# Senior SA&A / ATO Specialist - Private Cloud (Kubernetes Environment) > 49 Solutions · Ottawa, Canada · Contract · Posted 2026-04-29 **Salary:** CAD 154,000–200,000 **Workplace:** on_site ## Description **Location:** Ottawa, ON (Hybrid/On-site as required) **Client:** Federal Government **Clearance:** Secret (minimum) **Overview** Our client is seeking an experienced Security Assessment & Authorization (SA&A) / Authorization to Operate (ATO) Specialist to support a private cloud environment. This role is focused on developing high-quality security documentation and navigating the ATO process within a complex, modern infrastructure that includes Kubernetes-based platforms. This is not a hands-on engineering or deployment role. Instead, the successful candidate will bring a strong understanding of cloud-native technologies and security frameworks, with the ability to translate technical architectures into clear, compliant, and defensible ATO documentation. **Key Responsibilities** - Lead the development and maintenance of SA&A and ATO documentation for private cloud environments - Interpret and document security controls for cloud-native architectures, including Kubernetes - Work closely with technical teams to understand system design, data flows, and security posture - Translate technical implementations into clear, structured documentation aligned with Government of Canada security standards - Support risk assessments, threat and risk analyses (TRA), and mitigation strategies - Contribute to the overall ATO lifecycle, including preparation, review, and audit readiness - Provide guidance on security documentation best practices and compliance requirements ## Requirements **Required Experience** - Demonstrated experience producing SA&A and ATO documentation within a Government of Canada department or Crown corporation - Strong understanding of GC security frameworks, policies, and accreditation processes - Experience supporting cloud or private cloud environments - Working knowledge of Kubernetes and containerized architectures (must be able to understand and document, not necessarily build or deploy) - Experience with Threat and Risk Assessments (TRA) and security control documentation - Ability to engage with both technical and non-technical stakeholders **Nice to Have** - Experience with modern cloud platforms (e.g., Azure, GCP etc.) in a secure or regulated environment - Familiarity with DevSecOps concepts and container security practices - Previous experience supporting large-scale digital transformation or modernization initiatives **What Success Looks Like** You are someone who can step into a technically complex environment, quickly understand how the system works, and produce clear, compliant, and audit-ready ATO documentation. You don’t need to build Kubernetes clusters—but you understand them well enough to accurately document their architecture, risks, and controls. ## Apply [Apply at 49 Solutions](https://apply.workable.com/49-solutions-1/j/DF3AC2990C/apply) --- Powered by [Workable](https://www.workable.com)