Cyber Threat Intelligence AnalystLeidos

Description

The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our team provides mission critical, 24/7 operational support to the customer’s mission of protecting federal networked systems and services from cyber threats impacting national security.  We are looking for a self-starter who is capable of independently performing their daily tasks but also works well within a team that requires significant coordination and communication.

This hybrid position is primarily on-site, with potential for up to 20% telework.  While this position will primarily work during core hours (0600 – 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights).  As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Produce High-Value Intelligence: Lead the production of strategic, operational, and tactical intelligence reports to inform stakeholders of emerging threats, actor motivations, and potential impacts.
• Adversary Characterization: Analyze adversary tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
• Intelligence Lifecycle Management: Drive the end-to-end intelligence cycle, including developing Priority Intelligence Requirements (PIRs), managing collection plans, and disseminating actionable intelligence to defensive teams.
• Threat Modeling & Forecasting: Maintain proactive situational awareness by evaluating DoD, IC, and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
• Indicator Lifecycle Management: Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion, enrichment, and expiration of threat data within a Threat Intelligence Platform (TIP).
• Support Hunt & DCO Operations: Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering "Indications & Warnings" and actionable pivot points for internal investigations.
• Automated Intelligence Integration: Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
• Strategic Advisory: Provide recommendations for executive-level decision-making regarding risk management, security architecture improvements, and intelligence-driven defense strategies.

BASIC QUALIFICATIONS:

• Bachelor's Degree with 8+ yrs of experience or Master’s Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Strong knowledge of networking protocols, computing security elements (IDS/IPS, Firewalls), and experience with data correlation and analysis.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Advanced Threat Analysis: Demonstrated expertise in analyzing malware reports, forensic data, and packet captures to extract actionable intelligence.
• Framework Proficiency: Expert-level understanding of the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Intelligence Platforms: Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali, ThreatConnect, or MISP.
• Analytical Writing: Strong ability to translate technical findings into concise, non-technical briefings for senior leadership.
• Scripting & Querying: Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL, KQL, or Elastic DSL for querying large datasets.
• Cloud & Infrastructure: Experience analyzing threats targeting AWS, Azure, O365, and containerized environments.
• Global Landscape Knowledge: Deep understanding of geopolitical trends and how they influence cyber-adversary activity.

#ms

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

March 12, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.