Period
to 22 April 2019

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 22 April 2019 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
22 Apr 2019
Same period 2018 Same period 2017
Rank 455 530 500
Rank change year-on-year +75 -30 -4
Contract jobs citing Penetration Testing 457 390 361
As % of all contract IT jobs advertised in the UK 0.48% 0.39% 0.39%
As % of the Processes & Methodologies category 0.55% 0.45% 0.46%
Number of daily rates quoted 276 242 230
UK median daily rate £525 £500 £450
Median daily rate % change year-on-year +5.00% +11.11% -4.26%
10th Percentile £400 £368 £325
90th Percentile £681 £675 £600
UK excluding London median daily rate £500 £488 £455
% change year-on-year +2.56% +7.14% +7.06%
Number of hourly rates quoted 4 5 2
UK median hourly rate £35.00 £39.00 £60.87
Median hourly rate % change year-on-year -10.26% -35.93% +43.22%
UK excluding London median hourly rate £35.00 £38.50 £60.87
% change year-on-year -9.09% -36.75% +43.22%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 82,999 87,283 78,292
As % of all contract IT jobs advertised in the UK 86.92% 86.29% 85.09%
Number of daily rates quoted 54,927 57,655 51,486
UK median daily rate £475 £450 £435
Median daily rate % change year-on-year +5.56% +3.45% +2.35%
10th Percentile £300 £293 £270
90th Percentile £650 £638 £620
UK excluding London median daily rate £435 £420 £400
% change year-on-year +3.57% +5.00% +2.56%
Number of hourly rates quoted 2,112 2,246 2,150
UK median hourly rate £25.00 £22.50 £25.00
Median hourly rate % change year-on-year +11.11% -10.00% -
10th Percentile £11.81 £11.25 £11.46
90th Percentile £51.75 £50.25 £51.28
UK excluding London median hourly rate £23.34 £21.01 £25.00
% change year-on-year +11.09% -15.96% -1.95%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 22 April 2019.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Histogram

The hourly rate distribution of IT jobs citing Penetration Testing over the 6 months to 22 April 2019.

Contractor hourly rate histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 22 April 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +45 434 £525 +5.00% 74
UK excluding London +50 234 £500 +2.56% 50
London +52 218 £550 +4.76% 27
South East +51 88 £475 -6.86% 6
North of England -1 48 £500 +5.26% 12
Midlands +36 42 £500 +21.21% 13
West Midlands +30 36 £500 - 10
North West -7 27 £500 - 10
South West -40 23 £488 +25.13% 14
Yorkshire +3 20 £638 +45.13% 2
East of England +12 14 £483 -14.26% 2
Scotland +27 10 £625 +51.42%
Wales +7 8 £450 +15.38% 3
East Midlands +18 3 £495 +20.00% 2
North East -7 1 £560 +38.91%
Northern Ireland - 1 £550 -

For the 6 months to 22 April 2019, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 167 (36.54%) Information Security
2 154 (33.70%) Cybersecurity
3 111 (24.29%) CISSP
4 98 (21.44%) Agile Software Development
5 95 (20.79%) Python
6 94 (20.57%) ISO/IEC 27001
7 93 (20.35%) Security Architecture
8 88 (19.26%) Amazon AWS
8 88 (19.26%) Security Testing
8 88 (19.26%) OWASP
9 84 (18.38%) Finance
10 82 (17.94%) Linux
11 80 (17.51%) Firewall
11 80 (17.51%) Vulnerability Management
12 78 (17.07%) Microsoft Azure
13 73 (15.97%) Security Cleared
14 72 (15.75%) Java
15 66 (14.44%) SC Cleared
15 66 (14.44%) Security Operations
16 62 (13.57%) Risk Management
17 61 (13.35%) Management Information System
18 57 (12.47%) DevOps
19 56 (12.25%) Threat Modelling
20 55 (12.04%) Degree
21 52 (11.38%) CISM
21 52 (11.38%) Windows
21 52 (11.38%) Patch Management
22 51 (11.16%) Ruby
23 49 (10.72%) SANS
24 47 (10.28%) CREST Certified

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 15 (3.28%) OpenStack
2 14 (3.06%) SharePoint
3 10 (2.19%) Confluence
4 7 (1.53%) IIS
5 5 (1.09%) MS Exchange
5 5 (1.09%) nginx
6 4 (0.88%) Cloud Foundry
6 4 (0.88%) SharePoint 2013
6 4 (0.88%) WordPress
7 3 (0.66%) Elasticsearch
7 3 (0.66%) Exchange Server 2013
8 2 (0.44%) Exchange Server 2010
8 2 (0.44%) SAS
Applications
1 10 (2.19%) Microsoft Office
2 4 (0.88%) Microsoft Excel
Business Applications
1 2 (0.44%) Oracle EBS
2 1 (0.22%) Oracle EBS R12
2 1 (0.22%) Oracle Subledger Accounting
Cloud Services
1 88 (19.26%) Amazon AWS
2 78 (17.07%) Microsoft Azure
3 27 (5.91%) Google Cloud Platform
4 15 (3.28%) GitHub
4 15 (3.28%) SaaS
5 12 (2.63%) PaaS
6 10 (2.19%) Cloud Computing
6 10 (2.19%) IaaS
7 9 (1.97%) Amazon S3
8 8 (1.75%) BrowserStack
8 8 (1.75%) Office 365
9 6 (1.31%) AWS CloudFormation
9 6 (1.31%) Mimecast
10 5 (1.09%) Amazon EC2
11 4 (0.88%) Serverless
12 2 (0.44%) AWS Lambda
13 1 (0.22%) Azure Functions
13 1 (0.22%) IBM Cloud
13 1 (0.22%) Slack
13 1 (0.22%) Trello
Communications & Networking
1 80 (17.51%) Firewall
2 29 (6.35%) VPN
3 27 (5.91%) HTTP
4 23 (5.03%) Network Security
5 21 (4.60%) Wireless
6 18 (3.94%) DNS
7 17 (3.72%) Internet
8 15 (3.28%) Intrusion Detection
8 15 (3.28%) SNMP
8 15 (3.28%) SSL
8 15 (3.28%) VoIP
8 15 (3.28%) WAN
9 14 (3.06%) DHCP
10 13 (2.84%) 802.11
11 11 (2.41%) TCP/IP
12 9 (1.97%) FTP
13 8 (1.75%) IPsec
13 8 (1.75%) LAN
13 8 (1.75%) SAN
13 8 (1.75%) VLAN
Database & Business Intelligence
1 24 (5.25%) SQL Server
2 10 (2.19%) PostgreSQL
3 8 (1.75%) Big Data
3 8 (1.75%) GIS
4 7 (1.53%) Redis
5 5 (1.09%) MongoDB
6 4 (0.88%) MySQL
7 3 (0.66%) BigQuery
7 3 (0.66%) Data Warehouse
7 3 (0.66%) EDRMS
8 2 (0.44%) NoSQL
8 2 (0.44%) Oracle Reports
8 2 (0.44%) Relational Database
9 1 (0.22%) Azure SQL Database
9 1 (0.22%) Base SAS
9 1 (0.22%) Blockchain
9 1 (0.22%) Geospatial Data
9 1 (0.22%) Hadoop
9 1 (0.22%) MS Access
9 1 (0.22%) RDBMS
Development Applications
1 39 (8.53%) Metasploit
2 38 (8.32%) Burp Suite
3 36 (7.88%) Jenkins
4 33 (7.22%) Git (software)
5 19 (4.16%) Team Foundation Server
6 17 (3.72%) GoCD
6 17 (3.72%) Octopus Deploy
7 15 (3.28%) JIRA
7 15 (3.28%) SonarQube
8 11 (2.41%) Cucumber
8 11 (2.41%) Selenium
8 11 (2.41%) Visual Studio Team System
9 10 (2.19%) SoapUI
10 9 (1.97%) JMeter
11 8 (1.75%) JUnit
11 8 (1.75%) Maven
12 7 (1.53%) Oracle Forms
13 6 (1.31%) TeamCity
14 4 (0.88%) Cobertura
14 4 (0.88%) Gradle
General
1 84 (18.38%) Finance
2 32 (7.00%) Banking
3 19 (4.16%) Financial Institution
4 18 (3.94%) Retail
5 17 (3.72%) Law
6 16 (3.50%) Legal
7 10 (2.19%) Telecoms
8 9 (1.97%) Investment Banking
9 6 (1.31%) Marketing
10 4 (0.88%) Manufacturing
11 3 (0.66%) Advertising
11 3 (0.66%) Electronics
11 3 (0.66%) German Language
11 3 (0.66%) Local Government
12 2 (0.44%) Back Office
13 1 (0.22%) Billing
13 1 (0.22%) Digital Economy
13 1 (0.22%) Military
13 1 (0.22%) Publishing
13 1 (0.22%) Retail Banking
Job Titles
1 100 (21.88%) Tester
2 70 (15.32%) Penetration Tester
3 63 (13.79%) Architect
3 63 (13.79%) Security Architect
4 60 (13.13%) Consultant
5 57 (12.47%) Security Consultant
6 54 (11.82%) Security Engineer
7 45 (9.85%) Analyst
8 34 (7.44%) Security Analyst
9 27 (5.91%) Security Tester
10 22 (4.81%) Security Manager
11 18 (3.94%) Project Manager
11 18 (3.94%) Security Specialist
12 14 (3.06%) Applications Engineer
12 14 (3.06%) Cybersecurity Consultant
13 12 (2.63%) Security Project Manager
14 11 (2.41%) Lead Architect
14 11 (2.41%) Lead Security Architect
14 11 (2.41%) Security Technical Architect
14 11 (2.41%) Team Leader
Libraries, Frameworks & Software Standards
1 39 (8.53%) Web Services
2 18 (3.94%) .NET
3 15 (3.28%) OAuth
3 15 (3.28%) OpenID
4 13 (2.84%) 802.1X
4 13 (2.84%) Gherkin
5 11 (2.41%) SAML
5 11 (2.41%) Spring
6 9 (1.97%) AngularJS
6 9 (1.97%) React
7 8 (1.75%) jQuery
7 8 (1.75%) REST
8 7 (1.53%) .NET Core
8 7 (1.53%) CSLA.NET
8 7 (1.53%) WinForms
8 7 (1.53%) WPF
9 6 (1.31%) JSON
9 6 (1.31%) Middleware
9 6 (1.31%) Node.js
10 5 (1.09%) gRPC
Miscellaneous
1 61 (13.35%) Management Information System
2 31 (6.78%) Mobile App
3 24 (5.25%) Analytical Skills
4 21 (4.60%) Cyberthreat
5 17 (3.72%) SCADA
6 13 (2.84%) Data Centre
7 11 (2.41%) Wiki
8 9 (1.97%) Public Cloud
8 9 (1.97%) Self-Motivation
9 8 (1.75%) PKI
10 7 (1.53%) Cybercrime
11 6 (1.31%) User Experience
12 5 (1.09%) Algorithms
12 5 (1.09%) Field-Programmable Gate Array
12 5 (1.09%) Greenfield Project
12 5 (1.09%) Hybrid Cloud
12 5 (1.09%) Verilog
12 5 (1.09%) VHDL
13 4 (0.88%) Data Protection Act
13 4 (0.88%) Smartphone
Operating Systems
1 82 (17.94%) Linux
2 52 (11.38%) Windows
3 25 (5.47%) Kali Linux
4 13 (2.84%) Windows Server
5 12 (2.63%) Apple iOS
5 12 (2.63%) Unix
6 11 (2.41%) Android
7 8 (1.75%) CentOS
8 7 (1.53%) Windows Server 2012
9 6 (1.31%) Red Hat Enterprise Linux
10 5 (1.09%) Embedded Linux
11 4 (0.88%) Solaris
11 4 (0.88%) Windows 10
12 3 (0.66%) Windows 7
13 2 (0.44%) Mac OS X
13 2 (0.44%) Windows Server 2008
Processes & Methodologies
1 167 (36.54%) Information Security
2 154 (33.70%) Cybersecurity
3 98 (21.44%) Agile Software Development
4 93 (20.35%) Security Architecture
5 88 (19.26%) OWASP
5 88 (19.26%) Security Testing
6 80 (17.51%) Vulnerability Management
7 66 (14.44%) Security Operations
8 62 (13.57%) Risk Management
9 57 (12.47%) DevOps
10 56 (12.25%) Threat Modelling
11 52 (11.38%) Patch Management
12 46 (10.07%) SIEM
13 44 (9.63%) Test Automation
14 43 (9.41%) Open Source
15 42 (9.19%) Identity Access Management
16 39 (8.53%) Security Monitoring
17 37 (8.10%) Secure Coding
18 36 (7.88%) Ethical Hacking
18 36 (7.88%) Threat Intelligence
Programming Languages
1 95 (20.79%) Python
2 72 (15.75%) Java
3 51 (11.16%) Ruby
4 47 (10.28%) Bash Shell
5 39 (8.53%) Perl
6 35 (7.66%) C
7 34 (7.44%) C#
8 31 (6.78%) C++
8 31 (6.78%) PowerShell
9 23 (5.03%) JavaScript
10 21 (4.60%) PHP
11 17 (3.72%) SQL
12 15 (3.28%) Lua
13 10 (2.19%) Go
14 9 (1.97%) Apple Swift
14 9 (1.97%) Objective-C
15 7 (1.53%) Shell Script
16 5 (1.09%) Embedded C
17 2 (0.44%) Kotlin
18 1 (0.22%) Java 8
Qualifications
1 111 (24.29%) CISSP
2 73 (15.97%) Security Cleared
3 66 (14.44%) SC Cleared
4 55 (12.04%) Degree
5 52 (11.38%) CISM
6 49 (10.72%) SANS
7 47 (10.28%) CREST Certified
8 43 (9.41%) GIAC
9 35 (7.66%) CEH
10 31 (6.78%) OSCP
11 28 (6.13%) CISA
12 26 (5.69%) Cisco Certification
13 25 (5.47%) DV Cleared
14 18 (3.94%) OSCE
15 17 (3.72%) GPEN
16 16 (3.50%) BPSS Clearance
16 16 (3.50%) CHECK Team Leader
16 16 (3.50%) CHECK Team Member
17 14 (3.06%) CCNP
17 14 (3.06%) GSNA
Quality Assurance & Compliance
1 94 (20.57%) ISO/IEC 27001
2 34 (7.44%) GDPR
3 30 (6.56%) PCI DSS
4 19 (4.16%) QA
5 17 (3.72%) COBIT
6 15 (3.28%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
7 14 (3.06%) Cyber Essentials
8 13 (2.84%) Sarbanes-Oxley
9 8 (1.75%) COSO
9 8 (1.75%) HIPAA
10 3 (0.66%) RMADS
10 3 (0.66%) Web Application Security Consortium
11 2 (0.44%) Cyber Essentials PLUS
12 1 (0.22%) Actionable Recommendations
12 1 (0.22%) CESG Infosec
12 1 (0.22%) HMG Security Policy Framework
12 1 (0.22%) IFRS
12 1 (0.22%) ISAE 3402
12 1 (0.22%) NIST 800
12 1 (0.22%) PSD2
System Software
1 28 (6.13%) Docker
2 17 (3.72%) Active Directory
3 10 (2.19%) VMware Infrastructure
4 5 (1.09%) Virtual Machines
5 4 (0.88%) XenDesktop
6 3 (0.66%) VMware ESXi
7 2 (0.44%) Firmware
7 2 (0.44%) Hyper-V
7 2 (0.44%) KVM
7 2 (0.44%) Snort
7 2 (0.44%) Varnish
7 2 (0.44%) Virtual Servers
7 2 (0.44%) vSphere
8 1 (0.22%) ProxySG
8 1 (0.22%) zsh
Systems Management
1 42 (9.19%) Nessus
2 32 (7.00%) Nmap
3 29 (6.35%) Puppet
4 28 (6.13%) Kubernetes
5 24 (5.25%) Ansible
6 21 (4.60%) Opscode Chef
7 17 (3.72%) Rundeck
8 14 (3.06%) Terraform
9 10 (2.19%) QRadar
10 8 (1.75%) Computer Emergency Response Teams
11 6 (1.31%) Red Hat Satellite
11 6 (1.31%) WSUS
12 5 (1.09%) EnCase
12 5 (1.09%) FTK
12 5 (1.09%) Host Intrusion Detection System
12 5 (1.09%) Nexpose
12 5 (1.09%) Single Sign-On
12 5 (1.09%) Sysdig
13 4 (0.88%) Network Intrusion Detection System
13 4 (0.88%) Rancher
Vendors
1 44 (9.63%) Microsoft
2 27 (5.91%) Cisco
3 26 (5.69%) Atlassian
4 21 (4.60%) Oracle
5 19 (4.16%) VMware
6 18 (3.94%) Qualys
7 17 (3.72%) SaltStack
8 15 (3.28%) Red Hat
9 13 (2.84%) McAfee
10 12 (2.63%) Citrix
11 11 (2.41%) Splunk
12 9 (1.97%) HP
12 9 (1.97%) Sophos
13 8 (1.75%) LogRhythm
13 8 (1.75%) Tripwire
14 7 (1.53%) BMC
14 7 (1.53%) CyberArk
14 7 (1.53%) Fortinet
14 7 (1.53%) GUPTA
14 7 (1.53%) Juniper