Senior SA&A / ATO Specialist – Private Cloud (Kubernetes Environment)

Location: Ottawa, ON (Hybrid/On-site as required)
Client: Federal Government
Clearance: Secret (minimum)

Overview
Our client is seeking an experienced Security Assessment & Authorization (SA&A) / Authorization to Operate (ATO) Specialist to support a private cloud environment. This role is focused on developing high-quality security documentation and navigating the ATO process within a complex, modern infrastructure that includes Kubernetes-based platforms.

This is not a hands-on engineering or deployment role. Instead, the successful candidate will bring a strong understanding of cloud-native technologies and security frameworks, with the ability to translate technical architectures into clear, compliant, and defensible ATO documentation.

Key Responsibilities

• Lead the development and maintenance of SA&A and ATO documentation for private cloud environments
• Interpret and document security controls for cloud-native architectures, including Kubernetes
• Work closely with technical teams to understand system design, data flows, and security posture
• Translate technical implementations into clear, structured documentation aligned with Government of Canada security standards
• Support risk assessments, threat and risk analyses (TRA), and mitigation strategies
• Contribute to the overall ATO lifecycle, including preparation, review, and audit readiness
• Provide guidance on security documentation best practices and compliance requirements

Requirements

Required Experience

• Demonstrated experience producing SA&A and ATO documentation within a Government of Canada department or Crown corporation
• Strong understanding of GC security frameworks, policies, and accreditation processes
• Experience supporting cloud or private cloud environments
• Working knowledge of Kubernetes and containerized architectures (must be able to understand and document, not necessarily build or deploy)
• Experience with Threat and Risk Assessments (TRA) and security control documentation
• Ability to engage with both technical and non-technical stakeholders

Nice to Have

• Experience with modern cloud platforms (e.g., Azure, GCP etc.) in a secure or regulated environment
• Familiarity with DevSecOps concepts and container security practices
• Previous experience supporting large-scale digital transformation or modernization initiatives

What Success Looks Like
You are someone who can step into a technically complex environment, quickly understand how the system works, and produce clear, compliant, and audit-ready ATO documentation. You don’t need to build Kubernetes clusters—but you understand them well enough to accurately document their architecture, risks, and controls.