FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Senior ATO Engineer
QTC Management, Inc.Senior ATO Engineer optimizing security compliance across health services. Leading ATO lifecycle activities within a dedicated team at Leidos QTC Health Services.
Posted 5/1/2026full-timeRemote • California, Florida, Tennessee, Texas, Washington • 🇺🇸 United StatesSenior💰 $141,000 - $190,000 per yearWebsite
Tech Stack
Tools & technologiesServiceNow
About the role
Key responsibilities & impact- Lead end-to-end ATO lifecycle activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring in accordance with RMF (NIST 800-37)
- Coordinates all internal (e.g. Leidos internal audits) and external audit events (e.g. CMMC, HIPAA, NIST, FISMA, Authorization to Operate (ATO) with clients, etc.), including discovery, sample delivery, management response, and remediation activities for all audits
- Develop, review, and maintain ATO documentation packages such as SSPs, SAPs, SARs, POA&Ms, and security control traceability matrices
- Interpret and apply NIST 800-53 security controls and overlays to system architectures, ensuring proper implementation and inheritance strategies
- Coordinate and support security assessments, control validations, and independent verification activities
- Serve as primary liaison with Authorizing Officials (AOs), security assessors, and audit teams to facilitate ATO approvals and renewals
- Conduct security control gap analyses and drive remediation planning and execution to close compliance findings
- Manage and track Plan of Action & Milestones (POA&M) items, ensuring timely resolution and risk reduction
- Support continuous monitoring programs, including vulnerability scanning, configuration management, and control effectiveness validation
- Review system and application architectures for security compliance and provide actionable recommendations
- Coordinate internal and external audits (FISMA, NIST, HIPAA, CMMC), including evidence collection, responses, and remediation efforts
- Collaborate with engineering, operations, and Leidos security teams to embed compliance into system design and DevSecOps practices
- Develop and maintain control mappings to frameworks such as Unified Control Framework (UCF) and organizational baselines
- Perform other duties and responsibilities as assigned
Requirements
What you’ll need- Bachelor’s degree from an accredited college or university in a technology-related discipline such as Computer Science or Engineering, with 14 years of relevant experience in compliance, information security, or internal audit.
- An equivalent combination of education and relevant experience may be considered.
- Demonstrated experience leading ATO efforts under NIST 800-37, NIST 800-53, HIPAA and/or FISMA frameworks
- Required certification: CISSP
- Experience with security tools such as Nessus, OpenRMF, ServiceNow, NMAP, Rapid7, and Qualys
- Must be able to successfully pass National Agency Check with Inquiries (NACI) background investigation.
Benefits
Comp & perks- Health and Wellness programs
- Income Protection
- Paid Leave
- Retirement
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
ATO lifecycle activitiessystem categorizationcontrol selectionNIST 800-37NIST 800-53security control gap analysisPlan of Action & Milestones (POA&M)vulnerability scanningconfiguration managementDevSecOps practices
Soft Skills
leadershipcoordinationcommunicationcollaborationproblem-solvinganalytical thinkingattention to detailproject managementinterpersonal skillsorganizational skills
Certifications
CISSP