Remediation and Mitigation Lead, Top Secret

The Remediation and Mitigation (R&M) Lead oversees teams that plan, manage, and execute remediation actions across affected organizations, delivering actionable, technically grounded guidance that accelerates incident recovery and strengthens long-term resilience for federal, state, local, tribal, territorial (SLTT), and critical infrastructure stakeholders. The role directs the full remediation lifecycle from incident-specific plan development through completion ensuring cohesive communication, accurate reporting, and mission-aligned knowledge capture that enhances national cybersecurity resilience.

In collaboration with internal and external stakeholders, the R&M Lead ensures high-quality tools, guides, and countermeasures are produced from real-world engagements and lessons learned, advancing consistent, risk-reducing remediation across the ecosystem.

Key Responsibilities

Remediation Coordination Leadership

• Oversee teams that serve as the central coordination function for planning, managing, and executing incident remediation across networks, endpoints, and security controls.
• Ensure teams provide timely, accurate reporting of incident response actions to leadership and stakeholders.
• Oversee teams that deliver complete operational metrics, statistics, and analytic insights.
• Ensure responsible, secure, mission-aligned information sharing and high-quality content contributions to engagement reports, defensive measures, and threat-informed prevention materials.
• Lead knowledge capture from real-world incidents, enforcing R&M and Threat Hunt (TH) guidance and feeding insights into processes and knowledgebases to enhance national remediation capability.
• Oversee teams preparing regular and ad-hoc briefings to mission teams, leadership, and stakeholders to maintain situational awareness and coordinated operational response.

Countermeasures Analysis Oversight

• Direct teams that evaluate threat actor activity and stakeholder environments to recommend optimal containment and eradication actions, reducing risk of re-compromise and regaining control of compromised assets.
• Ensure actionable technical guidance is provided across networks, endpoints, and security controls.
• Oversee creation of high-quality reports documenting findings, mitigation strategies, and technical insights.
• Maintain adherence to established R&M and TH knowledge-management procedures.

Countermeasures Research & Tool Sustainment

• Oversee researchers who test, validate, and document countermeasures to keep CISA's mitigation guidance ahead of adversary actions, adding insights from past engagements into catalogs and documentation.
• Ensure the countermeasures database remains accurate, relevant, and complete by integrating cyber threat intelligence (CTI) and all-source reporting on adversary techniques, tactics and procedures (TTPs) and updating content to reflect current threat landscapes.
• Enforce secure, mission-aligned information sharing and contribute expert input to defensive measures, threat-informed prevention content, and other publications.

Deception Operations (DecOps) Support

• Oversee DecOps teams operationalizing the MITRE Engage ™ framework to conduct deception activities as needed during cyber incidents, providing overwatch during containment and eradication.
• Ensure accurate operational metrics and statistical reporting that strengthen performance oversight, situational awareness, and leadership decision-making.
• Maintain secure, accurate information sharing with stakeholders to support coordinated response and remediation.

Operational Governance, Reporting & Knowledge Management

• Oversee responsible information sharing practices and contribute high-quality, mission-aligned content to reports, tools, and prevention materials.
• Ensure teams consistently capture lessons learned and maintain organizational knowledge quality in accordance with R&M and TH guidance,
• Coordinate additional mission-aligned duties assigned by leadership to maintain continuity, effectiveness, and agility of operational and analytical functions.

Required Qualifications

• Experience leading remediation and incident response activities for large-scale federal or critical-infrastructure cybersecurity programs.
• Demonstrated ability to oversee cross-functional teams that deliver containment, eradication, and recovery actions across complex enterprise environments.
• Strong knowledge of adversary TTPs, defensive controls, and remediation planning; familiarity with knowledge-management practices and operational reporting.
• Excellent communication skills with experience briefing leadership and stakeholder organizations.
• Ability to establish performance metrics and drive outcome-focused improvements across mission workflows.
• Ability to integrate AI/ML into remediation workflows to accelerate detection, containment, and recovery while improving consistency and mission effectiveness.
• Demonstrated experience adding AI-driven threat intelligence tools-such as automated correlation engines, predictive analytics, or machine-learning-enabled TTP modeling-to support incident prioritization and threat-informed remediation planning.
• Proven success leveraging AI-supported automation frameworks, including SOAR platforms and machine-assisted playbooks, to streamline remediation actions and reduce operator workload across complex environments.
• 10 years of overall cybersecurity experience with 5 years of management of cybersecurity teams

Preferred Qualifications

• Experience supporting CISA, DHS, or national-level cyber missions.
• Familiarity with countermeasure development, deception frameworks (e.g., MITRE Engage), and remediation tooling (e.g., playbooks, mitigation catalogs).
• Relevant certifications (e.g., CISSP, GCIH, GICSP, GRID, GCFA) and experience integrating CTI into remediation guidance.
• Experience sustaining mission applications and content repositories used for remediation and prevention.
• AI/ML integration in national cyber missions, including applying machine-learning models to enhance remediation planning, situational awareness, and mission execution at scale.
• Experience deploying AI-driven threat intelligence tools that automate indicator enrichment, adversary behavior prediction, and threat-informed remediation recommendations.
• Demonstrated ability to operationalize AI-supported automation frameworks-such as SOAR platforms, AI-assisted playbooks, and machine-learning-based workflow engines-

GDIT IS YOUR PLACE

• 401K: With company match.
• Health & Wellness: Comprehensive health and wellness packages.
• Career Growth: Internal mobility team dedicated to helping you own your career.
• Professional Development: Growth opportunities including paid education and certifications.
• Innovative Tech: Access to cutting-edge technology to stay ahead of the mission.
• Work-Life Balance: Rest and recharge with paid vacation and holidays.