Remediation and Mitigation Lead, Top Secret

Public Trust: None

Requisition Type: Regular

Your Impact

Own your opportunity to serve as a critical component of our nation’s safety and security. Make an impact by using your expertise to protect our country from threats.

Job Description

The Remediation and Mitigation (R&M) Lead oversees teams that plan, manage, and execute remediation actions across affected organizations, delivering actionable, technically grounded guidance that accelerates incident recovery and strengthens long‑term resilience for federal, state, local, tribal, territorial (SLTT), and critical infrastructure stakeholders. The role directs the full remediation lifecycle from incident‑specific plan development through completion ensuring cohesive communication, accurate reporting, and mission‑aligned knowledge capture that enhances national cybersecurity resilience.

In collaboration with internal and external stakeholders, the R&M Lead ensures high‑quality tools, guides, and countermeasures are produced from real‑world engagements and lessons learned, advancing consistent, risk‑reducing remediation across the ecosystem.

Key Responsibilities

Remediation Coordination Leadership

• Oversee teams that serve as the central coordination function for planning, managing, and executing incident remediation across networks, endpoints, and security controls.
• Ensure teams provide timely, accurate reporting of incident response actions to leadership and stakeholders.
• Oversee teams that deliver complete operational metrics, statistics, and analytic insights.
• Ensure responsible, secure, mission‑aligned information sharing and high‑quality content contributions to engagement reports, defensive measures, and threat‑informed prevention materials.
• Lead knowledge capture from real‑world incidents, enforcing R&M and Threat Hunt (TH) guidance and feeding insights into processes and knowledgebases to enhance national remediation capability.
• Oversee teams preparing regular and ad‑hoc briefings to mission teams, leadership, and stakeholders to maintain situational awareness and coordinated operational response.

Countermeasures Analysis Oversight

• Direct teams that evaluate threat actor activity and stakeholder environments to recommend optimal containment and eradication actions, reducing risk of re‑compromise and regaining control of compromised assets.
• Ensure actionable technical guidance is provided across networks, endpoints, and security controls.
• Oversee creation of high‑quality reports documenting findings, mitigation strategies, and technical insights.
• Maintain adherence to established R&M and TH knowledge‑management procedures.

Countermeasures Research & Tool Sustainment

• Oversee researchers who test, validate, and document countermeasures to keep CISA’s mitigation guidance ahead of adversary actions, adding insights from past engagements into catalogs and documentation.
• Ensure the countermeasures database remains accurate, relevant, and complete by integrating cyber threat intelligence (CTI) and all‑source reporting on adversary techniques, tactics and procedures (TTPs) and updating content to reflect current threat landscapes.
• Enforce secure, mission‑aligned information sharing and contribute expert input to defensive measures, threat‑informed prevention content, and other publications.

Deception Operations (DecOps) Support

• Oversee DecOps teams operationalizing the MITRE Engage ™ framework to conduct deception activities as needed during cyber incidents, providing overwatch during containment and eradication.
• Ensure accurate operational metrics and statistical reporting that strengthen performance oversight, situational awareness, and leadership decision‑making.
• Maintain secure, accurate information sharing with stakeholders to support coordinated response and remediation.

Operational Governance, Reporting & Knowledge Management

• Oversee responsible information sharing practices and contribute high‑quality, mission‑aligned content to reports, tools, and prevention materials.
• Ensure teams consistently capture lessons learned and maintain organizational knowledge quality in accordance with R&M and TH guidance,
• Coordinate additional mission‑aligned duties assigned by leadership to maintain continuity, effectiveness, and agility of operational and analytical functions.

Required Qualifications

• Experience leading remediation and incident response activities for large‑scale federal or critical‑infrastructure cybersecurity programs.
• Demonstrated ability to oversee cross‑functional teams that deliver containment, eradication, and recovery actions across complex enterprise environments.
• Strong knowledge of adversary TTPs, defensive controls, and remediation planning; familiarity with knowledge‑management practices and operational reporting.
• Excellent communication skills with experience briefing leadership and stakeholder organizations.
• Ability to establish performance metrics and drive outcome‑focused improvements across mission workflows.
• Ability to integrate AI/ML into remediation workflows to accelerate detection, containment, and recovery while improving consistency and mission effectiveness.
• Demonstrated experience adding AI‑driven threat intelligence tools—such as automated correlation engines, predictive analytics, or machine‑learning‑enabled TTP modeling—to support incident prioritization and threat‑informed remediation planning.
• Proven success leveraging AI‑supported automation frameworks, including SOAR platforms and machine‑assisted playbooks, to streamline remediation actions and reduce operator workload across complex environments.
• 10 years of overall cybersecurity experience with 5 years of management of cybersecurity teams

Preferred Qualifications

• Experience supporting CISA, DHS, or national‑level cyber missions.
• Familiarity with countermeasure development, deception frameworks (e.g., MITRE Engage), and remediation tooling (e.g., playbooks, mitigation catalogs).
• Relevant certifications (e.g., CISSP, GCIH, GICSP, GRID, GCFA) and experience integrating CTI into remediation guidance.
• Experience sustaining mission applications and content repositories used for remediation and prevention.
• AI/ML integration in national cyber missions, including applying machine‑learning models to enhance remediation planning, situational awareness, and mission execution at scale.
• Experience deploying AI‑driven threat intelligence tools that automate indicator enrichment, adversary behavior prediction, and threat‑informed remediation recommendations.
• Demonstrated ability to operationalize AI‑supported automation frameworks—such as SOAR platforms, AI‑assisted playbooks, and machine‑learning‑based workflow engines—

GDIT IS YOUR PLACE

• 401K : With company match.
• Health & Wellness : Comprehensive health and wellness packages.
• Career Growth : Internal mobility team dedicated to helping you own your career.
• Professional Development : Growth opportunities including paid education and certifications.
• Innovative Tech : Access to cutting-edge technology to stay ahead of the mission.
• Work-Life Balance : Rest and recharge with paid vacation and holidays.

Work Requirements

Years of Experience

10 + years of related experience

* may vary based on technical training, certification(s), or degree

Certification

Travel Required

Less than 10%

Citizenship

U.S. Citizenship Required