Period
to 18 February 2019

The following table provides summary statistics for contract job vacancies advertised in England with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 18 February 2019 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK > England
6 months to
18 Feb 2019
Same period 2018 Same period 2017
Rank 471 477 466
Rank change year-on-year +6 -11 +57
Contract jobs citing Penetration Testing 409 398 406
As % of all contract IT jobs advertised in England 0.45% 0.43% 0.46%
As % of the Processes & Methodologies category 0.52% 0.50% 0.54%
Number of daily rates quoted 232 239 275
England median daily rate £525 £500 £450
Median daily rate % change year-on-year +5.00% +11.11% -
10th Percentile £401 £349 £350
90th Percentile £675 £665 £600
UK median daily rate £525 £500 £450
% change year-on-year +5.00% +11.11% -
Number of hourly rates quoted 4 1 3
England median hourly rate £35.00 £62.50 £60.87
Median hourly rate % change year-on-year -44.00% +2.68% +31.61%
UK median hourly rate £35.00 £62.50 £60.87
% change year-on-year -44.00% +2.68% +31.61%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies advertised in England with a requirement for process or methodology skills.

All Process and Methodology Skills
England
Contract vacancies with a requirement for process or methodology skills 78,643 78,933 75,265
As % of all contract IT jobs advertised in England 87.23% 86.06% 85.27%
Number of daily rates quoted 52,559 53,147 50,052
England median daily rate £475 £450 £435
Median daily rate % change year-on-year +5.56% +3.45% +2.35%
10th Percentile £304 £288 £266
90th Percentile £650 £638 £625
UK median daily rate £475 £450 £425
% change year-on-year +5.56% +5.88% -
Number of hourly rates quoted 1,975 1,917 2,132
England median hourly rate £23.84 £24.00 £24.44
Median hourly rate % change year-on-year -0.69% -1.78% +6.24%
10th Percentile £11.38 £11.48 £11.25
90th Percentile £50.00 £50.25 £48.75
UK median hourly rate £23.86 £24.00 £24.00
% change year-on-year -0.59% - -

Penetration Testing
Job Vacancy Trend in England

Job postings citing Penetration Testing as a percentage of all IT jobs advertised in England.

Job vacancy trend for Penetration Testing in England

Penetration Testing
Contractor Daily Rate Trend in England

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing in England.

Contractor daily rate trend for Penetration Testing in England

Penetration Testing
Contractor Daily Rate Histogram in England

The daily rate distribution of IT jobs citing Penetration Testing in England over the 6 months to 18 February 2019.

Contractor daily rate histogram for Penetration Testing in England

Penetration Testing
Contractor Hourly Rate Trend in England

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing in England.

Contractor hourly rate trend for Penetration Testing in England

Penetration Testing
Contractor Hourly Rate Histogram in England

The hourly rate distribution of IT jobs citing Penetration Testing in England over the 6 months to 18 February 2019.

Contractor hourly rate histogram for Penetration Testing in England

Penetration Testing
Contract Job Locations in England

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the England region over the 6 months to 18 February 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
London -9 206 £525 +5.00% 71
South East +21 78 £500 -4.76% 31
North of England -31 52 £519 +9.21% 32
Midlands +17 35 £500 -4.76% 22
North West -24 30 £500 - 23
West Midlands +11 29 £500 -4.76% 15
Yorkshire -8 21 £638 +59.38% 7
South West -39 19 £445 +17.10% 18
East of England +2 15 £495 -14.84% 19
East Midlands +11 4 £600 - 6
North East -13 1 £560 - 2
Penetration Testing
UK

For the 6 months to 18 February 2019, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads across the England region with a requirement for Penetration Testing.

1 171 (41.81%) Cybersecurity
2 154 (37.65%) Information Security
3 113 (27.63%) CISSP
4 89 (21.76%) Security Architecture
5 88 (21.52%) Agile Software Development
5 88 (21.52%) ISO/IEC 27001
6 87 (21.27%) Firewall
7 80 (19.56%) Finance
7 80 (19.56%) Amazon AWS
8 74 (18.09%) Python
9 66 (16.14%) OWASP
10 65 (15.89%) Microsoft Azure
11 64 (15.65%) Linux
12 63 (15.40%) Management Information System
12 63 (15.40%) Security Testing
12 63 (15.40%) Vulnerability Management
12 63 (15.40%) Security Operations
13 60 (14.67%) Risk Management
14 59 (14.43%) CISM
15 57 (13.94%) Degree
16 53 (12.96%) Windows
16 53 (12.96%) Security Cleared
17 47 (11.49%) Ruby
17 47 (11.49%) Patch Management
17 47 (11.49%) DevOps
18 46 (11.25%) Microsoft
18 46 (11.25%) GIAC
19 45 (11.00%) Bash Shell
19 45 (11.00%) SANS
20 43 (10.51%) Threat Modelling

Penetration Testing
Co-occurring IT Skills in England by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 15 (3.67%) OpenStack
1 15 (3.67%) SharePoint
2 11 (2.69%) Confluence
3 10 (2.44%) IIS
4 6 (1.47%) SharePoint 2013
5 3 (0.73%) Apache Pig
5 3 (0.73%) Elasticsearch
5 3 (0.73%) nginx
5 3 (0.73%) SAS
5 3 (0.73%) WordPress
6 2 (0.49%) Oracle SOA Suite
7 1 (0.24%) Apache
7 1 (0.24%) Exchange Server 2010
7 1 (0.24%) MS Exchange
Applications
1 12 (2.93%) Microsoft Office
2 1 (0.24%) Microsoft Excel
Business Applications
1 11 (2.69%) Oracle EBS R12
1 11 (2.69%) Oracle FAH
2 1 (0.24%) Oracle EBS
Cloud Services
1 80 (19.56%) Amazon AWS
2 65 (15.89%) Microsoft Azure
3 22 (5.38%) Google Cloud Platform
4 16 (3.91%) SaaS
5 13 (3.18%) PaaS
6 11 (2.69%) GitHub
6 11 (2.69%) IaaS
6 11 (2.69%) Mimecast
7 10 (2.44%) Amazon S3
7 10 (2.44%) Office 365
8 6 (1.47%) Amazon EC2
9 5 (1.22%) BrowserStack
10 3 (0.73%) Apigee
10 3 (0.73%) AWS CloudFormation
10 3 (0.73%) Cloud Computing
10 3 (0.73%) Serverless
11 2 (0.49%) AWS Lambda
11 2 (0.49%) Route 53
11 2 (0.49%) Virtual Private Cloud
12 1 (0.24%) Trello
Communications & Networking
1 87 (21.27%) Firewall
2 31 (7.58%) VPN
3 29 (7.09%) HTTP
4 28 (6.85%) SSL
5 20 (4.89%) DNS
5 20 (4.89%) Intrusion Detection
5 20 (4.89%) Network Security
6 18 (4.40%) Internet
6 18 (4.40%) Wireless
7 15 (3.67%) SNMP
8 13 (3.18%) 802.11
8 13 (3.18%) TCP/IP
8 13 (3.18%) VoIP
9 12 (2.93%) Wireshark
10 11 (2.69%) DHCP
10 11 (2.69%) WAN
11 10 (2.44%) FTP
12 9 (2.20%) IPsec
12 9 (2.20%) Wi-Fi
13 8 (1.96%) SAN
Database & Business Intelligence
1 32 (7.82%) SQL Server
2 11 (2.69%) Essbase
2 11 (2.69%) Oracle BI EE
3 9 (2.20%) MySQL
3 9 (2.20%) PostgreSQL
4 7 (1.71%) GIS
4 7 (1.71%) Oracle Database
5 6 (1.47%) Big Data
6 5 (1.22%) Redis
7 4 (0.98%) MongoDB
8 3 (0.73%) Apache Hive
8 3 (0.73%) BigQuery
8 3 (0.73%) Data Warehouse
8 3 (0.73%) EDRMS
8 3 (0.73%) Hadoop
9 2 (0.49%) Amazon RDS
10 1 (0.24%) Neo4j
10 1 (0.24%) Oracle Reports
10 1 (0.24%) RDBMS
10 1 (0.24%) Relational Database
Development Applications
1 31 (7.58%) Burp Suite
2 29 (7.09%) Jenkins
2 29 (7.09%) Metasploit
3 27 (6.60%) Git (software)
4 20 (4.89%) JIRA
5 19 (4.65%) Octopus Deploy
6 18 (4.40%) Team Foundation Server
7 16 (3.91%) GoCD
8 9 (2.20%) Selenium
8 9 (2.20%) TeamCity
9 8 (1.96%) Visual Studio Team System
10 7 (1.71%) Oracle Forms
10 7 (1.71%) SonarQube
11 6 (1.47%) Cucumber
11 6 (1.47%) Fiddler
11 6 (1.47%) GitLab
11 6 (1.47%) Maven
11 6 (1.47%) Visual Studio
11 6 (1.47%) Xcode
12 5 (1.22%) SoapUI
General
1 80 (19.56%) Finance
2 37 (9.05%) Banking
3 22 (5.38%) Financial Institution
4 16 (3.91%) Law
5 13 (3.18%) Retail
6 11 (2.69%) Legal
7 9 (2.20%) Investment Banking
8 5 (1.22%) Telecoms
9 3 (0.73%) German Language
9 3 (0.73%) Manufacturing
9 3 (0.73%) Marketing
10 2 (0.49%) Advertising
10 2 (0.49%) Back Office
10 2 (0.49%) Local Government
10 2 (0.49%) Retail Banking
11 1 (0.24%) Aerospace
11 1 (0.24%) Electronics
11 1 (0.24%) Italian Language
11 1 (0.24%) Military
11 1 (0.24%) Pharmaceutical
Job Titles
1 64 (15.65%) Tester
2 62 (15.16%) Consultant
3 57 (13.94%) Security Consultant
4 56 (13.69%) Architect
5 55 (13.45%) Security Architect
6 48 (11.74%) Analyst
7 42 (10.27%) Penetration Tester
8 39 (9.54%) Security Engineer
9 38 (9.29%) Security Analyst
10 24 (5.87%) Security Manager
11 18 (4.40%) Security Specialist
12 17 (4.16%) Cybersecurity Analyst
13 14 (3.42%) Security Tester
14 13 (3.18%) Project Manager
15 12 (2.93%) Information Security Manager
16 11 (2.69%) Delivery Manager
17 10 (2.44%) Information Manager
17 10 (2.44%) Operations Engineer
17 10 (2.44%) Solutions Architect
17 10 (2.44%) Systems Engineer
Libraries, Frameworks & Software Standards
1 25 (6.11%) Web Services
2 13 (3.18%) 802.1X
3 12 (2.93%) .NET
4 10 (2.44%) OAuth
4 10 (2.44%) REST
5 9 (2.20%) Node.js
5 9 (2.20%) OpenID
6 7 (1.71%) .NET Core
6 7 (1.71%) CSLA.NET
6 7 (1.71%) WinForms
6 7 (1.71%) WPF
7 6 (1.47%) RESTful
8 5 (1.22%) Django
8 5 (1.22%) Gherkin
8 5 (1.22%) Java EE
8 5 (1.22%) JSON
8 5 (1.22%) Middleware
8 5 (1.22%) SOAP
9 4 (0.98%) Celery
9 4 (0.98%) scikit-learn
Miscellaneous
1 63 (15.40%) Management Information System
2 24 (5.87%) Cyberthreat
2 24 (5.87%) Mobile App
3 20 (4.89%) Analytical Skills
4 19 (4.65%) Self-Motivation
5 16 (3.91%) SCADA
6 13 (3.18%) Data Centre
7 11 (2.69%) Wiki
8 10 (2.44%) Cyber Defence
9 9 (2.20%) Public Cloud
10 7 (1.71%) Cyber Kill Chain
11 6 (1.47%) Algorithms
11 6 (1.47%) Cybercrime
11 6 (1.47%) Field-Programmable Gate Array
11 6 (1.47%) Hybrid Cloud
11 6 (1.47%) PKI
11 6 (1.47%) Verilog
11 6 (1.47%) VHDL
12 5 (1.22%) Clustering
13 4 (0.98%) RSA SecurID
Operating Systems
1 64 (15.65%) Linux
2 53 (12.96%) Windows
3 17 (4.16%) Kali Linux
4 11 (2.69%) Windows Server
5 10 (2.44%) Apple iOS
6 9 (2.20%) Android
6 9 (2.20%) Unix
7 7 (1.71%) CentOS
8 6 (1.47%) Embedded Linux
8 6 (1.47%) Mac OS X
9 5 (1.22%) Windows 10
10 4 (0.98%) Red Hat Enterprise Linux
10 4 (0.98%) Windows Server 2012
11 3 (0.73%) Windows Server 2008
12 2 (0.49%) Windows 7
13 1 (0.24%) Mac OS
Processes & Methodologies
1 171 (41.81%) Cybersecurity
2 154 (37.65%) Information Security
3 89 (21.76%) Security Architecture
4 88 (21.52%) Agile Software Development
5 66 (16.14%) OWASP
6 63 (15.40%) Security Operations
6 63 (15.40%) Security Testing
6 63 (15.40%) Vulnerability Management
7 60 (14.67%) Risk Management
8 47 (11.49%) DevOps
8 47 (11.49%) Patch Management
9 43 (10.51%) SIEM
9 43 (10.51%) Threat Modelling
10 42 (10.27%) Computer Science
11 39 (9.54%) Threat Intelligence
12 37 (9.05%) Test Automation
13 36 (8.80%) Security Monitoring
14 35 (8.56%) Identity Access Management
14 35 (8.56%) Information Assurance
15 31 (7.58%) Security Management
Programming Languages
1 74 (18.09%) Python
2 47 (11.49%) Ruby
3 45 (11.00%) Bash Shell
4 43 (10.51%) Java
5 40 (9.78%) PowerShell
6 36 (8.80%) Perl
7 32 (7.82%) C
8 23 (5.62%) C#
9 21 (5.13%) C++
10 15 (3.67%) Lua
11 11 (2.69%) PHP
12 7 (1.71%) SQL
13 6 (1.47%) Embedded C
13 6 (1.47%) JavaScript
13 6 (1.47%) Shell Script
14 5 (1.22%) Objective-C
15 3 (0.73%) Go
16 2 (0.49%) Apple Swift
16 2 (0.49%) Kotlin
17 1 (0.24%) COBOL
Qualifications
1 113 (27.63%) CISSP
2 59 (14.43%) CISM
3 57 (13.94%) Degree
4 53 (12.96%) Security Cleared
5 46 (11.25%) GIAC
6 45 (11.00%) SANS
7 38 (9.29%) SC Cleared
8 33 (8.07%) CEH
9 27 (6.60%) CISA
9 27 (6.60%) Cisco Certification
9 27 (6.60%) CREST Certified
10 25 (6.11%) DV Cleared
11 18 (4.40%) Microsoft Certification
12 16 (3.91%) MCSE
13 14 (3.42%) CompTIA Security+
13 14 (3.42%) GSNA
13 14 (3.42%) OSCE
14 13 (3.18%) Computer Science Degree
15 12 (2.93%) CCNP
16 11 (2.69%) OSCP
Quality Assurance & Compliance
1 88 (21.52%) ISO/IEC 27001
2 27 (6.60%) GDPR
3 26 (6.36%) PCI DSS
4 20 (4.89%) COBIT
5 17 (4.16%) QA
6 11 (2.69%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 11 (2.69%) Sarbanes-Oxley
7 10 (2.44%) COSO
8 9 (2.20%) Cyber Essentials
8 9 (2.20%) HIPAA
9 7 (1.71%) PSD2
10 3 (0.73%) Web Application Security Consortium
11 2 (0.49%) Actionable Recommendations
11 2 (0.49%) NIST 800
12 1 (0.24%) CESG Infosec
12 1 (0.24%) Cyber Essentials PLUS
12 1 (0.24%) HMG Security Policy Framework
12 1 (0.24%) ISAE 3402
12 1 (0.24%) SLA
System Software
1 33 (8.07%) Docker
2 18 (4.40%) Active Directory
3 7 (1.71%) VMware Infrastructure
4 6 (1.47%) Firmware
5 5 (1.22%) Virtual Machines
5 5 (1.22%) vSphere
6 4 (0.98%) XenDesktop
7 3 (0.73%) OpenAM
7 3 (0.73%) ProxySG
7 3 (0.73%) Snort
8 2 (0.49%) Hyper-V
9 1 (0.24%) BitLocker
9 1 (0.24%) KVM
9 1 (0.24%) Virtual Desktop
9 1 (0.24%) Virtual Servers
9 1 (0.24%) VMware ESXi
Systems Management
1 31 (7.58%) Nessus
2 27 (6.60%) Puppet
3 26 (6.36%) Kubernetes
4 23 (5.62%) Ansible
5 22 (5.38%) Nmap
6 18 (4.40%) Opscode Chef
7 17 (4.16%) Rundeck
8 15 (3.67%) Terraform
9 13 (3.18%) QRadar
10 12 (2.93%) Host Intrusion Detection System
11 10 (2.44%) Computer Emergency Response Teams
11 10 (2.44%) Network Intrusion Detection System
12 8 (1.96%) EnCase
12 8 (1.96%) Single Sign-On
13 7 (1.71%) FTK
14 4 (0.98%) McAfee ePO
14 4 (0.98%) Packer
15 3 (0.73%) Salt
15 3 (0.73%) SCCM
16 2 (0.49%) HP Fortify
Vendors
1 46 (11.25%) Microsoft
2 29 (7.09%) Cisco
2 29 (7.09%) Oracle
3 24 (5.87%) Atlassian
4 18 (4.40%) McAfee
5 16 (3.91%) SaltStack
6 15 (3.67%) Qualys
7 14 (3.42%) VMware
8 13 (3.18%) Splunk
9 12 (2.93%) CheckPoint
9 12 (2.93%) Citrix
10 11 (2.69%) Hyperion
10 11 (2.69%) Juniper
11 10 (2.44%) F5
11 10 (2.44%) Google
11 10 (2.44%) Proofpoint
12 9 (2.20%) IBM
12 9 (2.20%) Sophos
13 8 (1.96%) Forcepoint
13 8 (1.96%) Red Hat