This website uses cookies to ensure you get the best experience.

Thorn SDS Ltd and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Thorn SDS Ltd career site
IT Specialists · Hereford

Security Analyst / SOC

Role: Security Analyst / SOC

Location: Hereford (onsite)

Salary: £50k - £60k p/a

Thorn SDS is a niche Managed Service Provider with a Head Office based in Alton, Hampshire, who are committed to enabling technology organisations and professionals to thrive within the Space, Defence and Security sectors. We are currently looking for an experienced Security Analyst / SOC to work onsite, 5 days per week, at a secure site in Hereford.

About the Role

You will be a key frontline defender, monitoring, analysing, and responding to cybersecurity incidents in highly secure environments. This role is suited for individuals passionate about cyber threat detection, incident response, and continuous security improvement in mission-critical systems.

Key Responsibilities

  • Monitor security events, alerts, and anomalies across SIEM and endpoint platforms (e.g., Splunk, Sentinel, ELK, CloudWatch, CrowdStrike).
  • Analyse potential security incidents, triage alerts, and escalate as needed based on impact and classification.
  • Investigate security breaches and contribute to coordinated incident response activities.
  • Correlate and enrich event data with threat intelligence sources to identify indicators of compromise (IOCs).
  • Maintain logs, evidence records, and forensic artefacts in line with operational procedures and legal/compliance requirements.
  • Support the development of detection rules, playbooks, and use cases for emerging threats.
  • Collaborate with security engineers to recommend and validate remediation actions.
  • Ensure operations align with MOD cyber security standards (e.g., JSP 604, NCSC principles, ISO 27001).
  • Participate in SOC drills, tabletop exercises, and red/blue team engagements where appropriate.
  • Provide input to threat hunting, vulnerability management, and SIEM tuning activities.

Required Qualifications & Experience

  • Experience working in a Security Operations Centre (SOC) or in an incident response, cyber analyst, or defensive security role.
  • Familiarity with key security tools and platforms (e.g., SIEMs, EDR/XDR, IDS/IPS, firewalls, log aggregation).
  • Solid understanding of network protocols, Windows/Linux OS internals, and cybersecurity concepts (e.g., MITRE ATT&CK, cyber kill chain).
  • Strong analytical and communication skills, with the ability to write clear incident reports and briefings.
  • Experience working within regulated environments and compliance frameworks.

Desirable Skills

  • Certifications: CompTIA Security+, CySA+, GIAC (GCIA/GCIH), SSCP, or similar.
  • Familiarity with cloud security monitoring (AWS/Azure/GCP) and hybrid environments.
  • Understanding of UK MOD cyber defence practices, DISA STIGs, or defence sector regulatory standards.
  • Knowledge of scripting (Python, PowerShell) or automation tools to aid in detection/response.
  • Experience with threat intelligence platforms (TIPs) or structured analysis methodologies.

What We Offer

  • Competitive salary based on experience and clearance level.
  • Opportunities to work on nationally significant defence platforms and systems.
  • 25 days Annual Leave (plus Bank Holidays)
  • Employer Pension Contributions
  • Group Life Insurance
  • Dental Cashback Plan
  • Health Cashback Plan
  • Wellbeing Services (includes GP, Physio and Savings Benefits)
  • Thorn Wellbeing Support Contribution
  • Cycle to Work Scheme
  • Supported Training & Personal Development Opportunities

Apply

If you have the expertise to support this requirement and are eager to make an impact in a critical role, please apply today!

All applicants must hold the Right to Work in the UK and already possess, or be eligible to obtain, a high level of National Security Clearance.

Due to the nature of our business, your nationality, previous nationalities, and country of birth may influence the types of roles for which you are eligible. For more details, visit the GOV.UK website or click here.

Department
IT Specialists
Role
Security Analyst / SOC
Locations
Hereford
Picture of Recruitment Team
Contact Recruitment Team Thorn SDS

Colleagues

Picture of Jo Matthews
Jo Matthews
Internal Recruiter
IT Specialists · Hereford

Security Analyst / SOC

Loading application form