RFR-- Penetrating Testing Analyst

Position: RFR-0719 - Penetrating Testing Analyst
Position title:

RFR-0719 - Penetrating Testing Analyst

Client:
Government of Saskatchewan (Information Technology Division (ITD))

Contract Duration: 2 years with possibility of extension

Working Status:
On-Site

Location:

GOS office located in Regina, Saskatchewan

Start Date:

18th March 2026

Mandatory Qualification/Requirement

M1 - Demonstrated experience working as a Penetration Tester.

M2 - Candidate must be able to work 100% onsite at a Government of Saskatchewan office in Regina, Saskatchewan, Canada upon contract start date.

Rated Qualification/Requirement

R1 - Local Knowledge

R2 - Demonstrated experience with cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard.

R3 - Demonstrated experience with cloud security and cloud-based application architecture and different deployment models.

R4 - Demonstrated experience with penetration testing tools.

R5 - Demonstrated experience identifying and exploiting vulnerabilities.

R6 - Demonstrated experience with common attack vectors and techniques, and how to defend against them.

R7 - Demonstrated experience in regulatory compliance standards and ensuring compliance during penetration testing.

R8 - Demonstrated experience in static and dynamic application security testing using automated tools and manual techniques.

R9 - Demonstrated experience with white box testing and black box testing.

R10 - Demonstrated experience with the ISO 27002:2022, or equivalent, code of practice for information security controls.

R11 - Demonstrated experience writing and presenting detailed assessment reports.

R12 - Valid certifications such as Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP) are considered significant assets. Related cybersecurity certifications will be considered.

Position Overview
This Request for Resource (RFR) is an invitation by the Government of Saskatchewan (GOS) to prospective Proponents to provide Submissions for the provision of one (1) or more Penetration Testing Analyst(s), as further described in the RFR Particulars (Appendix

A) (the Deliverables).

The Information Technology Division (ITD) of the Ministry of Sask Builds and Procurement (SBP) is looking for one (1) or more Penetration Testing Analyst(s) to join the Cyber Security and Risk Management Branch (CSRM). The CSRM is responsible for managing all things related to IT security including, though not necessarily limited to:

Provide interpretation and enforcement of the information security policy and standards;

Providing information security, education and awareness;

Responding to information security Incidents;

Performing Threat Risk Assessments (TRAs) for IT-related business initiatives throughout Government;

Providing security assessment and overall security requirements and oversight for IT-related Solution and Services Procurements;

Providing information security advice and guidance for business areas;

Evaluating new threats and vulnerabilities.

THE DELIVERABLES
The ideal candidate will possess a strong foundation in cybersecurity principles, with demonstrated expertise in penetration testing methodologies, vulnerability assessment, and exploit development. The candidate will have hands‑on experience with industry-standard tools coupled with a deep understanding of network protocols, operating systems, and secure coding practices.

Responsibilities

Conduct internal and external (remote from GOS offices) security testing on networks and applications;

Assessing physical security, if applicable;

Conducting security audits, if assigned;

Analyzing security policies and standards;

Performing transfer of knowledge with other members of the CSRM Branch;

Writing security assessment reports.

Seniority level

Mid-Senior level

Employment type

Contract

Job function

Information Technology

Industries Information Services

Apply BELOW