Cyber Threat Intelligence Analyst

The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington DC. This position is expected to become available in Summer 2026.

Our team provides mission critical 24/7 operational support to the customers mission of protecting federal networked systems and services from cyber threats impacting national security. We are looking for a self-starter who is capable of independently performing their daily tasks but also works well within a team that requires significant coordination and communication.

This hybrid position is primarily on-site with potential for up to 20% telework. While this position will primarily work during core hours (0) this position will be supporting a team of analysts working 24/7 rotating shifts (days swings nights). As such occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Produce High-Value Intelligence:Lead the production of strategic operational and tactical intelligence reports to inform stakeholders of emerging threats actor motivations and potential impacts.
• Adversary Characterization:Analyze adversary tactics techniques and procedures (TTPs) using frameworks likeMITRE ATT&CKto develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
• Intelligence Lifecycle Management:Drive the end-to-end intelligence cycle including developing Priority Intelligence Requirements (PIRs) managing collection plans and disseminating actionable intelligence to defensive teams.
• Threat Modeling & Forecasting:Maintain proactive situational awareness by evaluating DoD IC and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
• Indicator Lifecycle Management:Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion enrichment and expiration of threat data within a Threat Intelligence Platform (TIP).
• Support Hunt & DCO Operations:Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering Indications & Warnings and actionable pivot points for internal investigations.
• Automated Intelligence Integration:Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
• Strategic Advisory:Provide recommendations for executive-level decision-making regarding risk management security architecture improvements and intelligence-driven defense strategies.

BASIC QUALIFICATIONS:

• Bachelors Degreewith 8 yrs of experience orMasters Degreewith 6 yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III:Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g. CompTIA Security CySA GSEC and SSCP) or (CASP CE CCNP Security CISA GCED and GCIH)
• DoD 8570 CSSP Analyst:Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g. CompTIA CySA Cloud GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g. CompTIA CySA Cloud EC-Council CEH CND CHFI GIAC GICSP and ISC2 SSCP)
• Technical Proficiency: Strong knowledge of networking protocols computing security elements (IDS/IPS Firewalls) and experience with data correlation and analysis.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Advanced Threat Analysis:Demonstrated expertise in analyzing malware reports forensic data and packet captures to extract actionable intelligence.
• Framework Proficiency:Expert-level understanding of theCyber Kill Chainand Diamond Model of Intrusion Analysis.
• Intelligence Platforms:Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali ThreatConnect or MISP.
• Analytical Writing:Strong ability to translate technical findings into concise non-technical briefings for senior leadership.
• Scripting & Querying:Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL KQL or Elastic DSL for querying large datasets.
• Cloud & Infrastructure:Experience analyzing threats targeting AWS Azure O365 and containerized environments.
• Global Landscape Knowledge:Deep understanding of geopolitical trends and how they influence cyber-adversary activity.

#ms

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.