← Back to all jobs
Project Overview The DHHS Privacy & Security Office is launching a large-scale cybersecurity initiative to conduct comprehensive Technical Security Risk Assessments and Penetration Testing across approximately 100 counties . The objective of this initiative is to evaluate and strengthen the security posture of county IT environments and ensure compliance with cybersecurity best practices and regulatory requirements.
This initiative will assess county infrastructure and security controls, including:
- Servers and endpoint systems (desktops/laptops)
- Network architecture and segmentation
- Firewalls and perimeter security controls
- User access provisioning and identity management
- Multi-Factor Authentication (MFA)
- Virtual Private Networks (VPNs)
- System hardening standards and procedures
- Vulnerability management processes
- Patch management practices
Role: Program Director The Lead Consultant will be responsible for planning, executing, and overseeing all technical security assessment and penetration testing activities across the participating counties. This role requires both deep technical expertise and strong leadership and communication skills.
Key Responsibilities Assessment & Testing Execution
- Design and conduct technical security risk assessments for county IT environments.
- Perform penetration testing activities to identify vulnerabilities, misconfigurations, and security gaps.
- Validate security controls across infrastructure, network, identity, and endpoint environments.
Methodology & Standardization
- Develop standardized assessment methodologies, testing frameworks, and reporting templates.
- Ensure consistency, repeatability, and quality across all county assessments.
- Define risk scoring models and remediation prioritization standards.
Program & Team Management
- Manage assessment team assignments, scheduling, and workload distribution.
- Track project milestones, deliverables, and timelines.
- Ensure timely completion of assessments across all counties.
Reporting & Stakeholder Communication
- Prepare executive-level and technical reports outlining findings, risks, and remediation recommendations.
- Translate complex technical security findings into clear, non-technical language for business leaders, CMS, and stakeholders.
- Support presentations, briefings, and audit discussions as required.
Quality & Governance
- Ensure assessments align with cybersecurity best practices, regulatory standards, and organizational security policies.
- Maintain documentation, audit trails, and evidence for compliance and governance purposes.
Required/Desired Skills Skill Required/Desired Amount of Experience Experience in cybersecurity risk assessments and penetration testing. Required 7.0 Years Lead and perform technical security risk assessments on county IT environments (servers, desktops, networks, firewalls, IAM, MFA, VPNs, patching pro Required 5.0 Years Conduct internal/external penetration testing, vulnerability identification, and exploit validation Required 7.0 Years Develop a repeatable assessment methodology, templates, testing procedures, and reporting formats for use across 100 counties. Required 5.0 Years Manage and coordinate assessment team workloads, assignments, schedules, and deliverables. Required 7.0 Years Create and maintain project plans, timelines, and progress reports. Required 7.0 Years Familiarity with NIST, CIS Controls, ISO 27001, and related frameworks. ________________________________________ Required 3.0 Years
Get new pentesting jobs sent to your inbox