OWASP Contracts, Co-occurring Skills & Contractor Rates

Open Web Application Security Project (OWASP)
UK

The table below provides summary statistics for contract job vacancies requiring OWASP skills. It includes a benchmarking guide to the contractor rates offered in vacancies that cited OWASP over the 6 months leading up to 1 May 2025, comparing them to the same period in the previous two years.

Location	6 months to 1 May 2025	Same period 2024	Same period 2023
Rank	390	453	563
Rank change year-on-year	+63	+110	-30
Contract jobs citing OWASP	131	129	155
As % of all contract jobs advertised in the UK	0.45%	0.30%	0.26%
As % of the Processes & Methodologies category	0.49%	0.34%	0.29%
Number of daily rates quoted	72	59	94
10^th Percentile	£333	£463	£436
25^th Percentile	£500	£529	£513
Median daily rate (50^th Percentile)	£638	£600	£556
Median % change year-on-year	+6.25%	+7.87%	-3.26%
75^th Percentile	£713	£663	£650
90^th Percentile	£773	£709	£738
UK excluding London median daily rate	£650	£575	£550
% change year-on-year	+13.04%	+4.55%	-
Number of hourly rates quoted	0	0	2
Median hourly rate	-	-	£70.00
UK excluding London median hourly rate	-	-	£70.00

All Process and Methodology Skills
UK

OWASP falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all contract job vacancies requiring process or methodology skills.

Contract vacancies with a requirement for process or methodology skills	26,594	37,597	53,655
As % of all contract IT jobs advertised in the UK	90.84%	86.31%	89.91%
Number of daily rates quoted	17,149	24,227	37,238
10^th Percentile	£308	£300	£325
25^th Percentile	£413	£413	£438
Median daily rate (50^th Percentile)	£520	£525	£550
Median % change year-on-year	-0.95%	-4.55%	+4.76%
75^th Percentile	£630	£638	£650
90^th Percentile	£743	£750	£750
UK excluding London median daily rate	£483	£500	£500
% change year-on-year	-3.50%	-	+5.26%
Number of hourly rates quoted	1,071	2,443	1,746
10^th Percentile	£14.41	£12.75	£11.00
25^th Percentile	£18.21	£16.00	£16.25
Median hourly rate	£29.00	£35.65	£37.30
Median % change year-on-year	-18.65%	-4.42%	+49.20%
75^th Percentile	£60.38	£59.98	£65.00
90^th Percentile	£75.00	£72.50	£75.00
UK excluding London median hourly rate	£27.50	£37.34	£36.00
% change year-on-year	-26.35%	+3.72%	+80.00%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a proportion of all IT jobs advertised.

OWASP
Contractor Daily Rate Trend

3-month moving average daily rate quoted in jobs citing OWASP.

OWASP
Daily Rate Histogram

Daily rate distribution for jobs citing OWASP over the 6 months to 1 May 2025.

Daily rate histogram for OWASP in the UK

OWASP
Contractor Hourly Rate Trend

3-month moving average hourly rates quoted in jobs citing OWASP.

OWASP
Top 13 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing OWASP within the UK over the 6 months to 1 May 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Contract IT Job Ads	Median Daily Rate Past 6 Months	Median Daily Rate % Change on Same Period Last Year	Live Jobs
England	+55	106	£650	+13.04%	115
UK excluding London	+52	63	£650	+13.04%	83
London	+46	52	£650	+2.36%	52
Work from Home	+19	45	£600	+4.35%	83
North of England	+24	23	£675	+17.90%	25
South East	+26	22	£538	-2.27%	29
Yorkshire	+10	14	£313	-45.05%	9
Scotland	+12	9	£613	-1.61%	5
North West	+19	8	£675	+17.39%	16
South West	+51	6	£680	-	10
Midlands	+25	4	£710	-	5
West Midlands	+17	4	£710	-	2
North East	-	1	£550	-

OWASP
Top 30 Co-occurring Skills and Capabilities

For the 6 months to 1 May 2025, contractor job vacancies citing OWASP also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for OWASP.

1	54 (41.22%)	DevOps
2	52 (39.69%)	CI/CD
3	46 (35.11%)	Cybersecurity
4	44 (33.59%)	NIST
5	40 (30.53%)	Azure
6	36 (27.48%)	SQL
6	36 (27.48%)	Microservices
7	34 (25.95%)	Test Automation
8	33 (25.19%)	Bash
8	33 (25.19%)	Agile
9	32 (24.43%)	Information Security
9	32 (24.43%)	RESTful
9	32 (24.43%)	Social Skills
10	31 (23.66%)	Cloud Security
10	31 (23.66%)	Kubernetes

10	31 (23.66%)	Git
11	30 (22.90%)	BDD
11	30 (22.90%)	TDD
11	30 (22.90%)	DevSecOps
12	29 (22.14%)	Application Security
12	29 (22.14%)	Docker
13	28 (21.37%)	Java
13	28 (21.37%)	AWS
13	28 (21.37%)	Containerisation
14	27 (20.61%)	MySQL
14	27 (20.61%)	Python
15	26 (19.85%)	Security Cleared
16	23 (17.56%)	SC Cleared
16	23 (17.56%)	JIRA
16	23 (17.56%)	Linux

OWASP
Co-occurring Skills and Capabilities by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same employment type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
Cloud Services
Communications & Networking
Database & Business Intelligence
Development Applications
General
Job Titles
Libraries, Frameworks & Software Standards
Miscellaneous
Operating Systems
Processes & Methodologies
Programming Languages
Qualifications
Quality Assurance & Compliance
System Software
Systems Management
Vendors

Application Platforms
1	18 (13.74%)	Confluence
2	2 (1.53%)	IIS
3	1 (0.76%)	Apache
3	1 (0.76%)	Apache Spark
3	1 (0.76%)	nginx
3	1 (0.76%)	Tomcat

Cloud Services
1	40 (30.53%)	Azure
2	28 (21.37%)	AWS
3	19 (14.50%)	Cloud Computing
4	18 (13.74%)	Azure DevOps
4	18 (13.74%)	Slack
5	15 (11.45%)	GitHub
6	12 (9.16%)	GCP
7	7 (5.34%)	IaaS
7	7 (5.34%)	PaaS
7	7 (5.34%)	SaaS
7	7 (5.34%)	Serverless
8	5 (3.82%)	Azure Sentinel
9	4 (3.05%)	Azure Monitor
9	4 (3.05%)	SonarCloud
10	3 (2.29%)	GitHub Actions
10	3 (2.29%)	Google Compute Engine
11	2 (1.53%)	Amazon EKS
11	2 (1.53%)	AWS CloudFormation
11	2 (1.53%)	AWS Lambda
11	2 (1.53%)	Azure Stack

Communications & Networking
1	16 (12.21%)	HTTP
2	15 (11.45%)	Network Security
3	14 (10.69%)	Firewall
4	6 (4.58%)	Radio Access Network
5	4 (3.05%)	DNS
5	4 (3.05%)	FTP
5	4 (3.05%)	SMTP
5	4 (3.05%)	SSL
5	4 (3.05%)	TCP/IP

Database & Business Intelligence
1	27 (20.61%)	MySQL
2	22 (16.79%)	MongoDB
3	21 (16.03%)	Apache Cassandra
4	19 (14.50%)	PostgreSQL
5	8 (6.11%)	NoSQL
6	5 (3.82%)	Relational Database
7	4 (3.05%)	Redis
8	3 (2.29%)	Amazon Aurora
8	3 (2.29%)	Metadata
9	1 (0.76%)	Amazon RDS
9	1 (0.76%)	Big Data
9	1 (0.76%)	Delta Lake
9	1 (0.76%)	MariaDB

Development Applications
1	31 (23.66%)	Git
2	23 (17.56%)	JIRA
3	19 (14.50%)	Cucumber
4	18 (13.74%)	Jasmine
4	18 (13.74%)	JUnit
5	14 (10.69%)	Jenkins
6	13 (9.92%)	GitLab
7	9 (6.87%)	Cypress.io
7	9 (6.87%)	SonarQube
8	8 (6.11%)	Snyk
9	6 (4.58%)	Postman
9	6 (4.58%)	Selenium
10	5 (3.82%)	NUnit
11	4 (3.05%)	SoapUI
12	3 (2.29%)	Burp Suite
12	3 (2.29%)	JMeter
12	3 (2.29%)	Subversion
13	2 (1.53%)	Storybook
13	2 (1.53%)	Visual Studio
13	2 (1.53%)	Visual Studio Code

General
1	32 (24.43%)	Social Skills
2	22 (16.79%)	Public Sector
3	14 (10.69%)	Finance
4	11 (8.40%)	Banking
5	9 (6.87%)	Analytical Skills
6	6 (4.58%)	Legal
6	6 (4.58%)	Telecoms
7	3 (2.29%)	Electronics
7	3 (2.29%)	Manufacturing
7	3 (2.29%)	Marketing
8	2 (1.53%)	Documentation Skills
8	2 (1.53%)	Inclusion and Diversity
8	2 (1.53%)	Presentation Skills
9	1 (0.76%)	Financial Institution

Job Titles
1	35 (26.72%)	Developer
2	29 (22.14%)	Architect
3	28 (21.37%)	Lead
4	27 (20.61%)	Security Architect
5	21 (16.03%)	Senior
6	16 (12.21%)	Consultant
6	16 (12.21%)	Java Developer
7	15 (11.45%)	Security Consultant
8	14 (10.69%)	Senior Developer
9	13 (9.92%)	Tester
10	11 (8.40%)	Lead Developer
11	9 (6.87%)	.NET Developer
11	9 (6.87%)	DevSecOps Consultant
11	9 (6.87%)	Senior Java Developer
12	8 (6.11%)	DevSecOps Architect
13	7 (5.34%)	Java Engineer
14	6 (4.58%)	Full-Stack Developer
14	6 (4.58%)	Head of Architecture
14	6 (4.58%)	Head of Security
14	6 (4.58%)	Lead Java Developer

Libraries, Frameworks & Software Standards
1	32 (24.43%)	RESTful
2	23 (17.56%)	Spring Boot
3	22 (16.79%)	Spring
4	20 (15.27%)	Spring Security
5	19 (14.50%)	.NET
6	18 (13.74%)	Swagger
7	17 (12.98%)	OpenAPI
8	16 (12.21%)	Spring Batch
9	13 (9.92%)	CSS
10	12 (9.16%)	.NET Core
10	12 (9.16%)	HTML
11	10 (7.63%)	OAuth
11	10 (7.63%)	React
12	7 (5.34%)	JSON
13	6 (4.58%)	ASP.NET
13	6 (4.58%)	OpenID
13	6 (4.58%)	RabbitMQ
14	5 (3.82%)	ActiveMQ
14	5 (3.82%)	ARM Templates
15	4 (3.05%)	Vue

Miscellaneous
1	18 (13.74%)	Distributed Denial-of-Service
2	10 (7.63%)	Security Posture
3	9 (6.87%)	Private Cloud
4	8 (6.11%)	Hybrid Cloud
5	7 (5.34%)	Management Information System
5	7 (5.34%)	Product Ownership
6	6 (4.58%)	Cloud Native
7	5 (3.82%)	Cyber Defence
7	5 (3.82%)	Cyber Kill Chain
8	4 (3.05%)	Data Centre
8	4 (3.05%)	Distributed Systems
8	4 (3.05%)	Enterprise Software
9	2 (1.53%)	Cyber Threat
9	2 (1.53%)	Data Protection Act
9	2 (1.53%)	Mobile App
9	2 (1.53%)	Operational Technology
9	2 (1.53%)	PKI
9	2 (1.53%)	SCADA
9	2 (1.53%)	Security Operations Centre
10	1 (0.76%)	Linux Command Line

Operating Systems
1	23 (17.56%)	Linux
2	19 (14.50%)	Red Hat Enterprise Linux
3	2 (1.53%)	AIX
3	2 (1.53%)	Apple iOS
3	2 (1.53%)	Windows
4	1 (0.76%)	CentOS
4	1 (0.76%)	Windows Server

Processes & Methodologies
1	54 (41.22%)	DevOps
2	52 (39.69%)	CI/CD
3	46 (35.11%)	Cybersecurity
4	36 (27.48%)	Microservices
5	34 (25.95%)	Test Automation
6	33 (25.19%)	Agile
7	32 (24.43%)	Information Security
8	31 (23.66%)	Cloud Security
9	30 (22.90%)	BDD
9	30 (22.90%)	DevSecOps
9	30 (22.90%)	TDD
10	29 (22.14%)	Application Security
11	28 (21.37%)	Containerisation
12	23 (17.56%)	Continuous Delivery
13	22 (16.79%)	Mentoring
14	21 (16.03%)	API Design
14	21 (16.03%)	Problem-Solving
15	20 (15.27%)	Secure Coding
15	20 (15.27%)	Software Engineering
16	19 (14.50%)	Continuous Integration

Programming Languages
1	36 (27.48%)	SQL
2	33 (25.19%)	Bash
3	28 (21.37%)	Java
4	27 (20.61%)	Python
5	20 (15.27%)	PowerShell
6	17 (12.98%)	JavaScript
7	15 (11.45%)	C#
8	11 (8.40%)	PHP
9	7 (5.34%)	Ruby
9	7 (5.34%)	TypeScript
10	3 (2.29%)	Perl
11	2 (1.53%)	C
11	2 (1.53%)	C++
11	2 (1.53%)	Kotlin
11	2 (1.53%)	Objective-C
11	2 (1.53%)	PL/SQL
11	2 (1.53%)	Swift
12	1 (0.76%)	VB
12	1 (0.76%)	VB6

Qualifications
1	26 (19.85%)	Security Cleared
2	23 (17.56%)	SC Cleared
3	22 (16.79%)	CEH
4	20 (15.27%)	CISSP
5	17 (12.98%)	OSCP
6	14 (10.69%)	CISM
6	14 (10.69%)	Degree
7	10 (7.63%)	(ISC)2 CCSP
7	10 (7.63%)	Cisco Certification
8	8 (6.11%)	CCSP
8	8 (6.11%)	Computer Science Degree
9	7 (5.34%)	GIAC
9	7 (5.34%)	GPEN
9	7 (5.34%)	GWAPT
9	7 (5.34%)	SANS
10	5 (3.82%)	CCSAS
10	5 (3.82%)	CREST Certified
11	4 (3.05%)	AWS Certification
12	3 (2.29%)	CRISC
12	3 (2.29%)	Microsoft Certification

Quality Assurance & Compliance
1	44 (33.59%)	NIST
2	18 (13.74%)	PCI DSS
3	16 (12.21%)	COBIT
4	15 (11.45%)	GDPR
5	14 (10.69%)	ISO/IEC 27001
6	13 (9.92%)	Accessibility
7	11 (8.40%)	QA
8	8 (6.11%)	NCSC
9	4 (3.05%)	HIPAA
10	3 (2.29%)	GRC
11	2 (1.53%)	ISO/IEC 27005
12	1 (0.76%)	EU AI Act
12	1 (0.76%)	HL7
12	1 (0.76%)	Software Quality Assurance

System Software
1	29 (22.14%)	Docker
2	1 (0.76%)	Active Directory
2	1 (0.76%)	VMware Infrastructure

Systems Management
1	31 (23.66%)	Kubernetes
2	14 (10.69%)	Terraform
3	4 (3.05%)	Single Sign-On
4	2 (1.53%)	Ansible
4	2 (1.53%)	Grafana
4	2 (1.53%)	Prometheus
5	1 (0.76%)	Argo
5	1 (0.76%)	Docker Swarm
5	1 (0.76%)	Packer
5	1 (0.76%)	Puppet

Vendors
1	16 (12.21%)	Microsoft
2	6 (4.58%)	Veracode
3	5 (3.82%)	Coverity
3	5 (3.82%)	Oracle
3	5 (3.82%)	SAP
4	4 (3.05%)	Zend
5	3 (2.29%)	Google
6	2 (1.53%)	F5
6	2 (1.53%)	Imperva
6	2 (1.53%)	Salesforce
6	2 (1.53%)	Splunk
6	2 (1.53%)	VMware
7	1 (0.76%)	Cisco
7	1 (0.76%)	CrowdStrike
7	1 (0.76%)	Databricks
7	1 (0.76%)	Dynatrace
7	1 (0.76%)	Exabeam
7	1 (0.76%)	Palo Alto
7	1 (0.76%)	Red Hat

Open Web Application Security Project (OWASP)UK

All Process and Methodology SkillsUK

OWASPJob Vacancy Trend

OWASPContractor Daily Rate Trend

OWASPDaily Rate Histogram

OWASPContractor Hourly Rate Trend

OWASPTop 13 Contract Locations

OWASPTop 30 Co-occurring Skills and Capabilities

OWASPCo-occurring Skills and Capabilities by Category