Threat, Risk Assessment and Pentest Advisor

Role: Threat, Risk Assessment and Pentest Advisor

Start date: June 12, 2024

End date: March 31, 2025

Duration: 1,567.50 billable hours

Location of Work (Address or City, Province): Halifax, NS

Remote Work be considered? Yes

One of our clients is looking for a Threat, Risk Assessment and Pentest Advisor to work on a major initiative.

• Ensure alignment with corporate Cybersecurity best practices and guidelines.
• Plan, coordinate, organize and facilitate workshops to identify and assess threats, vulnerabilities, and controls against service assets.
• Participate in workshops to elicit, document, and prioritize related tasks and projects.
• Review and analyze results from other available and relevant Threat and Risk Assessments (TRAs) or security scans, conducted as part of the TRA deliverable.
• The TRA vendor determines if the specific control found within the ‘GNS TRA NIST Checklist’, relative to the specific control baseline, is satisfactory. If not satisfactory, it is documented as a risk within the TRA template.
• Immediately notify application owner(s) of any identified critical cybersecurity risk against any digital service as soon as identified during the TRA.

• Must have up-to-date familiarity and experience with NIST Recommended Security Controls for Federal Information Systems and Organizations (800-53 - version 5) in conducting or participating in assessing digital services.
• Must have three or more (3+) years of experience managing large initiatives, facilitating groups, gaining consensus, and engaging stakeholders in security assessments.
• Experience conducting TRAs for large-scale organizations with at least 3000 employees.
• Minimum of 8 years of IT-related experience within one or more of the following fields:

• Cybersecurity and Risk Management assessment methodologies
• IT Infrastructure/Networks
• Identity, Credential and Access Management
• Application Design/Development/Testing
• Enterprise Architecture
• Privacy
• Telecommunications
• SaaS, IaaS, and PaaS Digital Service Delivery Models

• Experience with ISO/IEC 27001:2013 ISMS framework
• Experience performing intrusion and penetration testing
• Strong writing skills to produce accurate and comprehensive documentation
• The Penetration Tester will use industry best-practice methodologies and tools to identify, analyze, evaluate, and document Penetration Testing risks.
• Review and analyze results from other relevant Penetration Tests or security scans.
• Identify the specific PNS function responsible for remediation.