Senior ATO Engineer

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in a technology-related discipline such as Computer Science or Engineering, with 14 years of relevant experience in compliance, information security, or internal audit. An equivalent combination of education and relevant experience may be considered.
• Demonstrated experience leading ATO efforts under NIST 800-37, NIST 800-53, HIPAA and/or FISMA frameworks
• Required certification: CISSP
• Experience with security tools such as Nessus, OpenRMF, ServiceNow, NMAP, Rapid7, and Qualys
• Must be able to successfully pass National Agency Check with Inquiries (NACI) background investigation

Nice To Haves

• Preferred certifications: CRISC, or CGEIT
• Deep understanding of RMF processes and ATO authorization requirements
• Ability to translate regulatory requirements into technical and operational controls
• Strong experience managing ATO packages in federal or regulated environments
• Proficiency in identifying control gaps and driving risk-based remediation strategies
• Advanced documentation, reporting, and evidence management capabilities
• Strong stakeholder engagement and collaboration skills, including interaction with auditors and executive leadership
• Ability to manage multiple systems or projects in parallel with minimal supervision
• Familiarity with vulnerability management and security assessment tools
• Must be a hands-on individual who is reliable, self-motivated, and has a can-do attitude
• Ability to multi-task and work effectively/efficiently with little direct supervision
• Some travel will be required

Responsibilities

• Lead end-to-end ATO lifecycle activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring in accordance with RMF (NIST 800-37)
• Coordinates all internal (e.g. Leidos internal audits) and external audit events (e.g. CMMC, HIPAA, NIST, FISMA, Authorization to Operate (ATO) with clients, etc.), including discovery, sample delivery, management response, and remediation activities for all audits
• Develop, review, and maintain ATO documentation packages such as SSPs, SAPs, SARs, POA&Ms, and security control traceability matrices
• Interpret and apply NIST 800-53 security controls and overlays to system architectures, ensuring proper implementation and inheritance strategies
• Coordinate and support security assessments, control validations, and independent verification activities
• Serve as primary liaison with Authorizing Officials (AOs), security assessors, and audit teams to facilitate ATO approvals and renewals
• Conduct security control gap analyses and drive remediation planning and execution to close compliance findings
• Manage and track Plan of Action & Milestones (POA&M) items, ensuring timely resolution and risk reduction
• Support continuous monitoring programs, including vulnerability scanning, configuration management, and control effectiveness validation
• Review system and application architectures for security compliance and provide actionable recommendations
• Coordinate internal and external audits (FISMA, NIST, HIPAA, CMMC), including evidence collection, responses, and remediation efforts
• Collaborate with engineering, operations, and Leidos security teams to embed compliance into system design and DevSecOps practices
• Develop and maintain control mappings to frameworks such as Unified Control Framework (UCF) and organizational baselines
• Perform other duties and responsibilities as assigned

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement
• comprehensive leave
• holiday
• medical
• dental
• life
• accident
• disability coverages
• retirement plan contributions
• other health and welfare benefits and payments