The Leidos Digital Modernization sector is looking for a
Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC.
This position is expected to become available in Summer 2026.Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. We are looking for a self-starter who is capable of independently performing their daily tasks but also works well within a team that requires significant coordination and communication.
This hybrid position is primarily on-site, with potential for up to 20% telework. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such,
occasional shift work or weekend work may be required to fill unexpected gaps in coverage.PRIMARY RESPONSIBILITIES:- Produce High-Value Intelligence: Lead the production of strategic, operational, and tactical intelligence reports to inform stakeholders of emerging threats, actor motivations, and potential impacts.
- Adversary Characterization: Analyze adversary tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
- Intelligence Lifecycle Management: Drive the end-to-end intelligence cycle, including developing Priority Intelligence Requirements (PIRs), managing collection plans, and disseminating actionable intelligence to defensive teams.
- Threat Modeling & Forecasting: Maintain proactive situational awareness by evaluating DoD, IC, and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
- Indicator Lifecycle Management: Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion, enrichment, and expiration of threat data within a Threat Intelligence Platform (TIP).
- Support Hunt & DCO Operations: Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering "Indications & Warnings" and actionable pivot points for internal investigations.
- Automated Intelligence Integration: Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
- Strategic Advisory: Provide recommendations for executive-level decision-making regarding risk management, security architecture improvements, and intelligence-driven defense strategies.
BASIC QUALIFICATIONS:- Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
- DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
- DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
- DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
- Technical Proficiency: Strong knowledge of networking protocols, computing security elements (IDS/IPS, Firewalls), and experience with data correlation and analysis.
- Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment
PREFERRED SKILLS:- Advanced Threat Analysis: Demonstrated expertise in analyzing malware reports, forensic data, and packet captures to extract actionable intelligence.
- Framework Proficiency: Expert-level understanding of the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
- Intelligence Platforms: Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali, ThreatConnect, or MISP.
- Analytical Writing: Strong ability to translate technical findings into concise, non-technical briefings for senior leadership.
- Scripting & Querying: Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL, KQL, or Elastic DSL for querying large datasets.
- Cloud & Infrastructure: Experience analyzing threats targeting AWS, Azure, O365, and containerized environments.
- Global Landscape Knowledge: Deep understanding of geopolitical trends and how they influence cyber-adversary activity.
#ms
If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.
Original Posting:March 12, 2026
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:Pay Range $107,900.00 - $195,050.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Never miss an opportunity! Create an alert based on the job you applied for.