Cyber Threat Intelligence Analyst

The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. We are looking for a self-starter who is capable of independently performing their daily tasks but also works well within a team that requires significant coordination and communication.

This hybrid position is primarily on-site, with potential for up to 20% telework. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage., * Produce High-Value Intelligence: Lead the production of strategic, operational, and tactical intelligence reports to inform stakeholders of emerging threats, actor motivations, and potential impacts.

• Adversary Characterization: Analyze adversary tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
• Intelligence Lifecycle Management: Drive the end-to-end intelligence cycle, including developing Priority Intelligence Requirements (PIRs), managing collection plans, and disseminating actionable intelligence to defensive teams.
• Threat Modeling & Forecasting: Maintain proactive situational awareness by evaluating DoD, IC, and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
• Indicator Lifecycle Management: Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion, enrichment, and expiration of threat data within a Threat Intelligence Platform (TIP).
• Support Hunt & DCO Operations: Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering "Indications & Warnings" and actionable pivot points for internal investigations.
• Automated Intelligence Integration: Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
• Strategic Advisory: Provide recommendations for executive-level decision-making regarding risk management, security architecture improvements, and intelligence-driven defense strategies.

• Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Strong knowledge of networking protocols, computing security elements (IDS/IPS, Firewalls), and experience with data correlation and analysis.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Advanced Threat Analysis: Demonstrated expertise in analyzing malware reports, forensic data, and packet captures to extract actionable intelligence.
• Framework Proficiency: Expert-level understanding of the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Intelligence Platforms: Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali, ThreatConnect, or MISP.
• Analytical Writing: Strong ability to translate technical findings into concise, non-technical briefings for senior leadership.
• Scripting & Querying: Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL, KQL, or Elastic DSL for querying large datasets.
• Cloud & Infrastructure: Experience analyzing threats targeting AWS, Azure, O365, and containerized environments.
• Global Landscape Knowledge: Deep understanding of geopolitical trends and how they influence cyber-adversary activity.

#ms

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .