Talent.com
Upstaff
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – SeniorUpstaff • Halifax South Central, NS, ca
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior

Upstaff • Halifax South Central, NS, ca
4 days ago
Job type
  • Full-time
Job description
Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior
Client: Government of Nova Scotia – Cyber Security & Digital Solutions (CSDS)
Project: Land Modernization Initiative (LMI)
Location: Halifax, Nova Scotia (Remote with optional onsite work)
Contract Duration: July 20, 2026 – May 31, 2027
Engagement Type: Competitive-Sourced
Openings: 2
Work Arrangement: Remote (with occasional collaboration with CSDS stakeholders)
Project Overview
The Government of Nova Scotia is seeking experienced cybersecurity professionals to support the Land Modernization Initiative (LMI), a major transformation program modernizing the Province’s Land Registry services.
The selected consultants will work closely with the CSDS/LMI Technical Manager, Cyber Security and Risk Management (CSRM) team, and business stakeholders to conduct:
  • Threat Risk Assessments (TRA)
  • Penetration Testing (PT)
  • Security risk analysis
  • Vulnerability assessments
  • Security recommendations and remediation guidance
The initial engagement focuses on the MVS 1.0 release, with potential future work supporting releases 1.1, 1.2, and 1.3

Requirements

Key Responsibilities
Threat Risk Assessment (TRA)
Scope
  • Identify and document security threats, vulnerabilities, and risks across the Nova Scotia Land Registry ecosystem.
  • Assess people, processes, technologies, communications, and information assets.
  • Evaluate likelihood and business impact of identified risks.
  • Recommend mitigation strategies and security controls.
  • Perform assessments using the NIST SP 800-53 Revision 5 High Baseline framework.
  • Review security certifications and reports including:
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
Activities
  • Conduct workshops and stakeholder interviews.
  • Review system architecture, integrations, and data flows.
  • Analyze operational effectiveness of security controls.
  • Assess compliance across applicable NIST control families.
  • Document threat actors, attack vectors, vulnerabilities, and risk treatments.
  • Produce executive and technical reports.
  • Present findings to senior leadership and project stakeholders.

Penetration Testing (PT)
Scope
Conduct penetration testing against:
  • Web Applications
  • APIs
  • Cloud Environments
  • Networks
  • Mobile Applications
  • Endpoints
Testing Methodologies
  • White Box Testing
  • Grey Box Testing
  • Black Box Testing
Activities
  • Execute penetration testing using industry best practices.
  • Identify, validate, and document vulnerabilities.
  • Analyze prior security testing results.
  • Conduct remediation verification and retesting.
  • Produce executive and technical reports.
  • Immediately escalate Critical vulnerabilities using CVSS standards.
  • Participate in ongoing security assessments and risk management activities.

Required Deliverables
Threat Risk Assessment Deliverables
  • Draft TRA Report
  • Final TRA Report
  • Completed TRA Checklist
  • Risk Response Form
  • Executive Presentation
Penetration Testing Deliverables
  • Final Penetration Testing Report
  • Executive Presentation
  • Remediation Validation / Retest Results

Mandatory Qualifications (Required)
Candidates who do not meet the following requirements should not be submitted.
Threat Risk Assessment Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting Threat Risk Assessments (TRAs) on digital systems.
  • At least one proposed resource must have completed two (2) or more TRAs on digital systems within the last three (3) years.
  • Experience conducting TRAs within Canadian public sector environments.
  • Experience working with:
    • NIST SP 800-53
    • ISO/IEC 27001
    • ISO/IEC 42001
    • SOC 2 Type II
    • PCI DSS
  • Experience assessing:
    • Cloud environments (AWS, Azure)
    • Network infrastructure
    • Enterprise applications
    • Technology platforms
  • Ability to work with business, security, and technical teams.
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Penetration Testing Requirements
Mandatory Experience
  • Minimum 3 years of experience conducting penetration testing.
  • At least one proposed resource must have completed two (2) or more penetration tests within the last twelve (12) months.
  • Experience conducting penetration testing in Canadian public sector organizations.
  • Strong experience testing:
    • Web applications
    • APIs
    • Cloud environments
    • Networks
    • Enterprise systems
Mandatory Certifications
Tier 1 Certification (Required)
At least one proposed resource must hold one of the following:
  • OSCP (Offensive Security Certified Professional)
  • CREST CRT (Registered Penetration Tester)
Tier 2 Certification (Required)
At least one proposed resource should hold one of the following:
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Mandatory Documentation
  • Criminal Record Check completed within the last six (6) months.

Preferred Qualifications
The following are considered strong assets:
Security Certifications
  • CISSP
  • CISM
  • CRISC
  • OSCP
  • CREST CRT
  • CEH Master
  • GPEN
  • CompTIA PenTest+
Government Experience
  • Previous experience performing Threat Risk Assessments for Canadian government organizations.
  • Previous experience conducting Penetration Testing for Canadian government organizations.
  • Direct experience supporting the Government of Nova Scotia.
  • Familiarity with Government of Nova Scotia cybersecurity standards, risk frameworks, and governance processes.

Technical Skills
Candidates should demonstrate expertise in:
  • Threat Risk Assessment Methodologies
  • Penetration Testing Methodologies
  • NIST SP 800-53 Rev. 5
  • ISO/IEC 27001
  • ISO/IEC 42001
  • SOC 2 Type II
  • PCI DSS
  • Cyber Risk Management
  • Vulnerability Assessment
  • Security Architecture Review
  • Risk Analysis and Treatment Planning
  • Security Control Assessment
  • Cloud Security (AWS / Azure)
  • Application Security
  • Network Security
  • Security Reporting and Executive Presentations
  • CVSS Scoring Framework

Evaluation Highlights
Candidates and vendors will be evaluated based on:
  • TRA experience and expertise
  • Penetration testing experience
  • NIST and security framework knowledge
  • Tier 1 and Tier 2 security certifications
  • Public sector cybersecurity experience
  • Government of Nova Scotia experience
  • Client references
  • Pricing competitiveness
This opportunity is ideal for senior cybersecurity consultants with proven expertise in both Threat Risk Assessments and Penetration Testing within government and highly regulated environments. The successful team will play a critical role in securing one of Nova Scotia's most significant digital modernization initiatives.


Create a job alert for this search

Threat Risk Assessment (TRA) Specialist / Penetration Testing (PT) Specialist – Senior • Halifax South Central, NS, ca

Similar jobs

Verification & Validation Specialist

The Weir Group PLCDartmouth, NS, CA
Full-time +1

Verification & Validation Specialist - NETE.Permanent Full-time, Onsite work.Provide Test and Evaluation (T&E) and Independent Verification and Validation (IV&V) expertise in support of the River C... Show more

 • Promoted

Strategy Consultant - Health

AccentureHalifax, Canada
Full-time

We Are:Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, technology and operations, with digital capabilities across all o... Show more

 • Promoted

Clinical Research Coordinator, RN

Care AccessNS, CA
Full-time

Care Access is working to make the future of health better for all.With hundreds of research locations, mobile clinics, and clinicians across the globe, we bring world‑class research and health ser... Show more

 • Promoted

EHS Auditor

WSPDartmouth, NS, CA
Full-time

What if you could redefine what’s possible? With us, you can.We are the home of ambitious, passionate, and innovative world shapers.With an unmatched breadth and depth of engineering, advisory and ... Show more

 • Promoted

Safety Professional (College) - Richmond, VA

M.C. Dean, Inc.Halifax Regional Municipality, NS, CA
Full-time

Safety Professional (College) - Richmond, VA.Safety Professional (College) - Richmond, VA.The Safety Professional is responsible for overseeing Construction Project Safety, Health (S&H), and Risk M... Show more

 • Promoted

Senior Risk Manager - Up To £87,000 A Year

Covéa InsuranceHalifax, Canada
Full-time

The Senior Risk Manager will oversee financial and non-financial risks, focusing on technology, AI, data ethics, cybersecurity, and cloud platforms, ensuring alignment with regulatory standards and... Show more

 • Promoted

Game Tester - Remote

AlmediaHalifax, Canada
Remote
Full-time

Get paid for testing apps, games and surveys.Almedia runs a dynamic platform where users earn money online by completing tasks, playing games, and filling out surveys.Since our launch 5 years ago, ... Show more

 • Promoted

Construction Safety Leader - Audits, Training & Compliance

Borcherdt Concrete Products LimitedBedford, NS, CA
Full-time

A construction industry leader in Bedford, NS, is looking for a Safety Manager to enhance workplace safety by implementing effective communication and guidance.The role involves conducting orientat... Show more

 • Promoted

Team Lead - Assessment and Permitting

StantecDartmouth, Nova Scotia, Canada
Full-time

Team Leaders at Stantec are purpose‑driven leaders and future builders of our business.As a front‑line people leader, you’ll play a critical role in shaping the next generation of talent — creating... Show more

 • Promoted

Assurance & Advisory Manager — Remote Audit Leadership

Baker Tilly Canada CooperativeNS, CA
Remote
Full-time +1

A leading advisory firm in Dartmouth, NS is seeking an Assurance and Advisory Manager to lead audit engagements and mentor team members.The ideal candidate will have over 4 years of experience in a... Show more

 • Promoted

Risk Management Expert at IKEA

IKEA GruppeDartmouth, NS, CA
Full-time

Step into the role of Unit Business Risk and Compliance Co-worker at IKEA, focusing on developing a culture of safety and compliance.Your expertise will be vital in promoting risk management across... Show more

 • Promoted

Regional Safety Trainer /H&S Trainer

Battlefield Equipment RentalsDartmouth, NS, CA
Permanent

Position: Regional Health & Safety Trainer.Canada’s leading construction equipment rental company and you can find our equipment powering projects on job sites across Canada! If you want a career w... Show more

 • Promoted

Public Safety & Fire Prevention Technician (Dartmouth)

Kativik Regional GovernmentDartmouth, NS, CA
Permanent

The Kativik Regional Government (KRG) is a supra-municipal organization with jurisdiction over the Quebec territory located north of the 55th parallel.The role of the KRG Civil Security Department ... Show more

 • Promoted

Senior Incident Response Consultant At Crowdstrike

CrowdStrikeHalifax, Canada
Full-time

Join CrowdStrike as a Senior Incident Response Consultant and play a critical role in modern cybersecurity.This position allows you to shape responses to sophisticated cyber threats.We are looking ... Show more

 • Promoted

Construction Security Lead - Site & Compliance

EllisDonNS, CA
Full-time

A leading construction firm located in Nova Scotia is seeking a Security Manager to oversee site security and manage security personnel.The ideal candidate will have a business administration degre... Show more

 • Promoted

MBSE Project Requirements Traceability Engineer - NETE

Weir GroupDartmouth, NS, CA
Full-time +1

MBSE Project Requirements Traceability Engineer - NETEWeir Canada, Inc.Halifax NS, CanadaPermanent Full Time, Hybrid WorkAbout the role: Provide expertise in modelling, requirements management, dat... Show more

 • Promoted

Senior GRC Advisor - Data & AI Governance

BMONS, CA
Full-time

This role directly reports to and supports the Associate Director of T&O Risk (1B) - Business Risk Advisory and Controls - Testing & Advisory.The candidate will provide independent advisory, oversi... Show more

 • Promoted

Management Trainee

EnterpriseDartmouth, NS, CA
Full-time

Start your career with Enterprise Mobility! We’re hiring immediately for our respected Management Training Program.Whether you see yourself in sales, business development, customer service, retail ... Show more

 • Promoted

Member of Technical Staff - Systems Security

MDAHalifax, Halifax County, Canada
Full-time

Become a Member of Technical Staff focusing on Systems Security at MDA Space in Halifax or Richmond.Support critical geospatial projects with robust security measures.As part of the Geointelligence... Show more

 • Promoted

Re-Entry Specialist - Tri-County

Volunteers of America Delaware ValleyNS, CA
Full-time

Safe Return - Cumberland County.Responsible for recruitment, information and referral to resources for ex-offenders.Maintaining contact with clients in the community in an effort to offer support a... Show more