The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 3 months to 26 March 2017 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

3 months to
26 Mar 2017
Same period 2016 Same period 2015
Penetration Testing
UK
Rank 428 413 511
Rank change year-on-year -15 +98  
Contract jobs citing Penetration Testing 181 237 112
As % of all contract IT jobs advertised in the UK 0.40% 0.45% 0.21%
As % of the Processes & Methodologies category 0.49% 0.54% 0.26%
Number of daily rates quoted 115 157 62
Median daily rate £450 £450 £438
Median daily rate % change year-on-year - +2.85%  
90% offered a daily rate of more than £350 £350 £325
10% offered a daily rate of more than £597 £550 £573
UK excluding London median daily rate £408 £425 £438
% change year-on-year -4.11% -2.85%  
Number of hourly rates quoted 2 2 3
Median hourly rate £60.87 £34.81 £22.50
Median hourly rate % change year-on-year +74.85% +54.72%  
UK excluding London median hourly rate £60.87 £34.81 £22.50
% change year-on-year +74.85% +54.72%  

Penetration Testing is in the process and methodology skills category. The next table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process and methodology skills.

Contract Process & Methodology Skills
UK
Contract job vacancies with a requirement for process and methodology skills 37182 44106 42440
As % of all contract IT job vacancies advertised in the UK 83.13% 82.88% 79.75%
Number of daily rates quoted 24552 28910 26291
Median daily rate £450 £425 £420
Median daily rate % change year-on-year +5.88% +1.19%  
90% offered a daily rate of more than £300 £300 £275
10% offered a daily rate of more than £600 £600 £575
UK excluding London median daily rate £410 £400 £398
% change year-on-year +2.50% +0.62%  
Number of hourly rates quoted 945 1111 1221
Median hourly rate £36.00 £37.50 £28.25
Median hourly rate % change year-on-year -4.00% +32.74%  
90% offered a hourly rate of more than £13.00 £13.00 £12.10
10% offered a hourly rate of more than £53.00 £55.00 £49.50
UK excluding London median hourly rate £36.00 £38.75 £30.00
% change year-on-year -7.09% +29.16%  

Penetration Testing
Job Vacancy Trend

The job posting trend of jobs advertised citing Penetration Testing as a proportion of all contract or permanent IT jobs with a match in the Processes & Methodologies category.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 3 months to 26 March 2017.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for hourly rates quoted in IT contractor jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 30 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 3 months to 26 March 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 3 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Last 3 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -10 172 £450 - 77
London +26 97 £450 -6.73% 23
South West +6 23 £365 -18.88% 6
South East +1 21 £404 -5.00% 18
Bristol +16 15 £525 +40.93% 3
North West +14 11 £413 -5.71% 8
Scotland +29 9 £425 +21.42% 2
East of England +1 9 £550 +31.73% 3
Berkshire +27 8 £433 -13.50% 2
Yorkshire +13 7 £400 -23.80% 7
West Yorkshire +18 6 £350 -36.36% 7
Hertfordshire +7 6 - - 1
Merseyside +3 6 £400 -
City of London -7 6 £488 +2.63% 6
Liverpool - 6 £400 -
West Midlands +10 5 £575 +24.32% 8
Hampshire -4 5 £408 +16.42% 2
Glasgow - 5 £426 -
Wiltshire -6 4 £365 -18.88% 1
Reading +19 3 £400 -35.09% 1
Leeds +11 3 £313 - 6
Gloucestershire +5 3 £250 -52.38% 1
Manchester +3 3 £360 -22.99% 6
Docklands, London - 3 - -
Cheshire +28 2 £488 +39.28% 2
Edinburgh +18 2 £425 - 1
Harrow +14 2 - -
Salisbury +7 2 £365 -8.75%
West Sussex +3 2 - -
Bracknell -2 2 - -

Penetration Testing
Top 30 Related IT Skills

For the 6 months to 26 March 2017, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all contract ads with a requirement for Penetration Testing.

1 156 (39.59%) Information Security
2 102 (25.89%) Firewall
3 97 (24.62%) CISSP
4 92 (23.35%) Security Cleared
5 81 (20.56%) Linux
6 74 (18.78%) SC Cleared
7 71 (18.02%) Risk Management
8 68 (17.26%) Management Information System
9 66 (16.75%) Agile Software Development
10 62 (15.74%) Intrusion Detection
10 62 (15.74%) OWASP
10 62 (15.74%) Amazon AWS
11 61 (15.48%) SIEM
12 60 (15.23%) Security Testing
12 60 (15.23%) Windows
13 59 (14.97%) Microsoft
14 58 (14.72%) ISO/IEC 27001
15 57 (14.47%) Java
16 56 (14.21%) Cybersecurity
17 55 (13.96%) Finance
18 52 (13.20%) Security Management
18 52 (13.20%) Network Security
19 50 (12.69%) Vulnerability Assessment
20 46 (11.68%) Vulnerability Management
21 45 (11.42%) Jenkins
22 44 (11.17%) PCI DSS
22 44 (11.17%) CREST Certified
23 43 (10.91%) Ethical Hacking
24 42 (10.66%) Cisco
25 41 (10.41%) Puppet

Penetration Testing
Top Related IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 8 (2.03%) MS Exchange
1 8 (2.03%) nginx
2 7 (1.78%) JBoss
3 6 (1.52%) IIS
3 6 (1.52%) WebSphere
4 4 (1.02%) Apache
4 4 (1.02%) WebLogic
5 3 (0.76%) CMS
5 3 (0.76%) Tomcat
5 3 (0.76%) Umbraco
6 2 (0.51%) Adobe Experience Manager
6 2 (0.51%) Jetty
6 2 (0.51%) Mongrel
6 2 (0.51%) Sitecore CMS
7 1 (0.25%) Elasticsearch
7 1 (0.25%) EPiServer
Applications
1 28 (7.11%) MS Excel
2 16 (4.06%) MS Office
3 4 (1.02%) MS Project
3 4 (1.02%) MS Visio
4 2 (0.51%) MS PowerPoint
Business Applications
1 6 (1.52%) Dynamics CRM
2 2 (0.51%) Dynamics AX
2 2 (0.51%) SAP Oil and Gas
2 2 (0.51%) Sentinel
2 2 (0.51%) Temenos T24
Cloud Services
1 62 (15.74%) Amazon AWS
2 34 (8.63%) Microsoft Azure
3 19 (4.82%) IaaS
4 13 (3.30%) Cloud Computing
5 9 (2.28%) Office 365
5 9 (2.28%) PaaS
6 6 (1.52%) Amazon ELB
7 5 (1.27%) Amazon S3
7 5 (1.27%) AWS CloudFormation
7 5 (1.27%) Azure Active Directory
7 5 (1.27%) Route 53
8 4 (1.02%) Virtual Private Cloud
9 3 (0.76%) Amazon EC2
9 3 (0.76%) SaaS
10 2 (0.51%) Google App Engine
10 2 (0.51%) Google Cloud Platform
11 1 (0.25%) Amazon SQS
Communications & Networking
1 102 (25.89%) Firewall
2 62 (15.74%) Intrusion Detection
3 52 (13.20%) Network Security
4 40 (10.15%) SSL
5 39 (9.90%) TCP/IP
6 28 (7.11%) HTTP
7 27 (6.85%) Wireless
8 26 (6.60%) DNS
8 26 (6.60%) Internet
9 23 (5.84%) VPN
10 14 (3.55%) LAN
10 14 (3.55%) WAN
10 14 (3.55%) Wireshark
11 11 (2.79%) DHCP
11 11 (2.79%) OSPF
11 11 (2.79%) WebEx
12 10 (2.54%) Cisco ASA
13 9 (2.28%) NetScaler
14 8 (2.03%) Ethernet
15 7 (1.78%) FTP
Database & Business Intelligence
1 26 (6.60%) MongoDB
2 23 (5.84%) PostgreSQL
3 22 (5.58%) Redis
3 22 (5.58%) Relational Database
4 11 (2.79%) SQL Server
5 6 (1.52%) Oracle Database
6 5 (1.27%) Amazon RDS
6 5 (1.27%) SQL Server Integration Services
7 1 (0.25%) Big Data
7 1 (0.25%) MySQL
7 1 (0.25%) SQL Server 2008
Development Applications
1 45 (11.42%) Jenkins
2 26 (6.60%) Git (software)
3 11 (2.79%) Metasploit
4 7 (1.78%) Burp Suite
4 7 (1.78%) JIRA
5 5 (1.27%) Selenium
5 5 (1.27%) Sonatype Nexus
5 5 (1.27%) Team Foundation Server
5 5 (1.27%) Vagrant
6 3 (0.76%) Cucumber
6 3 (0.76%) JMeter
6 3 (0.76%) TeamCity
7 2 (0.51%) Travis CI
8 1 (0.25%) Appium
8 1 (0.25%) AppScan
8 1 (0.25%) Subversion
General
1 55 (13.96%) Finance
2 24 (6.09%) Legal
3 18 (4.57%) Retail
4 14 (3.55%) Banking
5 7 (1.78%) Law
5 7 (1.78%) Manufacturing
6 6 (1.52%) Telecoms
7 4 (1.02%) Financial Institution
8 3 (0.76%) Back Office
8 3 (0.76%) Electronics
9 2 (0.51%) Investment Banking
9 2 (0.51%) Marketing
10 1 (0.25%) Advertising
10 1 (0.25%) Automotive
10 1 (0.25%) French Language
10 1 (0.25%) Retail Banking
Job Titles
1 79 (20.05%) Consultant
2 63 (15.99%) Analyst
3 60 (15.23%) Tester
4 59 (14.97%) Penetration Tester
5 57 (14.47%) Security Consultant
6 55 (13.96%) Security Analyst
7 23 (5.84%) Network Engineer
7 23 (5.84%) Security Engineer
7 23 (5.84%) Security Manager
8 20 (5.08%) Architect
8 20 (5.08%) DevOps Engineer
9 16 (4.06%) IT Consultant
10 15 (3.81%) Security Specialist
11 14 (3.55%) IT Security Consultant
12 12 (3.05%) Applications Consultant
12 12 (3.05%) Information Manager
12 12 (3.05%) Information Security Consultant
12 12 (3.05%) Information Security Manager
12 12 (3.05%) Network Security Engineer
12 12 (3.05%) Security Architect
Libraries, Frameworks & Software Standards
1 25 (6.35%) Web Services
2 23 (5.84%) Node.js
3 6 (1.52%) .NET
3 6 (1.52%) J2EE
4 5 (1.27%) Oracle GoldenGate
5 4 (1.02%) Middleware
5 4 (1.02%) OAuth
6 3 (0.76%) ASP.NET
6 3 (0.76%) Spring
7 2 (0.51%) 802.1X
7 2 (0.51%) Gherkin
7 2 (0.51%) SAML
7 2 (0.51%) Servlets
8 1 (0.25%) AngularJS
8 1 (0.25%) Django
8 1 (0.25%) Elastic Stack
8 1 (0.25%) LAMP
8 1 (0.25%) Ruby on Rails
Miscellaneous
1 68 (17.26%) Management Information System
2 27 (6.85%) Analytical Skills
3 22 (5.58%) Mobile App
4 20 (5.08%) Data Centre
5 15 (3.81%) Computer Science
6 11 (2.79%) Algorithms
7 9 (2.28%) CMDB
8 8 (2.03%) CESG
8 8 (2.03%) Distributed Denial-of-Service
9 7 (1.78%) Cyberthreat
10 5 (1.27%) Cyber Defence
10 5 (1.27%) Data Protection Act
10 5 (1.27%) PKI
10 5 (1.27%) Security Operations Centre
11 4 (1.02%) Smart Meter
12 3 (0.76%) BYOD
12 3 (0.76%) Clustering
12 3 (0.76%) Cyber Attack
12 3 (0.76%) Fintech
12 3 (0.76%) Public Cloud
Operating Systems
1 81 (20.56%) Linux
2 60 (15.23%) Windows
3 24 (6.09%) Unix
4 9 (2.28%) Mac OS X
5 7 (1.78%) Red Hat Enterprise Linux
6 6 (1.52%) Windows Server
7 5 (1.27%) Kali Linux
8 4 (1.02%) SUSE
9 2 (0.51%) CentOS
9 2 (0.51%) Solaris
10 1 (0.25%) Android
10 1 (0.25%) Apple iOS
10 1 (0.25%) Ubuntu
10 1 (0.25%) VMS
10 1 (0.25%) Windows 10
10 1 (0.25%) Windows Vista
Processes & Methodologies
1 156 (39.59%) Information Security
2 71 (18.02%) Risk Management
3 66 (16.75%) Agile Software Development
4 62 (15.74%) OWASP
5 61 (15.48%) SIEM
6 60 (15.23%) Security Testing
7 56 (14.21%) Cybersecurity
8 52 (13.20%) Security Management
9 50 (12.69%) Vulnerability Assessment
10 46 (11.68%) Vulnerability Management
11 43 (10.91%) Ethical Hacking
12 38 (9.64%) Continuous Integration
13 37 (9.39%) DevOps
14 36 (9.14%) Security Architecture
15 33 (8.38%) Risk Assessment
16 31 (7.87%) Configuration Management
16 31 (7.87%) ITIL
16 31 (7.87%) Open Source
17 25 (6.35%) Secure Coding
18 18 (4.57%) Vulnerability Scanning
Programming Languages
1 57 (14.47%) Java
2 31 (7.87%) Python
3 15 (3.81%) PowerShell
4 10 (2.54%) SQL
5 9 (2.28%) Ruby
6 7 (1.78%) Bash Shell
7 6 (1.52%) C#
7 6 (1.52%) C++
8 5 (1.27%) C
8 5 (1.27%) Shell Script
9 4 (1.02%) Perl
10 2 (0.51%) JavaScript
11 1 (0.25%) PHP
11 1 (0.25%) Scala
11 1 (0.25%) VB
11 1 (0.25%) VB6
Qualifications
1 97 (24.62%) CISSP
2 92 (23.35%) Security Cleared
3 74 (18.78%) SC Cleared
4 44 (11.17%) CREST Certified
5 39 (9.90%) SANS
6 37 (9.39%) CEH
6 37 (9.39%) CISM
7 30 (7.61%) Degree
8 24 (6.09%) OSCP
9 22 (5.58%) Cisco Certification
10 18 (4.57%) CISA
11 14 (3.55%) GIAC
12 13 (3.30%) CHECK Team Member
12 13 (3.30%) CISMP
13 11 (2.79%) CCSP
13 11 (2.79%) DV Cleared
14 10 (2.54%) (ISC)2 CCSP
15 9 (2.28%) CHECK Team Leader
15 9 (2.28%) CLAS
16 6 (1.52%) BPSS Clearance
Quality Assurance & Compliance
1 58 (14.72%) ISO/IEC 27001
2 44 (11.17%) PCI DSS
3 17 (4.31%) ISO27002
4 15 (3.81%) COBIT
5 7 (1.78%) QA
6 6 (1.52%) Disclosure Scotland
6 6 (1.52%) RMADS
6 6 (1.52%) SLA
7 5 (1.27%) Cyber Essentials
7 5 (1.27%) Data Quality
7 5 (1.27%) ISO27005
7 5 (1.27%) Web Application Security Consortium
8 4 (1.02%) GDPR
9 3 (0.76%) GPG13
9 3 (0.76%) ISO22301
9 3 (0.76%) WAI
9 3 (0.76%) WCAG
10 2 (0.51%) Cyber Essentials PLUS
10 2 (0.51%) HMG Security Policy Framework
11 1 (0.25%) ISO 9001
System Software
1 18 (4.57%) Active Directory
1 18 (4.57%) VMware Infrastructure
2 11 (2.79%) Docker
3 9 (2.28%) vCloud
4 5 (1.27%) Corosync
4 5 (1.27%) Firmware
4 5 (1.27%) Squid
5 2 (0.51%) BitLocker
5 2 (0.51%) NFS
5 2 (0.51%) Xen
6 1 (0.25%) Sendmail
6 1 (0.25%) VMware ESXi
Systems Management
1 41 (10.41%) Puppet
2 26 (6.60%) Ansible
3 10 (2.54%) McAfee ePO
4 8 (2.03%) Opscode Chef
5 7 (1.78%) Nmap
5 7 (1.78%) Norton AntiVirus
6 6 (1.52%) Nessus
7 5 (1.27%) Computer Emergency Response Teams
7 5 (1.27%) EnCase
7 5 (1.27%) Nagios
7 5 (1.27%) Pacemaker
8 4 (1.02%) CA Spectrum
8 4 (1.02%) Cobbler
8 4 (1.02%) HP Fortify
8 4 (1.02%) Terraform
9 3 (0.76%) Microsoft Clustering
10 2 (0.51%) CA Single Sign-On
11 1 (0.25%) Systems Management Server (SMS)
Vendors
1 59 (14.97%) Microsoft
2 42 (10.66%) Cisco
3 33 (8.38%) CheckPoint
4 31 (7.87%) VMware
5 19 (4.82%) Dell
5 19 (4.82%) Intel Security
6 18 (4.57%) Symantec
7 16 (4.06%) HP
8 13 (3.30%) Citrix
8 13 (3.30%) Juniper
9 11 (2.79%) CA
10 10 (2.54%) ArcSight
10 10 (2.54%) Splunk
11 9 (2.28%) BMC
11 9 (2.28%) LogRhythm
11 9 (2.28%) Oracle
11 9 (2.28%) Rapid7
11 9 (2.28%) Red Hat
11 9 (2.28%) SolarWinds
12 8 (2.03%) Riverbed
Southampton, Hampshire
Hydrogen Group
Posted: Yesterday