Do you crave a career that truly makes an impact in people’s lives? Do you thrive on problem-solving and finding solutions? Join a dedicated, tight-knit team that creates an immediate and meaningful impact every day.
Leidos QTC Health Services is seeking a Senior ATO Engineer. This role evaluates the design and effectiveness of IT controls based upon industry’s best-practice models (e.g. COBIT, ITIL, FISMA, NIST, 0MB, etc.) in accordance with compliance requirements, and provides a systematic, disciplined approach to the analysis of operational business and governance processes to conform to standards and regulations.
Primary Responsibilities:
- Lead end-to-end ATO lifecycle activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring in accordance with RMF (NIST 800-37)
- Coordinates all internal (e.g. Leidos internal audits) and external audit events (e.g. CMMC, HIPAA, NIST, FISMA, Authorization to Operate (ATO) with clients, etc.), including discovery, sample delivery, management response, and remediation activities for all audits
- Develop, review, and maintain ATO documentation packages such as SSPs, SAPs, SARs, POA&Ms, and security control traceability matrices
- Interpret and apply NIST 800-53 security controls and overlays to system architectures, ensuring proper implementation and inheritance strategies
- Coordinate and support security assessments, control validations, and independent verification activities
- Serve as primary liaison with Authorizing Officials (AOs), security assessors, and audit teams to facilitate ATO approvals and renewals
- Conduct security control gap analyses and drive remediation planning and execution to close compliance findings
- Manage and track Plan of Action & Milestones (POA&M) items, ensuring timely resolution and risk reduction
- Support continuous monitoring programs, including vulnerability scanning, configuration management, and control effectiveness validation
- Review system and application architectures for security compliance and provide actionable recommendations
- Coordinate internal and external audits (FISMA, NIST, HIPAA, CMMC), including evidence collection, responses, and remediation efforts
- Collaborate with engineering, operations, and Leidos security teams to embed compliance into system design and DevSecOps practices
- Develop and maintain control mappings to frameworks such as Unified Control Framework (UCF) and organizational baselines
- Perform other duties and responsibilities as assigned
Required Qualifications:
- Bachelor’s degree from an accredited college or university in a technology-related discipline such as Computer Science or Engineering, with 14 years of relevant experience in compliance, information security, or internal audit. An equivalent combination of education and relevant experience may be considered.
- Demonstrated experience leading ATO efforts under NIST 800-37, NIST 800-53, HIPAA and/or FISMA frameworks
- Required certification: CISSP
- Experience with security tools such as Nessus, OpenRMF, ServiceNow, NMAP, Rapid7, and Qualys
- Must be able to successfully pass National Agency Check with Inquiries (NACI) background investigation
Preferred Qualifications:
- Preferred certifications: CRISC, or CGEIT
- Deep understanding of RMF processes and ATO authorization requirements
- Ability to translate regulatory requirements into technical and operational controls
- Strong experience managing ATO packages in federal or regulated environments
- Proficiency in identifying control gaps and driving risk-based remediation strategies
- Advanced documentation, reporting, and evidence management capabilities
- Strong stakeholder engagement and collaboration skills, including interaction with auditors and executive leadership
- Ability to manage multiple systems or projects in parallel with minimal supervision
- Familiarity with vulnerability management and security assessment tools
- Must be a hands-on individual who is reliable, self-motivated, and has a can-do attitude
- Ability to multi-task and work effectively/efficiently with little direct supervision
- Some travel will be required
About Leidos QTC Health Services
Leidos QTC Health Services collaborates closely with government and non-government customers to address current and future program needs within the health services domain. We specialize in disability-focused medical examinations, independent medical exams and review services, occupational health services, diagnostic testing, and case management solutions. As innovators, we focus on advancing technologies that improve service delivery, with a particular emphasis on enhancing accessibility for examinees in rural communities. With a proven track record of continuous improvement and steady growth, we now handle over 2 million appointments annually. Visit www.qtcm.com for more information.
Compensation and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. As a result, we offer meaningful and engaging careers to support you and your career goals, all while nurturing a healthy work-life balance. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
This role may fall under the Service Contract Act (SCA), a federal law which provides for a U.S. Department of Labor-prescribed minimum prevailing rate of pay and certain benefit levels. Where appropriate, Company-provided benefit plans such as comprehensive leave, holiday, medical, dental, life, accident, disability coverages, retirement plan contributions, and other health and welfare benefits and payments are utilized to meet these obligations.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos QTC Health Services will also consider for employment qualified applicants with criminal histories consistent with relevant laws.