Job Description

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

Top Secret

Clearance Level Must Be Able to Obtain:

Top Secret

Public Trust/Other Required:

None

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Remediation Management, Remediation Plans, Security Risk Mitigation, Team Leadership, Threat Mitigation

Certifications:

None

Experience:

10 + years of related experience

US Citizenship Required:

Yes

The Remediation and Mitigation (R&M) Lead oversees teams that plan, manage, and execute remediation actions across affected organizations, delivering actionable, technically grounded guidance that accelerates incident recovery and strengthens long‑term resilience for federal, state, local, tribal, territorial (SLTT), and critical infrastructure stakeholders. The role directs the full remediation lifecycle from incident‑specific plan development through completion ensuring cohesive communication, accurate reporting, and mission‑aligned knowledge capture that enhances national cybersecurity resilience.

In collaboration with internal and external stakeholders, the R&M Lead ensures high‑quality tools, guides, and countermeasures are produced from real‑world engagements and lessons learned, advancing consistent, risk‑reducing remediation across the ecosystem.

Key Responsibilities

Remediation Coordination Leadership

• Oversee teams that serve as the central coordination function for planning, managing, and executing incident remediation across networks, endpoints, and security controls.
• Ensure teams provide timely, accurate reporting of incident response actions to leadership and stakeholders.
• Oversee teams that deliver complete operational metrics, statistics, and analytic insights.
• Ensure responsible, secure, mission‑aligned information sharing and high‑quality content contributions to engagement reports, defensive measures, and threat‑informed prevention materials.
• Lead knowledge capture from real‑world incidents, enforcing R&M and Threat Hunt (TH) guidance and feeding insights into processes and knowledgebases to enhance national remediation capability.
• Oversee teams preparing regular and ad‑hoc briefings to mission teams, leadership, and stakeholders to maintain situational awareness and coordinated operational response.

Countermeasures Analysis Oversight

• Direct teams that evaluate threat actor activity and stakeholder environments to recommend optimal containment and eradication actions, reducing risk of re‑compromise and regaining control of compromised assets.
• Ensure actionable technical guidance is provided across networks, endpoints, and security controls.
• Oversee creation of high‑quality reports documenting findings, mitigation strategies, and technical insights.
• Maintain adherence to established R&M and TH knowledge‑management procedures.

Countermeasures Research & Tool Sustainment

• Oversee researchers who test, validate, and document countermeasures to keep CISA’s mitigation guidance ahead of adversary actions, adding insights from past engagements into catalogs and documentation.
• Ensure the countermeasures database remains accurate, relevant, and complete by integrating cyber threat intelligence (CTI) and all‑source reporting on adversary techniques, tactics and procedures (TTPs) and updating content to reflect current threat landscapes.
• Enforce secure, mission‑aligned information sharing and contribute expert input to defensive measures, threat‑informed prevention content, and other publications.

Deception Operations (DecOps) Support

• Oversee DecOps teams operationalizing the MITRE Engage™ framework to conduct deception activities as needed during cyber incidents, providing overwatch during containment and eradication.
• Ensure accurate operational metrics and statistical reporting that strengthen performance oversight, situational awareness, and leadership decision‑making.
• Maintain secure, accurate information sharing with stakeholders to support coordinated response and remediation.

Operational Governance, Reporting & Knowledge Management

• Oversee responsible information sharing practices and contribute high‑quality, mission‑aligned content to reports, tools, and prevention materials.
• Ensure teams consistently capture lessons learned and maintain organizational knowledge quality in accordance with R&M and TH guidance,
• Coordinate additional mission‑aligned duties assigned by leadership to maintain continuity, effectiveness, and agility of operational and analytical functions.

Required Qualifications

• Experience leading remediation and incident response activities for large‑scale federal or critical‑infrastructure cybersecurity programs.
• Demonstrated ability to oversee cross‑functional teams that deliver containment, eradication, and recovery actions across complex enterprise environments.
• Strong knowledge of adversary TTPs, defensive controls, and remediation planning; familiarity with knowledge‑management practices and operational reporting.
• Excellent communication skills with experience briefing leadership and stakeholder organizations.
• Ability to establish performance metrics and drive outcome‑focused improvements across mission workflows.
• Ability to integrate AI/ML into remediation workflows to accelerate detection, containment, and recovery while improving consistency and mission effectiveness.
• Demonstrated experience adding AI‑driven threat intelligence tools—such as automated correlation engines, predictive analytics, or machine‑learning‑enabled TTP modeling—to support incident prioritization and threat‑informed remediation planning.
• Proven success leveraging AI‑supported automation frameworks, including SOAR platforms and machine‑assisted playbooks, to streamline remediation actions and reduce operator workload across complex environments.
• 10 years of overall cybersecurity experience with 5 years of management of cybersecurity teams

Preferred Qualifications

• Experience supporting CISA, DHS, or national‑level cyber missions.
• Familiarity with countermeasure development, deception frameworks (e.g., MITRE Engage), and remediation tooling (e.g., playbooks, mitigation catalogs).
• Relevant certifications (e.g., CISSP, GCIH, GICSP, GRID, GCFA) and experience integrating CTI into remediation guidance.
• Experience sustaining mission applications and content repositories used for remediation and prevention.
• AI/ML integration in national cyber missions, including applying machine‑learning models to enhance remediation planning, situational awareness, and mission execution at scale.
• Experience deploying AI‑driven threat intelligence tools that automate indicator enrichment, adversary behavior prediction, and threat‑informed remediation recommendations.
• Demonstrated ability to operationalize AI‑supported automation frameworks—such as SOAR platforms, AI‑assisted playbooks, and machine‑learning‑based workflow engines—

GDIT IS YOUR PLACE

• 401K With company match.
• Health & Wellness Comprehensive health and wellness packages.
• Career Growth Internal mobility team dedicated to helping you own your career.
• Professional Development Growth opportunities including paid education and certifications.
• Innovative Tech Access to cutting-edge technology to stay ahead of the mission.
• Work-Life Balance Rest and recharge with paid vacation and holidays.

The likely salary range for this position is $170,000 - $230,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

Less than 10%

Telecommuting Options:

Hybrid

Work Location:

USA VA Herndon

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans