Period
to 14 December 2018

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 14 December 2018 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
14 Dec 2018
Same period 2017 Same period 2016
Rank 501 496 461
Rank change year-on-year -5 -35 +142
Contract jobs citing Penetration Testing 441 435 495
As % of all contract IT jobs advertised in the UK 0.42% 0.42% 0.48%
As % of the Processes & Methodologies category 0.48% 0.49% 0.56%
Number of daily rates quoted 269 260 331
UK median daily rate £525 £500 £475
Median daily rate % change year-on-year +5.00% +5.26% +5.56%
10th Percentile £385 £350 £350
90th Percentile £675 £625 £613
UK excluding London median daily rate £504 £475 £475
% change year-on-year +6.05% - +9.51%
Number of hourly rates quoted 1 3 1
UK median hourly rate £50.00 £60.87 £35.00
Median hourly rate % change year-on-year -17.86% +73.91% -20.00%
10th Percentile £47.50 £58.17 £32.50
90th Percentile £52.50 £63.50 £37.50
UK excluding London median hourly rate £50.00 £60.44 £35.00
% change year-on-year -17.27% +72.67% -20.00%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 91,019 88,693 87,901
As % of all contract IT jobs advertised in the UK 86.75% 85.91% 85.29%
Number of daily rates quoted 60,315 59,199 57,906
UK median daily rate £465 £450 £425
Median daily rate % change year-on-year +3.33% +5.88% +2.41%
10th Percentile £300 £276 £263
90th Percentile £638 £638 £601
UK excluding London median daily rate £425 £400 £400
% change year-on-year +6.25% - +3.23%
Number of hourly rates quoted 2,324 2,065 2,485
UK median hourly rate £22.50 £24.02 £22.50
Median hourly rate % change year-on-year -6.33% +6.76% +2.27%
10th Percentile £11.25 £11.25 £11.06
90th Percentile £50.25 £49.65 £48.38
UK excluding London median hourly rate £21.00 £25.00 £22.50
% change year-on-year -16.00% +11.11% -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 14 December 2018.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 14 December 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +3 419 £525 +5.00% 149
UK excluding London -24 212 £504 +6.05% 98
London +7 209 £545 +9.00% 61
South East +30 90 £563 +12.50% 21
North of England -26 42 £525 +16.67% 26
Midlands -7 34 £550 +15.79% 17
North West -21 27 £500 +5.26% 11
West Midlands -20 25 £600 +26.32% 12
East of England -15 24 £525 - 11
South West -36 18 £472 +4.19% 13
Yorkshire -15 15 £638 +57.70% 13
East Midlands +17 10 £600 +33.33% 5
Wales -24 4 - - 4
Scotland -22 3 £600 +54.84% 5
Northern Ireland - 1 £550 - 1

For the 6 months to 14 December 2018, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 173 (39.23%) Information Security
2 157 (35.60%) Cybersecurity
3 102 (23.13%) CISSP
4 101 (22.90%) Agile Software Development
5 92 (20.86%) Firewall
6 86 (19.50%) Security Architecture
7 77 (17.46%) Finance
8 71 (16.10%) Security Cleared
9 69 (15.65%) Security Testing
9 69 (15.65%) Risk Management
10 68 (15.42%) Python
10 68 (15.42%) ISO/IEC 27001
11 66 (14.97%) Linux
11 66 (14.97%) Amazon AWS
12 65 (14.74%) Java
13 64 (14.51%) Vulnerability Management
14 62 (14.06%) Security Operations
15 60 (13.61%) Management Information System
16 59 (13.38%) Microsoft Azure
16 59 (13.38%) Degree
17 56 (12.70%) Windows
18 54 (12.24%) CISM
18 54 (12.24%) SC Cleared
19 51 (11.56%) Microsoft
20 50 (11.34%) PowerShell
21 48 (10.88%) Ruby
21 48 (10.88%) SIEM
22 47 (10.66%) Computer Science
23 46 (10.43%) OWASP
23 46 (10.43%) DevOps

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 15 (3.40%) OpenStack
2 14 (3.17%) Confluence
2 14 (3.17%) IIS
3 8 (1.81%) SharePoint
4 6 (1.36%) SharePoint 2013
5 3 (0.68%) Apache
5 3 (0.68%) Apache Pig
5 3 (0.68%) nginx
6 2 (0.45%) MS Exchange
6 2 (0.45%) Oracle SOA Suite
6 2 (0.45%) SAS
6 2 (0.45%) Tomcat
7 1 (0.23%) BizTalk Server
7 1 (0.23%) Elasticsearch
7 1 (0.23%) WebSphere
Applications
1 7 (1.59%) Microsoft Office
2 2 (0.45%) Microsoft Excel
2 2 (0.45%) Microsoft Project
3 1 (0.23%) Microsoft PowerPoint
3 1 (0.23%) MS Visio
Business Applications
1 11 (2.49%) Oracle EBS R12
1 11 (2.49%) Oracle FAH
2 1 (0.23%) Oracle EBS
Cloud Services
1 66 (14.97%) Amazon AWS
2 59 (13.38%) Microsoft Azure
3 16 (3.63%) Mimecast
4 15 (3.40%) IaaS
5 14 (3.17%) PaaS
6 12 (2.72%) GitHub
7 11 (2.49%) SaaS
8 10 (2.27%) Google Cloud Platform
9 8 (1.81%) BrowserStack
9 8 (1.81%) Office 365
10 6 (1.36%) Apigee
11 4 (0.91%) Amazon S3
12 3 (0.68%) Amazon EC2
12 3 (0.68%) Route 53
12 3 (0.68%) Sumo Logic
12 3 (0.68%) Virtual Private Cloud
13 2 (0.45%) Akamai
13 2 (0.45%) Cloud Computing
13 2 (0.45%) Cloudflare
13 2 (0.45%) OpenShift
Communications & Networking
1 92 (20.86%) Firewall
2 36 (8.16%) HTTP
3 32 (7.26%) Network Security
4 31 (7.03%) SSL
5 29 (6.58%) VPN
6 24 (5.44%) DNS
6 24 (5.44%) TCP/IP
7 21 (4.76%) Internet
8 20 (4.54%) Intrusion Detection
9 17 (3.85%) Wireless
10 15 (3.40%) SNMP
11 14 (3.17%) WAN
12 13 (2.95%) 802.11
12 13 (2.95%) LAN
12 13 (2.95%) SAN
12 13 (2.95%) VoIP
13 12 (2.72%) Wireshark
14 11 (2.49%) DHCP
14 11 (2.49%) FTP
14 11 (2.49%) IPsec
Database & Business Intelligence
1 32 (7.26%) SQL Server
2 11 (2.49%) Essbase
2 11 (2.49%) Oracle BI EE
3 10 (2.27%) MySQL
4 8 (1.81%) PostgreSQL
5 7 (1.59%) Oracle Database
6 6 (1.36%) Redis
7 4 (0.91%) GIS
8 3 (0.68%) Amazon RDS
8 3 (0.68%) Apache Hive
8 3 (0.68%) Big Data
8 3 (0.68%) BigQuery
8 3 (0.68%) EDRMS
8 3 (0.68%) Hadoop
8 3 (0.68%) MongoDB
9 1 (0.23%) Apache Cassandra
9 1 (0.23%) Base SAS
9 1 (0.23%) Neo4j
9 1 (0.23%) NoSQL
9 1 (0.23%) Relational Database
Development Applications
1 31 (7.03%) Metasploit
2 29 (6.58%) Burp Suite
3 28 (6.35%) Jenkins
4 21 (4.76%) Git (software)
5 18 (4.08%) JIRA
6 14 (3.17%) Octopus Deploy
6 14 (3.17%) Selenium
7 11 (2.49%) GitLab
7 11 (2.49%) GoCD
8 10 (2.27%) Cucumber
8 10 (2.27%) SonarQube
8 10 (2.27%) Visual Studio Team System
9 9 (2.04%) JMeter
9 9 (2.04%) Maven
10 8 (1.81%) JUnit
10 8 (1.81%) SoapUI
11 7 (1.59%) Team Foundation Server
12 6 (1.36%) Fiddler
12 6 (1.36%) Visual Studio
13 4 (0.91%) Xcode
General
1 77 (17.46%) Finance
2 36 (8.16%) Banking
3 16 (3.63%) Legal
4 10 (2.27%) Financial Institution
5 8 (1.81%) Retail
5 8 (1.81%) Telecoms
6 6 (1.36%) Investment Banking
6 6 (1.36%) Law
6 6 (1.36%) Manufacturing
7 4 (0.91%) Aerospace
7 4 (0.91%) Marketing
8 2 (0.45%) Advertising
8 2 (0.45%) Local Government
8 2 (0.45%) Retail Banking
9 1 (0.23%) Automotive
9 1 (0.23%) Electronics
9 1 (0.23%) French Language
9 1 (0.23%) Italian Language
9 1 (0.23%) Military
9 1 (0.23%) Pharmaceutical
Job Titles
1 77 (17.46%) Analyst
2 68 (15.42%) Tester
3 67 (15.19%) Consultant
4 61 (13.83%) Security Analyst
5 58 (13.15%) Security Consultant
6 50 (11.34%) Penetration Tester
7 49 (11.11%) Architect
8 44 (9.98%) Security Architect
9 31 (7.03%) Security Manager
10 24 (5.44%) Cybersecurity Analyst
10 24 (5.44%) Security Engineer
11 20 (4.54%) Information Security Manager
12 19 (4.31%) Information Analyst
12 19 (4.31%) Information Manager
12 19 (4.31%) Security Specialist
13 17 (3.85%) Information Security Analyst
14 13 (2.95%) Project Manager
15 12 (2.72%) Security Tester
15 12 (2.72%) Test Analyst
16 11 (2.49%) Solutions Architect
Libraries, Frameworks & Software Standards
1 24 (5.44%) Web Services
2 18 (4.08%) OAuth
3 16 (3.63%) OpenID
4 14 (3.17%) SAML
5 13 (2.95%) .NET
5 13 (2.95%) 802.1X
6 11 (2.49%) SOAP
7 10 (2.27%) REST
8 9 (2.04%) Middleware
9 8 (1.81%) Gherkin
9 8 (1.81%) JSON
9 8 (1.81%) Node.js
10 7 (1.59%) ASP.NET
11 6 (1.36%) RESTful
12 5 (1.13%) Django
12 5 (1.13%) Java EE
12 5 (1.13%) LAMP
12 5 (1.13%) OAuth2
13 4 (0.91%) RabbitMQ
13 4 (0.91%) scikit-learn
Miscellaneous
1 60 (13.61%) Management Information System
2 27 (6.12%) Mobile App
3 25 (5.67%) Self-Motivation
4 24 (5.44%) Cyberthreat
5 21 (4.76%) PKI
6 18 (4.08%) Analytical Skills
6 18 (4.08%) Data Centre
7 17 (3.85%) SCADA
8 14 (3.17%) Cyber Defence
8 14 (3.17%) Public Cloud
9 11 (2.49%) Wiki
10 8 (1.81%) Clustering
11 7 (1.59%) Cyber Kill Chain
11 7 (1.59%) Hybrid Cloud
12 6 (1.36%) Cyberattack
12 6 (1.36%) RSA SecurID
13 5 (1.13%) Client/Server
13 5 (1.13%) Enterprise Software
13 5 (1.13%) SWIFT
14 4 (0.91%) Cybercrime
Operating Systems
1 66 (14.97%) Linux
2 56 (12.70%) Windows
3 18 (4.08%) Kali Linux
4 15 (3.40%) Unix
5 13 (2.95%) Android
5 13 (2.95%) Windows Server
6 11 (2.49%) Apple iOS
7 8 (1.81%) Solaris
8 6 (1.36%) Mac OS X
8 6 (1.36%) Red Hat Enterprise Linux
9 4 (0.91%) Embedded Linux
10 3 (0.68%) CentOS
10 3 (0.68%) Windows Server 2012
11 2 (0.45%) Windows 10
11 2 (0.45%) Windows Server 2008
12 1 (0.23%) AIX
12 1 (0.23%) Mac OS
12 1 (0.23%) zOS
Processes & Methodologies
1 173 (39.23%) Information Security
2 157 (35.60%) Cybersecurity
3 101 (22.90%) Agile Software Development
4 86 (19.50%) Security Architecture
5 69 (15.65%) Risk Management
5 69 (15.65%) Security Testing
6 64 (14.51%) Vulnerability Management
7 62 (14.06%) Security Operations
8 48 (10.88%) SIEM
9 47 (10.66%) Computer Science
10 46 (10.43%) DevOps
10 46 (10.43%) OWASP
11 42 (9.52%) Vulnerability Scanning
12 41 (9.30%) Open Source
12 41 (9.30%) Secure Coding
13 40 (9.07%) Patch Management
14 39 (8.84%) Ethical Hacking
15 38 (8.62%) Test Automation
16 37 (8.39%) Threat Intelligence
17 36 (8.16%) SDLC
Programming Languages
1 68 (15.42%) Python
2 65 (14.74%) Java
3 50 (11.34%) PowerShell
4 48 (10.88%) Ruby
5 45 (10.20%) Bash Shell
6 37 (8.39%) C
7 32 (7.26%) C#
7 32 (7.26%) Perl
8 24 (5.44%) C++
9 16 (3.63%) PHP
10 15 (3.40%) Lua
11 10 (2.27%) SQL
12 9 (2.04%) JavaScript
13 6 (1.36%) Shell Script
14 4 (0.91%) Embedded C
15 3 (0.68%) Objective-C
16 1 (0.23%) VB
16 1 (0.23%) VB.NET
Qualifications
1 102 (23.13%) CISSP
2 71 (16.10%) Security Cleared
3 59 (13.38%) Degree
4 54 (12.24%) CISM
4 54 (12.24%) SC Cleared
5 40 (9.07%) CEH
6 36 (8.16%) CISA
7 30 (6.80%) Cisco Certification
8 27 (6.12%) GIAC
8 27 (6.12%) SANS
9 26 (5.90%) DV Cleared
10 25 (5.67%) CREST Certified
11 20 (4.54%) Computer Science Degree
12 19 (4.31%) CompTIA Security+
13 16 (3.63%) OSCP
14 14 (3.17%) OSCE
15 10 (2.27%) (ISC)2 CCSP
16 9 (2.04%) CCIE
16 9 (2.04%) CRISC
16 9 (2.04%) Tigerscheme
Quality Assurance & Compliance
1 68 (15.42%) ISO/IEC 27001
2 30 (6.80%) GDPR
3 26 (5.90%) PCI DSS
4 24 (5.44%) QA
5 17 (3.85%) COBIT
6 11 (2.49%) Sarbanes-Oxley
7 10 (2.27%) Cyber Essentials
7 10 (2.27%) PSD2
8 9 (2.04%) HIPAA
9 6 (1.36%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
10 5 (1.13%) Actionable Recommendations
11 4 (0.91%) COSO
12 3 (0.68%) Web Application Security Consortium
13 2 (0.45%) NIST 800
14 1 (0.23%) PMO
14 1 (0.23%) SLA
System Software
1 37 (8.39%) Docker
2 26 (5.90%) Active Directory
3 16 (3.63%) VMware Infrastructure
4 6 (1.36%) Firmware
4 6 (1.36%) OpenAM
5 5 (1.13%) vSphere
6 4 (0.91%) Virtual Desktop
7 3 (0.68%) ProxySG
7 3 (0.68%) Snort
7 3 (0.68%) Virtual Machines
7 3 (0.68%) XenDesktop
8 2 (0.45%) Hyper-V
9 1 (0.23%) BitLocker
9 1 (0.23%) Varnish
9 1 (0.23%) Virtual Servers
9 1 (0.23%) VMware NSX
Systems Management
1 31 (7.03%) Nessus
2 22 (4.99%) Kubernetes
2 22 (4.99%) Nmap
3 21 (4.76%) Host Intrusion Detection System
4 19 (4.31%) Puppet
5 18 (4.08%) Ansible
5 18 (4.08%) Network Intrusion Detection System
6 16 (3.63%) Computer Emergency Response Teams
7 14 (3.17%) Opscode Chef
7 14 (3.17%) QRadar
8 12 (2.72%) Rundeck
8 12 (2.72%) Single Sign-On
9 9 (2.04%) Terraform
10 8 (1.81%) HP Fortify
11 7 (1.59%) CSIRT
11 7 (1.59%) EnCase
11 7 (1.59%) McAfee ePO
11 7 (1.59%) SCCM
12 6 (1.36%) FTK
12 6 (1.36%) Microsoft Clustering
Vendors
1 51 (11.56%) Microsoft
2 35 (7.94%) Cisco
3 24 (5.44%) Oracle
4 22 (4.99%) VMware
5 20 (4.54%) Atlassian
6 16 (3.63%) McAfee
6 16 (3.63%) Proofpoint
7 15 (3.40%) Qualys
8 12 (2.72%) CheckPoint
9 11 (2.49%) ArcSight
9 11 (2.49%) Google
9 11 (2.49%) Hyperion
9 11 (2.49%) IBM
9 11 (2.49%) Juniper
9 11 (2.49%) SaltStack
10 10 (2.27%) Citrix
11 9 (2.04%) Splunk
12 8 (1.81%) F5
13 7 (1.59%) Blue Coat
13 7 (1.59%) Forcepoint