Cyber Threat Intelligence Analyst
Company: Leidos
Location: Washington
Posted on: April 1, 2026
|
|
|
Job Description:
The Leidos Digital Modernization sector is looking for a Cyber
Threat Intelligence Analyst to support a Defensive Cyber Operations
(DCO) team in Washington, DC. This position is expected to become
available in Summer 2026. Our team provides mission critical, 24/7
operational support to the customer’s mission of protecting federal
networked systems and services from cyber threats impacting
national security. We are looking for a self-starter who is capable
of independently performing their daily tasks but also works well
within a team that requires significant coordination and
communication. This hybrid position is primarily on-site, with
potential for up to 20% telework. While this position will
primarily work during core hours (0600 – 1600), this position will
be supporting a team of analysts working 24/7 rotating shifts
(days, swings, nights). As such, occasional shift work or weekend
work may be required to fill unexpected gaps in coverage. PRIMARY
RESPONSIBILITIES: Produce High-Value Intelligence: Lead the
production of strategic, operational, and tactical intelligence
reports to inform stakeholders of emerging threats, actor
motivations, and potential impacts. Adversary Characterization:
Analyze adversary tactics, techniques, and procedures (TTPs) using
frameworks like MITRE ATT&CK to develop comprehensive profiles
of Advanced Persistent Threats (APTs) relevant to the enterprise.
Intelligence Lifecycle Management: Drive the end-to-end
intelligence cycle, including developing Priority Intelligence
Requirements (PIRs), managing collection plans, and disseminating
actionable intelligence to defensive teams. Threat Modeling &
Forecasting: Maintain proactive situational awareness by evaluating
DoD, IC, and open-source reporting to forecast shifts in the threat
landscape and identify systemic vulnerabilities before they are
exploited. Indicator Lifecycle Management: Evaluate the fidelity of
Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs);
manage the ingestion, enrichment, and expiration of threat data
within a Threat Intelligence Platform (TIP). Support Hunt & DCO
Operations: Provide the intelligence foundation for Hunt missions
and Defensive Cyber Operations (DCO) by delivering "Indications &
Warnings" and actionable pivot points for internal investigations.
Automated Intelligence Integration: Design solutions to automate
the delivery of threat data to security controls
(SIEM/SOAR/Firewalls) and develop scripts to streamline data
collection and correlation. Strategic Advisory: Provide
recommendations for executive-level decision-making regarding risk
management, security architecture improvements, and
intelligence-driven defense strategies. BASIC QUALIFICATIONS:
Bachelor's Degree with 8 yrs of experience or Master’s Degree with
6 yrs of relevant experience; additional years of experience may be
substituted in lieu of degrees. DoD 8570 IAT Level II/III: Must
hold an IAT Level II or higher certification (or obtain within 180
days). (e.g., CompTIA Security , CySA, GSEC and SSCP) or (CASP CE,
CCNP Security, CISA, GCED, and GCIH) DoD 8570 CSSP Analyst: Must
hold a CSSP Analyst certification (or obtain within 180 days).
(e.g., CompTIA CySA, Cloud, GIAC Global Information Assurance
Certification (GCIA)) DoD 8570 CSSP Infrastructure Support: Must
hold a CSSP Infrastructure Support certification (or obtain within
180 days). (e.g., CompTIA CySA, Cloud, EC-Council CEH, CND, CHFI,
GIAC GICSP, and ISC2 SSCP) Technical Proficiency: Strong knowledge
of networking protocols, computing security elements (IDS/IPS,
Firewalls), and experience with data correlation and analysis.
Security Clearance: Current DoD TS/SCI security clearance and
ability to pass additional customer suitability screenings prior to
start and maintain throughout employment . PREFERRED SKILLS:
Advanced Threat Analysis: Demonstrated expertise in analyzing
malware reports, forensic data, and packet captures to extract
actionable intelligence. Framework Proficiency: Expert-level
understanding of the Cyber Kill Chain and Diamond Model of
Intrusion Analysis. Intelligence Platforms: Experience utilizing
Threat Intelligence Platforms (TIPs) such as Anomali,
ThreatConnect, or MISP. Analytical Writing: Strong ability to
translate technical findings into concise, non-technical briefings
for senior leadership. Scripting & Querying: Proficiency with
Python or PowerShell for data scraping/automation; familiarity with
SPL, KQL, or Elastic DSL for querying large datasets. Cloud &
Infrastructure: Experience analyzing threats targeting AWS, Azure,
O365, and containerized environments. Global Landscape Knowledge:
Deep understanding of geopolitical trends and how they influence
cyber-adversary activity. ms If you're looking for comfort, keep
scrolling. At Leidos, we outthink, outbuild, and outpace the status
quo — because the mission demands it. We're not hiring followers.
We're recruiting the ones who disrupt, provoke, and refuse to fail.
Step 10 is ancient history. We're already at step 30 — and moving
faster than anyone else dares. Original Posting: March 12, 2026 For
U.S. Positions: While subject to change based on business needs,
Leidos reasonably anticipates that this job requisition will remain
open for at least 3 days with an anticipated close date of no
earlier than 3 days after the original posting date as listed
above. Pay Range: Pay Range $107,900.00 - $195,050.00 The Leidos
pay range for this job level is a general guideline only and not a
guarantee of compensation or salary. Additional factors considered
in extending an offer include (but are not limited to)
responsibilities of the job, education, experience, knowledge,
skills, and abilities, as well as internal equity, alignment with
market data, applicable bargaining agreement (if any), or other
law.
Keywords: Leidos, Sterling , Cyber Threat Intelligence Analyst, IT / Software / Systems , Washington, Virginia
