last three (3) years.
  • Experience conducting TRAs within Canadian public sector environments.
  • Experience working with:
    • NIST SP 800-53
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
  • Experience assessing:
    • Cloud environments (AWS, Azure)
    • Network infrastructure
    • Enterprise applications
    • Technology platforms
  • Ability to work with business, security, and technical teams.
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Penetration Testing Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting penetration testing.
  • At least one proposed resource must have completed two (2) or more penetration tests within the last twelve (12) months.
  • Experience conducting penetration testing in Canadian public sector organizations.
  • Strong experience testing:
    • Web applications
    • APIs
    • Cloud environments
    • Networks
    • Enterprise systems
Mandatory Certifications
Tier 1 Certification (Required)
At least one proposed resource must hold one of the following:
  • OSCP (Offensive Security Certified Professional)
  • CREST CRT (Registered Penetration Tester)
Tier 2 Certification (Required)
At least one proposed resource should hold one of the following:
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Preferred Qualifications
The following are considered strong assets:
Security Certifications
  • CISSP
  • CISM
  • CRISC
  • OSCP
  • CREST CRT
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Government Experience
  • Previous experience performing Threat Risk Assessments for Canadian government organizations.
  • Previous experience conducting Penetration Testing for Canadian government organizations.
  • Direct experience supporting the Government of Nova Scotia.
  • Familiarity with Government of Nova Scotia cybersecurity standards, risk frameworks, and governance processes.

Technical Skills
Candidates should demonstrate expertise in:
  • Threat Risk Assessment Methodologies
  • Penetration Testing Methodologies
  • NIST SP 800-53 Rev. 5
  • ISO/IEC 27001
  • ISO/IEC 42001
  • SOC 2 Type II
  • PCI DSS
  • Cyber Risk Management
  • Vulnerability Assessment
  • Security Architecture Review
  • Risk Analysis and Treatment Planning
  • Security Control Assessment
  • Cloud Security (AWS / Azure)
  • Application Security
  • Network Security
  • Security Reporting and Executive Presentations
  • CVSS Scoring Framework

Evaluation Highlights
Candidates and vendors will be evaluated based on:
  • TRA experience and expertise
  • Penetration testing experience
  • NIST and security framework knowledge
  • Tier 1 and Tier 2 security certifications
  • Public sector cybersecurity experience
  • Government of Nova Scotia experience
  • Client references
  • Pricing competitiveness
This opportunity is ideal for senior cybersecurity consultants with proven expertise in both Threat Risk Assessments and Penetration Testing within government and highly regulated environments. The successful team will play a critical role in securing one of Nova Scotia's most significant digital modernization initiatives.



Requirements
Key Responsibilities Threat Risk Assessment (TRA) Scope Identify and document security threats, vulnerabilities, and risks across the Nova Scotia Land Registry ecosystem. Assess people, processes, technologies, communications, and information assets. Evaluate likelihood and business impact of identified risks. Recommend mitigation strategies and security controls. Perform assessments using the NIST SP 800-53 Revision 5 High Baseline framework. Review security certifications and reports including: ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Activities Conduct workshops and stakeholder interviews. Review system architecture, integrations, and data flows. Analyze operational effectiveness of security controls. Assess compliance across applicable NIST control families. Document threat actors, attack vectors, vulnerabilities, and risk treatments. Produce executive and technical reports. Present findings to senior leadership and project stakeholders. Penetration Testing (PT) Scope Conduct penetration testing against: Web Applications APIs Cloud Environments Networks Mobile Applications Endpoints Testing Methodologies White Box Testing Grey Box Testing Black Box Testing Activities Execute penetration testing using industry best practices. Identify, validate, and document vulnerabilities. Analyze prior security testing results. Conduct remediation verification and retesting. Produce executive and technical reports. Immediately escalate Critical vulnerabilities using CVSS standards. Participate in ongoing security assessments and risk management activities. Required Deliverables Threat Risk Assessment Deliverables Draft TRA Report Final TRA Report Completed TRA Checklist Risk Response Form Executive Presentation Penetration Testing Deliverables Final Penetration Testing Report Executive Presentation Remediation Validation / Retest Results Mandatory Qualifications (Required) Candidates who do not meet the following requirements should not be submitted. Threat Risk Assessment Requirements Mandatory Experience Minimum 3 years of experience conducting Threat Risk Assessments (TRAs) on digital systems. At least one proposed resource must have completed two (2) or more TRAs on digital systems within the last three (3) years. Experience conducting TRAs within Canadian public sector environments. Experience working with: NIST SP 800-53 ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Experience assessing: Cloud environments (AWS, Azure) Network infrastructure Enterprise applications Technology platforms Ability to work with business, security, and technical teams. Mandatory Documentation Criminal Record Check completed within the last six (6) months. Penetration Testing Requirements Mandatory Experience Minimum 3 years of experience conducting penetration testing. At least one proposed resource must have completed two (2) or more penetration tests within the last twelve (12) months. Experience conducting penetration testing in Canadian public sector organizations. Strong experience testing: Web applications APIs Cloud environments Networks Enterprise systems Mandatory Certifications Tier 1 Certification (Required) At least one proposed resource must hold one of the following: OSCP (Offensive Security Certified Professional) CREST CRT (Registered Penetration Tester) Tier 2 Certification (Required) At least one proposed resource should hold one of the following: CEH Master GPEN CompTIA PenTest+ Mandatory Documentation Criminal Record Check completed within the last six (6) months. Preferred Qualifications The following are considered strong assets: Security Certifications CISSP CISM CRISC OSCP CREST CRT CEH Master GPEN CompTIA PenTest+ Government Experience Previous experience performing Threat Risk Assessments for Canadian government organizations. Previous experience conducting Penetration Testing for Canadian government organizations. Direct experience supporting the Government of Nova Scotia. Familiarity with Government of Nova Scotia cybersecurity standards, risk frameworks, and governance processes. Technical Skills Candidates should demonstrate expertise in: Threat Risk Assessment Methodologies Penetration Testing Methodologies NIST SP 800-53 Rev. 5 ISO/IEC 27001 ISO/IEC 42001 SOC 2 Type II PCI DSS Cyber Risk Management Vulnerability Assessment Security Architecture Review Risk Analysis and Treatment Planning Security Control Assessment Cloud Security (AWS / Azure) Application Security Network Security Security Reporting and Executive Presentations CVSS Scoring Framework Evaluation Highlights Candidates and vendors will be evaluated based on: TRA experience and expertise Penetration testing experience NIST and security framework knowledge Tier 1 and Tier 2 security certifications Public sector cybersecurity experience Government of Nova Scotia experience Client references Pricing competitiveness This opportunity is ideal for senior cybersecurity consultants with proven expertise in both Threat Risk Assessments and Penetration Testing within government and highly regulated environments. The successful team will play a critical role in securing one of Nova Scotia's most significant digital modernization initiatives.
Créer une alerte emploi pour cette recherche

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior • Halifax South Central, NS, ca

Offres similaires

Clinical Research Coordinator, RN

Care AccessNS, CA
Temps plein

Care Access is working to make the future of health better for all.With hundreds of research locations, mobile clinics, and clinicians across the globe, we bring world‑class research and health ser... Voir plus

 • Offre sponsorisée

Safety Professional (College) - Richmond, VA

M.C. Dean, Inc.Halifax Regional Municipality, NS, CA
Temps plein

Safety Professional (College) - Richmond, VA.Safety Professional (College) - Richmond, VA.The Safety Professional is responsible for overseeing Construction Project Safety, Health (S&H), and Risk M... Voir plus

 • Offre sponsorisée

Cyber Security Analyst - Halifax

DaviesHalifax, Halifax County, Canada
Temps plein

Cyber Security Analyst - Halifax.Application Deadline: 28 November 2025.Department: Risk and Compliance.Reporting to: Lead Cyber Security Engineer.Managing alerts within the group’s security toolin... Voir plus

 • Offre sponsorisée

Specialist, Information Security

ResMed IncHalifax, Nova Scotia, Canada
Temps plein

The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed.We are focused on application, infrastructure, and user productivity solutions, with innovat... Voir plus

 • Offre sponsorisée

Game Tester - Remote

AlmediaHalifax, Canada
Télétravail
Temps plein

Get paid for testing apps, games and surveys.Almedia runs a dynamic platform where users earn money online by completing tasks, playing games, and filling out surveys.Since our launch 5 years ago, ... Voir plus

 • Offre sponsorisée

Project Manager, Clinical Operations - dartmouth

Stiris Research Inc.dartmouth, ns, ca
Temps plein

Stiris Research is an entrepreneurial Clinical Trial Management Company providing Phase I through IIIB full-service support to Biotechnology and Biopharmaceutical companies.We make a difference by ... Voir plus

 • Offre sponsorisée

Clinical Project Manager - dartmouth

Calian Groupdartmouth, ns, ca
Temps plein

Job Title: Clinical Project Manager.Department: Pharma Patient Support.Length of contract: 1-year contract.The CPM is responsible for the planning, implementation, management, and oversight of all ... Voir plus

 • Offre sponsorisée

Assurance & Advisory Manager — Remote Audit Leadership

Baker Tilly Canada CooperativeNS, CA
Télétravail
Temps plein +1

A leading advisory firm in Dartmouth, NS is seeking an Assurance and Advisory Manager to lead audit engagements and mentor team members.The ideal candidate will have over 4 years of experience in a... Voir plus

 • Offre sponsorisée

Risk Management Expert at IKEA

IKEA GruppeDartmouth, NS, CA
Temps plein

Step into the role of Unit Business Risk and Compliance Co-worker at IKEA, focusing on developing a culture of safety and compliance.Your expertise will be vital in promoting risk management across... Voir plus

 • Offre sponsorisée

Remote Physics Content Developer for AI Training

DataAnnotationNS, CA
Télétravail
Temps plein

An innovative company is seeking a physics expert for a remote Content Developer role.This position involves training AI models by providing complex physics problems and evaluating their logic.Cand... Voir plus

 • Offre sponsorisée

Regional Safety Trainer /H&S Trainer

Battlefield Equipment RentalsDartmouth, NS, CA
Permanent

Position: Regional Health & Safety Trainer.Canada’s leading construction equipment rental company and you can find our equipment powering projects on job sites across Canada! If you want a career w... Voir plus

 • Offre sponsorisée

Construction Security Lead - Site & Compliance

EllisDonNS, CA
Temps plein

A leading construction firm located in Nova Scotia is seeking a Security Manager to oversee site security and manage security personnel.The ideal candidate will have a business administration degre... Voir plus

 • Offre sponsorisée

MBSE Project Requirements Traceability Engineer - NETE

Weir GroupDartmouth, NS, CA
Temps plein +1

MBSE Project Requirements Traceability Engineer - NETEWeir Canada, Inc.Halifax NS, CanadaPermanent Full Time, Hybrid WorkAbout the role: Provide expertise in modelling, requirements management, dat... Voir plus

 • Offre sponsorisée

Senior Incident Response Consultant At Crowdstrike

CrowdStrikeHalifax, Canada
Temps plein

Join CrowdStrike as a Senior Incident Response Consultant and play a critical role in modern cybersecurity.This position allows you to shape responses to sophisticated cyber threats.We are looking ... Voir plus

 • Offre sponsorisée

Flexible Telehealth Mental Health Therapist — AI Tools

SonderMindNS, CA
Temps plein

A leading mental health care platform is seeking compassionate and skilled clinicians to join their expanding network.The role offers flexibility to manage one's own practice and provide therapy us... Voir plus

 • Offre sponsorisée

Clinical Software Validation Specialist

0420 Varian Medical Systems Canada, Inc.NS, CA
Temps plein

A leading oncology solutions company in Nova Scotia seeks a Software Validation Specialist to ensure that software products meet regulatory standards.Responsibilities include developing validation ... Voir plus

 • Offre sponsorisée

Remote Nurse Practitioner — Digital Health Startup

CloudcureNS, CA
Télétravail
Temps plein

A fast-growing digital health startup is seeking a Nurse Practitioner in Nova Scotia to perform clinical assessments and offer patient guidance.You will collaborate with a care team, embracing pati... Voir plus

 • Offre sponsorisée

Management Trainee

EnterpriseDartmouth, NS, CA
Permanent

Start your career with Enterprise Mobility! We’re hiring immediately for our Management Training Program.Whether you see yourself in sales, business development, customer service, retail management... Voir plus

 • Offre sponsorisée

Project Manager, Pre-Clinical Pipeline Development - dartmouth

Kisoji Biotechnology Inc.dartmouth, ns, ca
Temps plein

Project Manager, Pre-Clinical Pipeline Development.VP of Research and Translational Science.Remote, Canada or United States.KisoJi Biotechnology is headquartered in Montreal, Canada.May require tra... Voir plus

 • Offre sponsorisée

Re-Entry Specialist - Tri-County

Volunteers of America Delaware ValleyNS, CA
Temps plein

Safe Return - Cumberland County.Responsible for recruitment, information and referral to resources for ex-offenders.Maintaining contact with clients in the community in an effort to offer support a... Voir plus