Cyber Threat Intelligence Analyst

Description

The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. We are looking for a self-starter who is capable of independently performing their daily tasks but also works well within a team that requires significant coordination and communication.

This hybrid position is primarily on-site, with potential for up to 20% telework. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Produce High-Value Intelligence: Lead the production of strategic, operational, and tactical intelligence reports to inform stakeholders of emerging threats, actor motivations, and potential impacts.
• Adversary Characterization: Analyze adversary tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
• Intelligence Lifecycle Management: Drive the end-to-end intelligence cycle, including developing Priority Intelligence Requirements (PIRs), managing collection plans, and disseminating actionable intelligence to defensive teams.
• Threat Modeling & Forecasting: Maintain proactive situational awareness by evaluating DoD, IC, and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
• Indicator Lifecycle Management: Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion, enrichment, and expiration of threat data within a Threat Intelligence Platform (TIP).
• Support Hunt & DCO Operations: Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering "Indications & Warnings" and actionable pivot points for internal investigations.
• Automated Intelligence Integration: Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
• Strategic Advisory: Provide recommendations for executive-level decision-making regarding risk management, security architecture improvements, and intelligence-driven defense strategies.

BASIC QUALIFICATIONS:

• Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Strong knowledge of networking protocols, computing security elements (IDS/IPS, Firewalls), and experience with data correlation and analysis.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Advanced Threat Analysis: Demonstrated expertise in analyzing malware reports, forensic data, and packet captures to extract actionable intelligence.
• Framework Proficiency: Expert-level understanding of the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Intelligence Platforms: Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali, ThreatConnect, or MISP.
• Analytical Writing: Strong ability to translate technical findings into concise, non-technical briefings for senior leadership.
• Scripting & Querying: Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL, KQL, or Elastic DSL for querying large datasets.
• Cloud & Infrastructure: Experience analyzing threats targeting AWS, Azure, O365, and containerized environments.
• Global Landscape Knowledge: Deep understanding of geopolitical trends and how they influence cyber-adversary activity.

#ms

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

Original Posting:
March 12, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:
Pay Range $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

Securing Your Data

Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com .

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.