Job Description
Location: Ottawa, ON (Hybrid/On-site as required)
Client: Federal Government
Clearance: Secret (minimum)
Overview
Our client is seeking an experienced Security Assessment & Authorization (SA&A) / Authorization to Operate (ATO) Specialist to support a private cloud environment. This role is focused on developing high-quality security documentation and navigating the ATO process within a complex, modern infrastructure that includes Kubernetes-based platforms.
This is not a hands-on engineering or deployment role. Instead, the successful candidate will bring a strong understanding of cloud-native technologies and security frameworks, with the ability to translate technical architectures into clear, compliant, and defensible ATO documentation.
Key Responsibilities
- Lead the development and maintenance of SA&A and ATO documentation for private cloud environments
- Interpret and document security controls for cloud-native architectures, including Kubernetes
- Work closely with technical teams to understand system design, data flows, and security posture
- Translate technical implementations into clear, structured documentation aligned with Government of Canada security standards
- Support risk assessments, threat and risk analyses (TRA), and mitigation strategies
- Contribute to the overall ATO lifecycle, including preparation, review, and audit readiness
- Provide guidance on security documentation best practices and compliance requirements
Required Experience
- Demonstrated experience producing SA&A and ATO documentation within a Government of Canada department or Crown corporation
- Strong understanding of GC security frameworks, policies, and accreditation processes
- Experience supporting cloud or private cloud environments
- Working knowledge of Kubernetes and containerized architectures (must be able to understand and document, not necessarily build or deploy)
- Experience with Threat and Risk Assessments (TRA) and security control documentation
- Ability to engage with both technical and non-technical stakeholders
Nice to Have
- Experience with modern cloud platforms (e.g., Azure, GCP etc.) in a secure or regulated environment
- Familiarity with DevSecOps concepts and container security practices
- Previous experience supporting large-scale digital transformation or modernization initiatives
What Success Looks Like
You are someone who can step into a technically complex environment, quickly understand how the system works, and produce clear, compliant, and audit-ready ATO documentation. You don’t need to build Kubernetes clusters—but you understand them well enough to accurately document their architecture, risks, and controls.
