Cyber Intrusion Analyst

LeidosSan Antonio, TX
Onsite

About The Position

The Defense Sector at Leidos currently has an opening for a Cyber Intrusion Analyst with an active SECRET clearance! This role involves performing computer network inspections to mitigate/prevent incident detection and response activities. The analyst will detect, correlate, identify, and characterize anomalous activity indicative of threats to the enterprise. Responsibilities include monitoring security tools, investigating alerts, and developing mitigation strategies. The role also involves analyzing low-level events, conducting event triage, and utilizing formal monitoring policies and procedures for network traffic analysis on a 24/7/365 basis. Reviewing logs to detect intruders and notifying Mission Partners is crucial. The analyst will also apply, develop, tune, and optimize countermeasures. Understanding attack signatures, tactics, techniques, and procedures (TTPs) associated with advanced threats is essential. The position requires strong technical writing skills for documentation and excellent communication skills for collocated customer interaction and team coordination.

Requirements

  • Active SECRET clearance.
  • Ability to obtain TS/SCI clearance level.
  • Bachelor's degree, or additional relevant work experience and/or military service may be considered in lieu of degree.
  • Networking: TCP/IP Fundamentals, Network Traffic Analysis, Wireshark, Cisco Packet Tracer.
  • Programming: Python, Java, JavaScript, HTML.
  • Systems: Linux, Operating Systems Concepts, Computer Architecture, MySQL.
  • Security & Analysis: Security Monitoring, Threat Detection Concepts, SIEM Concepts, Risk Mitigation, NIST Framework Concepts.
  • Experience working with DoW / Government.
  • Strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls.

Nice To Haves

  • Active DOW Secret Clearance.
  • CompTIA Security+, TCP/IP networking, Linux systems, Cisco Packet Tracer, Wireshark.
  • Familiarity with Military Regulations and security compliance procedures.
  • Experience with both CONUS and OCONUS threat environments to Department of War facilities.
  • Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task.
  • Knowledge of hacker tactics, techniques and procedures (TTP).
  • Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain.
  • Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts.
  • Knowledge of advanced threat actor tactics, techniques, and procedures (TTP).
  • Understanding of software exploits.

Responsibilities

  • Perform computer network inspections to mitigate / prevent incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise.
  • Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary.
  • Conduct analysis of low-level (“low and slow”) events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques.
  • Conduct event triage and analysis, which can result in network traffic validations or a Mission Partner’s incident report.
  • Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis.
  • Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report.
  • Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible.
  • Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks.
  • Understand attack signatures, tactics, techniques, and procedures associated with advanced threats.
  • Document each event, including the associated analysis, in a ticketing system for review and action.
  • Coordinate and communicate with team members and interact face-to-face with the customer throughout the day.

Benefits

  • Pay Range $69,550.00 - $125,725.00
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service