Penetration Testing Contracts

Penetration Testing
UK

The table below provides summary statistics for contract job vacancies requiring Penetration Testing skills. It includes a benchmarking guide to the contractor rates offered in vacancies that cited Penetration Testing over the 6 months leading up to 6 July 2025, comparing them to the same period in the previous two years.

6 months to
6 Jul 2025
Same period 2024 Same period 2023
Rank 368 372 449
Rank change year-on-year +4 +77 +139
Contract jobs citing Penetration Testing 181 221 245
As % of all contract jobs advertised in the UK 0.57% 0.51% 0.43%
As % of the Processes & Methodologies category 0.63% 0.60% 0.48%
Number of daily rates quoted 113 162 167
10th Percentile £425 £425 £450
25th Percentile £492 £500 £498
Median daily rate (50th Percentile) £550 £550 £575
Median % change year-on-year - -4.35% -0.43%
75th Percentile £663 £674 £663
90th Percentile £700 £736 £798
UK excluding London median daily rate £519 £538 £550
% change year-on-year -3.62% -2.18% -5.17%
Number of hourly rates quoted 2 1 1
10th Percentile - - -
25th Percentile £51.25 £81.75 -
Median hourly rate £52.50 £83.50 £80.00
Median % change year-on-year -37.13% +4.38% -
75th Percentile £53.75 £85.25 -
90th Percentile - - -
UK excluding London median hourly rate £52.50 £83.50 -
% change year-on-year -37.13% - -

All Process and Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all contract job vacancies requiring process or methodology skills.

Contract vacancies with a requirement for process or methodology skills 28,883 36,949 50,825
As % of all contract IT jobs advertised in the UK 90.68% 85.32% 89.49%
Number of daily rates quoted 18,181 23,576 35,000
10th Percentile £300 £300 £325
25th Percentile £405 £413 £438
Median daily rate (50th Percentile) £505 £525 £550
Median % change year-on-year -3.81% -4.55% +0.92%
75th Percentile £625 £638 £650
90th Percentile £738 £750 £750
UK excluding London median daily rate £475 £500 £500
% change year-on-year -5.00% - -
Number of hourly rates quoted 1,432 2,509 1,726
10th Percentile £14.20 £12.75 £12.28
25th Percentile £17.42 £16.12 £16.85
Median hourly rate £25.15 £37.50 £38.18
Median % change year-on-year -32.93% -1.77% +46.83%
75th Percentile £53.75 £61.30 £65.00
90th Percentile £70.00 £72.50 £75.59
UK excluding London median hourly rate £24.66 £38.12 £35.00
% change year-on-year -35.31% +8.91% +66.67%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a proportion of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

3-month moving average daily rate quoted in jobs citing Penetration Testing.

Daily rate trend for Penetration Testing in the UK

Penetration Testing
Daily Rate Histogram

Daily rate distribution for jobs citing Penetration Testing over the 6 months to 6 July 2025.

Daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

3-month moving average hourly rates quoted in jobs citing Penetration Testing.

Hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 14 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 6 July 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Jobs
England +31 156 £550 -4.56% 308
London +25 91 £550 -5.98% 178
UK excluding London +27 74 £519 -3.62% 151
Work from Home +9 59 £530 -9.79% 198
South East +57 25 £658 +22.33% 46
Midlands +20 17 £375 -31.82% 16
Scotland 0 14 £526 +0.10% 14
East Midlands +10 12 £375 -6.25% 2
North of England -11 12 £531 -18.27% 37
North West -2 9 £575 -13.66% 18
South West +24 6 - - 25
West Midlands +5 5 £413 -36.54% 14
Yorkshire +3 3 £531 -18.27% 14
Wales +9 2 £650 +79.31% 3

Penetration Testing
Co-occurring Skills and Capabilities by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same employment type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 8 (4.42%) SharePoint
2 3 (1.66%) SAS
3 2 (1.10%) TPMS
4 1 (0.55%) IBM Transformation Extender
Applications
1 1 (0.55%) GNU Octave
Business Applications
1 4 (2.21%) Unit4 Business World
2 2 (1.10%) NetSuite
3 1 (0.55%) Dynamics GP
Cloud Services
1 84 (46.41%) Azure
2 39 (21.55%) AWS
3 32 (17.68%) GCP
4 22 (12.15%) GitHub
5 15 (8.29%) Microsoft 365
6 14 (7.73%) SaaS
7 10 (5.52%) Azure Sentinel
8 9 (4.97%) IaaS
8 9 (4.97%) Power Platform
9 8 (4.42%) Cloud Computing
10 7 (3.87%) Entra ID
10 7 (3.87%) PaaS
11 6 (3.31%) GitHub Actions
12 5 (2.76%) AWS CloudFormation
12 5 (2.76%) Azure DevOps
12 5 (2.76%) OpenShift
13 3 (1.66%) Amazon S3
13 3 (1.66%) OCI
14 2 (1.10%) Cohesity
14 2 (1.10%) Microsoft Purview
Communications & Networking
1 34 (18.78%) Network Security
2 29 (16.02%) Firewall
3 9 (4.97%) Internet
3 9 (4.97%) VPN
4 6 (3.31%) Intrusion Detection
5 4 (2.21%) SSL
6 3 (1.66%) Cisco Nexus
6 3 (1.66%) HTTP
6 3 (1.66%) NAS
6 3 (1.66%) SAN
6 3 (1.66%) WAN
7 2 (1.10%) HTTPS
7 2 (1.10%) LAN
7 2 (1.10%) Wireless
8 1 (0.55%) DMZ
8 1 (0.55%) DNS
8 1 (0.55%) MPLS
8 1 (0.55%) SNMP
8 1 (0.55%) Telnet
8 1 (0.55%) Wi-Fi
Database & Business Intelligence
1 7 (3.87%) Power BI
2 1 (0.55%) Oracle Reports
Development Applications
1 20 (11.05%) SonarQube
2 17 (9.39%) Burp Suite
2 17 (9.39%) Metasploit
3 9 (4.97%) Jenkins
4 8 (4.42%) GitLab
5 5 (2.76%) Git
6 3 (1.66%) Cypress.io
6 3 (1.66%) JIRA
7 2 (1.10%) Sonatype Nexus
7 2 (1.10%) webpack
8 1 (0.55%) Cucumber
8 1 (0.55%) Gatling
8 1 (0.55%) JMeter
8 1 (0.55%) MSI
8 1 (0.55%) REST Assured
8 1 (0.55%) Selenium
8 1 (0.55%) Snyk
8 1 (0.55%) SpecFlow
General
1 65 (35.91%) Social Skills
2 34 (18.78%) Finance
3 25 (13.81%) Public Sector
4 24 (13.26%) Analytical Skills
5 16 (8.84%) Banking
6 8 (4.42%) Legal
6 8 (4.42%) Military
7 7 (3.87%) Retail
8 5 (2.76%) Financial Institution
9 4 (2.21%) Retail Banking
10 3 (1.66%) Inclusion and Diversity
11 2 (1.10%) Aerospace
11 2 (1.10%) Documentation Skills
11 2 (1.10%) French Language
11 2 (1.10%) Law
11 2 (1.10%) Marketing
11 2 (1.10%) Presentation Skills
11 2 (1.10%) Telecoms
12 1 (0.55%) Automotive
12 1 (0.55%) Manufacturing
Job Titles
1 36 (19.89%) Security Engineer
2 24 (13.26%) Cybersecurity Engineer
3 23 (12.71%) Analyst
4 21 (11.60%) Tester
5 19 (10.50%) Penetration Tester
6 18 (9.94%) Senior
7 16 (8.84%) Architect
7 16 (8.84%) Security Analyst
7 16 (8.84%) Security Architect
8 12 (6.63%) Lead
9 10 (5.52%) Information Analyst
9 10 (5.52%) Information Security Analyst
10 9 (4.97%) IT Manager
10 9 (4.97%) Security Manager
11 8 (4.42%) IT Services Manager
11 8 (4.42%) Service Manager
12 7 (3.87%) Senior Manager
13 6 (3.31%) Auditor
13 6 (3.31%) Consultant
13 6 (3.31%) Senior IT Manager
Libraries, Frameworks & Software Standards
1 3 (1.66%) React
2 2 (1.10%) CSS
2 2 (1.10%) HTML
2 2 (1.10%) Jest
2 2 (1.10%) OAuth
2 2 (1.10%) pytest
2 2 (1.10%) RESTful
2 2 (1.10%) Spring Boot
2 2 (1.10%) Web Services
3 1 (0.55%) .NET
3 1 (0.55%) Django
3 1 (0.55%) EDI
3 1 (0.55%) Flutter
3 1 (0.55%) Playwright
3 1 (0.55%) PyTorch
3 1 (0.55%) REST
3 1 (0.55%) TensorFlow
3 1 (0.55%) YAML
Miscellaneous
1 31 (17.13%) Security Posture
2 14 (7.73%) Cyber Threat
2 14 (7.73%) Management Information System
3 10 (5.52%) PKI
4 7 (3.87%) Cloud Native
4 7 (3.87%) Video Conferencing
5 4 (2.21%) Security Operations Centre
6 3 (1.66%) Algorithms
6 3 (1.66%) Data Centre
6 3 (1.66%) Data Protection Act
6 3 (1.66%) Embedded Systems
6 3 (1.66%) Legacy Systems
6 3 (1.66%) Public Cloud
6 3 (1.66%) Self-Motivation
7 2 (1.10%) Cyber Kill Chain
7 2 (1.10%) IoT
7 2 (1.10%) Operational Technology
8 1 (0.55%) Greenfield Project
8 1 (0.55%) Industrial Internet of Things
8 1 (0.55%) Renewable Energy
Operating Systems
1 15 (8.29%) Windows
2 9 (4.97%) Unix
3 7 (3.87%) Windows Server
4 6 (3.31%) Linux
5 2 (1.10%) Windows Server 2016
5 2 (1.10%) Windows Server 2019
6 1 (0.55%) Kali Linux
Processes & Methodologies
1 91 (50.28%) Cybersecurity
2 52 (28.73%) Cloud Security
3 46 (25.41%) Security Testing
4 44 (24.31%) Vulnerability Management
5 40 (22.10%) CI/CD
5 40 (22.10%) Vulnerability Remediation
6 38 (20.99%) Vulnerability Assessment
7 37 (20.44%) Information Security
8 35 (19.34%) DevSecOps
9 34 (18.78%) Threat Modelling
10 32 (17.68%) Incident Response
11 28 (15.47%) SIEM
12 26 (14.36%) Data Protection
13 25 (13.81%) Agile
13 25 (13.81%) DevOps
13 25 (13.81%) Problem-Solving
13 25 (13.81%) Security Operations
14 24 (13.26%) Infrastructure as Code
14 24 (13.26%) Risk Management
15 22 (12.15%) Secure Coding
Programming Languages
1 43 (23.76%) Python
2 25 (13.81%) Bash
3 16 (8.84%) PowerShell
4 10 (5.52%) Java
5 7 (3.87%) JavaScript
6 5 (2.76%) C++
7 3 (1.66%) Bicep
7 3 (1.66%) C
7 3 (1.66%) C#
7 3 (1.66%) Kusto Query Language
7 3 (1.66%) Perl
7 3 (1.66%) TypeScript
8 2 (1.10%) Shell Script
9 1 (0.55%) Go
9 1 (0.55%) R
9 1 (0.55%) Ruby
9 1 (0.55%) SQL
Qualifications
1 51 (28.18%) Security Cleared
2 48 (26.52%) SC Cleared
3 32 (17.68%) CISSP
4 23 (12.71%) OSCP
5 22 (12.15%) CREST Certified
6 20 (11.05%) Degree
7 17 (9.39%) CEH
8 14 (7.73%) CISM
9 13 (7.18%) Cisco Certification
9 13 (7.18%) Tigerscheme
10 10 (5.52%) CHECK Team Member
11 9 (4.97%) (ISC)2 CCSP
11 9 (4.97%) CompTIA Security+
12 8 (4.42%) CCSP
12 8 (4.42%) Computer Science Degree
12 8 (4.42%) GCIH
13 5 (2.76%) CRISC
13 5 (2.76%) GIAC
13 5 (2.76%) SANS
14 4 (2.21%) PMP
Quality Assurance & Compliance
1 38 (20.99%) ISO/IEC 27001
1 38 (20.99%) NIST
2 27 (14.92%) GDPR
3 19 (10.50%) NCSC
4 16 (8.84%) PCI DSS
5 14 (7.73%) GRC
5 14 (7.73%) HIPAA
6 12 (6.63%) SLA
7 10 (5.52%) Cyber Essentials
7 10 (5.52%) QA
8 9 (4.97%) Cyber Essentials PLUS
9 6 (3.31%) California Consumer Privacy Act
10 3 (1.66%) Disclosure Scotland
11 2 (1.10%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
11 2 (1.10%) NIST 800
12 1 (0.55%) Accessibility
12 1 (0.55%) Actionable Recommendations
12 1 (0.55%) EU AI Act
12 1 (0.55%) Sarbanes-Oxley
12 1 (0.55%) SOC 2
System Software
1 8 (4.42%) Docker
2 6 (3.31%) Active Directory
3 3 (1.66%) Virtual Machines
4 1 (0.55%) Firmware
4 1 (0.55%) Hyper-V
4 1 (0.55%) Snort
4 1 (0.55%) Squid
Systems Management
1 14 (7.73%) Nmap
2 13 (7.18%) Kubernetes
3 12 (6.63%) Nessus
4 9 (4.97%) Microsoft Intune
4 9 (4.97%) Terraform
5 5 (2.76%) HP Fortify
6 4 (2.21%) Ansible
7 3 (1.66%) NetBackup
7 3 (1.66%) Oracle RMAN
7 3 (1.66%) Progress Chef
8 1 (0.55%) CASB
8 1 (0.55%) Computer Emergency Response Teams
8 1 (0.55%) CSIRT
8 1 (0.55%) Nexpose
8 1 (0.55%) QRadar
8 1 (0.55%) SCCM
8 1 (0.55%) Single Sign-On
8 1 (0.55%) Suricata
Vendors
1 44 (24.31%) Microsoft
2 14 (7.73%) Veracode
3 13 (7.18%) Qualys
4 8 (4.42%) Oracle
5 7 (3.87%) Cisco
6 6 (3.31%) Google
6 6 (3.31%) SAP
6 6 (3.31%) ServiceNow
6 6 (3.31%) Tenable
7 4 (2.21%) Palo Alto
7 4 (2.21%) Salesforce
7 4 (2.21%) Splunk
8 3 (1.66%) CrowdStrike
8 3 (1.66%) ForgeRock
8 3 (1.66%) Red Hat
8 3 (1.66%) Veritas
8 3 (1.66%) Workday
8 3 (1.66%) Zscaler
9 2 (1.10%) CyberArk
9 2 (1.10%) Tripwire