Cyber Fusion Analyst

The Leidos Digital Modernization sector is looking for a Cyber Fusion Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our Cyber Fusion team provides mission-critical support to the customer’s mission of protecting federal networked systems by integrating disparate intelligence, hunting telemetry, and vulnerability data into a single operational view. We bridge the gap between "knowing the threat" and "stopping the threat," ensuring that intelligence directly drives defensive actions.
 

This hybrid position is primarily on-site, with potential for up to 20% telework.  While this position will primarily work during core hours (0600 – 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights).  As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Intelligence-Driven Defense: Synthesize external threat intelligence (TTPs, IOCs) with internal hunt telemetry to develop a comprehensive understanding of the adversary's impact on the enterprise.
• Fusion Analysis & Reporting: Author high-impact "Fusion Reports" that blend technical forensics with strategic intelligence to brief senior leadership on trending threats and operational risks.
• Advanced Correlation: Utilize SIEM and Threat Intelligence Platforms (TIP) to correlate global threat actor activity against internal sensor logs, identifying "low and slow" campaigns that span multiple mission sets.
• Adversary Campaign Tracking: Maintain a living "Adversary Encyclopedia" by mapping internal discoveries to the MITRE ATT&CK framework to identify systemic defensive gaps.
• Vulnerability-Intelligence Pairing: Analyze Vulnerability Disclosure Program (VDP) data alongside active threat reporting to prioritize patching efforts based on real-world exploitation trends.
• Tactical Countermeasure Influence: Provide data-backed recommendations to Engineering and DCO teams to adjust firewall rules, EDR policies, and SIEM logic based on emerging fusion findings.
• Indications & Warnings (I&W): Develop and refine custom analytics that provide "early warning" of adversary reconnaissance or pre-exploitation activity targeting the customer enterprise.
• Continuous Knowledge Management: Maintain the "Single Source of Truth" for threat data, ensuring that Hunt, Intel, and Engineering teams are operating from a synchronized set of prioritized threats. 

BASIC QUALIFICATIONS:

• Bachelor’s Degree with 8+ yrs of experience or Master’s Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold a certification such as CompTIA Security+, CASP+ CE, or CISSP.
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (e.g., CEH, CySA+) or obtain within 180 days.
• Analytic Writing Mastery: Demonstrated ability to synthesize complex technical data into concise, non-technical executive briefings.
• Framework Proficiency: Expert understanding of the Cyber Kill Chain, Diamond Model, and MITRE ATT&CK.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Fusion Center Experience: Previous experience working within a government or large-scale commercial Cyber Fusion Center (CFC) or Joint Operations Center (JOC).
• Query & Scripting: Proficiency in SPL (Splunk) or KQL (Kusto) for data correlation; Python skills for automating intelligence ingestion and enrichment.
• OSINT & Commercial Portals: Experience utilizing tools like Recorded Future, VirusTotal, or Mandiant Advantage to pivot from external indicators to internal threats.
• Cloud Fusion: Familiarity with fusion analysis within AWS, Azure, or O365 environments, specifically correlating cloud-native audit logs.
• Adversary Emulation: Basic understanding of Red Teaming or Penetration Testing methodologies to better predict adversary movement.

#ms

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.