Period
to 20 July 2018

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 20 July 2018 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
20 Jul 2018
Same period 2017 Same period 2016
Rank 564 482 493
Rank change year-on-year -82 +11 +151
Contract jobs citing Penetration Testing 359 401 484
As % of all contract IT jobs advertised in the UK 0.34% 0.42% 0.44%
As % of the Processes & Methodologies category 0.40% 0.50% 0.52%
Number of daily rates quoted 216 242 301
UK median daily rate £500 £475 £498
Median daily rate % change year-on-year +5.26% -4.52% +10.56%
10th Percentile £358 £350 £338
90th Percentile £698 £600 £620
UK excluding London median daily rate £470 £465 £470
% change year-on-year +1.08% -1.06% +11.24%
Number of hourly rates quoted 8 5 2
UK median hourly rate £41.00 £60.87 £34.81
Median hourly rate % change year-on-year -32.64% +74.85% +22.15%
10th Percentile £32.34 £55.40 £21.71
90th Percentile £94.13 £61.85 £47.07
UK excluding London median hourly rate £39.00 £60.87 £34.81
% change year-on-year -35.93% +74.85% +22.15%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 89,317 80,919 92,803
As % of all contract IT jobs advertised in the UK 85.73% 84.94% 84.29%
Number of daily rates quoted 58,921 52,955 61,108
UK median daily rate £450 £449 £425
Median daily rate % change year-on-year +0.33% +5.53% +6.25%
10th Percentile £300 £275 £263
90th Percentile £638 £625 £600
UK excluding London median daily rate £425 £400 £400
% change year-on-year +6.25% - +6.67%
Number of hourly rates quoted 2,460 2,122 2,286
UK median hourly rate £22.00 £25.00 £24.00
Median hourly rate % change year-on-year -12.00% +4.17% +12.54%
10th Percentile £11.17 £11.50 £11.50
90th Percentile £50.03 £52.49 £48.75
UK excluding London median hourly rate £21.00 £25.00 £25.00
% change year-on-year -16.00% - +16.01%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 20 July 2018.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Histogram

The hourly rate distribution of IT jobs citing Penetration Testing over the 6 months to 20 July 2018.

Contractor hourly rate histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 July 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -59 346 £500 +5.26% 148
London -55 183 £525 +5.00% 71
UK excluding London -64 171 £470 +1.08% 84
South East -14 63 £518 +8.95% 21
East of England +9 36 £509 -10.55% 11
North of England -17 32 £413 +3.13% 27
North West -5 24 £400 -5.88% 17
South West -15 23 £413 -21.43% 4
Midlands -33 10 £550 +20.22% 14
East Midlands +9 9 £550 +22.22% 2
Yorkshire -23 6 £448 +11.88% 9
Wales -9 4 £390 - 1
Scotland -55 4 £350 -17.65% 4
North East -7 2 £403 +25.98% 1
West Midlands -52 1 - - 12

For the 6 months to 20 July 2018, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 132 (36.77%) Information Security
2 79 (22.01%) Firewall
3 76 (21.17%) Security Testing
4 74 (20.61%) Windows
5 71 (19.78%) Finance
5 71 (19.78%) SIEM
6 69 (19.22%) Agile Software Development
6 69 (19.22%) CISSP
7 65 (18.11%) Amazon AWS
8 57 (15.88%) Cybersecurity
9 54 (15.04%) Microsoft
9 54 (15.04%) Security Cleared
10 53 (14.76%) Linux
10 53 (14.76%) Risk Management
11 51 (14.21%) ISO/IEC 27001
12 47 (13.09%) Security Architecture
13 46 (12.81%) SC Cleared
14 43 (11.98%) Java
15 41 (11.42%) Vulnerability Scanning
16 39 (10.86%) Banking
16 39 (10.86%) PCI DSS
17 38 (10.58%) Ethical Hacking
18 37 (10.31%) Management Information System
18 37 (10.31%) DevOps
19 36 (10.03%) Active Directory
20 35 (9.75%) Network Security
21 34 (9.47%) Vulnerability Management
21 34 (9.47%) Web Services
22 33 (9.19%) Stakeholder Management
22 33 (9.19%) Microsoft Azure

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 17 (4.74%) IIS
2 9 (2.51%) Apache
3 6 (1.67%) Apache Spark
3 6 (1.67%) SharePoint
4 5 (1.39%) MS Exchange
5 4 (1.11%) CMS
5 4 (1.11%) Confluence
6 3 (0.84%) Adobe Experience Manager
6 3 (0.84%) BizTalk Server
6 3 (0.84%) Oracle SOA Suite
6 3 (0.84%) Sitecore CMS
6 3 (0.84%) Umbraco
6 3 (0.84%) WebSphere
7 2 (0.56%) nginx
7 2 (0.56%) Tomcat
8 1 (0.28%) Elasticsearch
8 1 (0.28%) Exchange Server 2010
8 1 (0.28%) Exchange Server 2013
8 1 (0.28%) Joomla!
8 1 (0.28%) SharePoint 2013
Applications
1 10 (2.79%) Microsoft Office
2 4 (1.11%) Microsoft Project
2 4 (1.11%) MS Visio
3 3 (0.84%) Microsoft Excel
3 3 (0.84%) Microsoft PowerPoint
4 1 (0.28%) Spreadsheet
Business Applications
1 2 (0.56%) Magento
2 1 (0.28%) Dynamics CRM
Cloud Services
1 65 (18.11%) Amazon AWS
2 33 (9.19%) Microsoft Azure
3 13 (3.62%) IaaS
4 8 (2.23%) Office 365
5 6 (1.67%) PaaS
6 5 (1.39%) SaaS
7 4 (1.11%) Cloud Computing
8 2 (0.56%) Akamai
8 2 (0.56%) AWS Lambda
8 2 (0.56%) Cloudflare
8 2 (0.56%) Google Cloud Platform
8 2 (0.56%) Mimecast
8 2 (0.56%) Serverless
8 2 (0.56%) Sumo Logic
9 1 (0.28%) Amazon S3
9 1 (0.28%) Asana
9 1 (0.28%) AWS CloudTrail
9 1 (0.28%) Google Analytics
9 1 (0.28%) OpenShift
9 1 (0.28%) Virtual Private Cloud
Communications & Networking
1 79 (22.01%) Firewall
2 35 (9.75%) Network Security
3 24 (6.69%) Intrusion Detection
4 20 (5.57%) LAN
4 20 (5.57%) WAN
5 19 (5.29%) TCP/IP
6 17 (4.74%) IPsec
7 16 (4.46%) HTTP
8 15 (4.18%) SAN
8 15 (4.18%) VPN
9 14 (3.90%) Internet
10 12 (3.34%) NAS
11 10 (2.79%) DNS
12 9 (2.51%) Cisco ASA
13 8 (2.23%) SSL
14 7 (1.95%) MPLS
15 6 (1.67%) FTP
15 6 (1.67%) X.509
16 4 (1.11%) Cisco ISE
16 4 (1.11%) VLAN
Database & Business Intelligence
1 29 (8.08%) SQL Server
2 10 (2.79%) Hadoop
3 7 (1.95%) MySQL
4 6 (1.67%) Amazon Redshift
4 6 (1.67%) Apache Cassandra
5 4 (1.11%) Maltego
6 3 (0.84%) DB2
6 3 (0.84%) PostgreSQL
7 2 (0.56%) Amazon RDS
7 2 (0.56%) Big Data
7 2 (0.56%) Blockchain
7 2 (0.56%) MariaDB
7 2 (0.56%) MongoDB
8 1 (0.28%) NonStop SQL
8 1 (0.28%) NoSQL
8 1 (0.28%) Oracle Reports
8 1 (0.28%) Power BI
Development Applications
1 11 (3.06%) Burp Suite
2 9 (2.51%) Metasploit
3 8 (2.23%) JIRA
3 8 (2.23%) Selenium
4 7 (1.95%) Jenkins
5 5 (1.39%) WebDriver
6 4 (1.11%) Git (software)
6 4 (1.11%) GitLab
6 4 (1.11%) Team Foundation Server
7 3 (0.84%) Jasmine
7 3 (0.84%) JMeter
7 3 (0.84%) LoadRunner
8 2 (0.56%) Octopus Deploy
8 2 (0.56%) Visual Studio Team System
8 2 (0.56%) Zephyr
9 1 (0.28%) JUnit
9 1 (0.28%) RSpec
9 1 (0.28%) sqlmap
9 1 (0.28%) TestPartner
9 1 (0.28%) Visual Studio
General
1 71 (19.78%) Finance
2 39 (10.86%) Banking
3 26 (7.24%) Legal
4 10 (2.79%) Telecoms
5 4 (1.11%) Billing
5 4 (1.11%) Financial Institution
6 2 (0.56%) Law
6 2 (0.56%) Manufacturing
6 2 (0.56%) Marketing
7 1 (0.28%) Aerospace
7 1 (0.28%) Automotive
7 1 (0.28%) French Language
7 1 (0.28%) Games
7 1 (0.28%) Investment Banking
7 1 (0.28%) Multimedia
7 1 (0.28%) Publishing
7 1 (0.28%) Russian Language
Job Titles
1 57 (15.88%) Analyst
2 53 (14.76%) Architect
3 48 (13.37%) Consultant
4 45 (12.53%) Security Analyst
5 43 (11.98%) Security Architect
6 42 (11.70%) Tester
7 40 (11.14%) Security Consultant
8 36 (10.03%) Penetration Tester
9 35 (9.75%) Security Manager
10 22 (6.13%) Security Engineer
10 22 (6.13%) Security Specialist
11 20 (5.57%) Information Manager
11 20 (5.57%) Information Security Manager
11 20 (5.57%) Project Manager
12 15 (4.18%) Information Analyst
12 15 (4.18%) Test Manager
13 13 (3.62%) Information Security Analyst
13 13 (3.62%) Information Security Consultant
14 12 (3.34%) Security Penetration Tester
14 12 (3.34%) Security Tester
Libraries, Frameworks & Software Standards
1 34 (9.47%) Web Services
2 19 (5.29%) OAuth
3 16 (4.46%) Middleware
4 14 (3.90%) JSON
5 13 (3.62%) OpenID
6 12 (3.34%) REST
6 12 (3.34%) SOAP
7 10 (2.79%) SAML
8 8 (2.23%) .NET
9 5 (1.39%) J2EE
10 4 (1.11%) LAMP
11 3 (0.84%) HTML
11 3 (0.84%) Java EE
11 3 (0.84%) OAuth2
11 3 (0.84%) pytest
11 3 (0.84%) RESTful
11 3 (0.84%) XACML
12 2 (0.56%) 802.1X
12 2 (0.56%) ASP.NET Web API
12 2 (0.56%) Node.js
Miscellaneous
1 37 (10.31%) Management Information System
2 24 (6.69%) Data Centre
3 22 (6.13%) Fintech
4 21 (5.85%) PKI
5 20 (5.57%) Mobile App
6 18 (5.01%) CESG
7 16 (4.46%) Analytical Skills
8 12 (3.34%) Clustering
8 12 (3.34%) Public Cloud
9 11 (3.06%) Computer Science
10 9 (2.51%) Self-Motivation
11 8 (2.23%) Security Operations Centre
12 7 (1.95%) Cyberthreat
13 6 (1.67%) RSA SecurID
14 5 (1.39%) Data Protection Act
15 4 (1.11%) Cyber Defence
15 4 (1.11%) Online Banking
15 4 (1.11%) SCADA
15 4 (1.11%) Smart Meter
15 4 (1.11%) Virtual Team
Operating Systems
1 74 (20.61%) Windows
2 53 (14.76%) Linux
3 23 (6.41%) Unix
3 23 (6.41%) Windows Server
4 19 (5.29%) Android
5 17 (4.74%) Apple iOS
6 12 (3.34%) Solaris
7 9 (2.51%) Windows 10
8 8 (2.23%) Red Hat Enterprise Linux
9 5 (1.39%) AIX
10 4 (1.11%) Kali Linux
11 3 (0.84%) zOS
12 1 (0.28%) Check Point GAiA
12 1 (0.28%) FreeBSD
12 1 (0.28%) OpenBSD
12 1 (0.28%) Ubuntu
12 1 (0.28%) Windows 7
12 1 (0.28%) Windows Server 2003
12 1 (0.28%) Windows Server 2008
12 1 (0.28%) Windows Server 2012
Processes & Methodologies
1 132 (36.77%) Information Security
2 76 (21.17%) Security Testing
3 71 (19.78%) SIEM
4 69 (19.22%) Agile Software Development
5 57 (15.88%) Cybersecurity
6 53 (14.76%) Risk Management
7 47 (13.09%) Security Architecture
8 41 (11.42%) Vulnerability Scanning
9 38 (10.58%) Ethical Hacking
10 37 (10.31%) DevOps
11 34 (9.47%) Vulnerability Management
12 33 (9.19%) Security Operations
12 33 (9.19%) Stakeholder Management
13 32 (8.91%) Risk Assessment
14 31 (8.64%) Open Source
15 29 (8.08%) Test Automation
16 28 (7.80%) Migration
17 25 (6.96%) Data Protection
17 25 (6.96%) Incident Management
17 25 (6.96%) OWASP
Programming Languages
1 43 (11.98%) Java
2 26 (7.24%) Python
3 14 (3.90%) C
4 12 (3.34%) JavaScript
4 12 (3.34%) SQL
5 11 (3.06%) Bash Shell
5 11 (3.06%) C#
5 11 (3.06%) Perl
6 10 (2.79%) Ruby
7 8 (2.23%) C++
8 7 (1.95%) PHP
9 6 (1.67%) Groovy
9 6 (1.67%) PowerShell
10 2 (0.56%) Shell Script
11 1 (0.28%) Apple Swift
11 1 (0.28%) Kotlin
11 1 (0.28%) Objective-C
11 1 (0.28%) Scala
11 1 (0.28%) VB.NET
Qualifications
1 69 (19.22%) CISSP
2 54 (15.04%) Security Cleared
3 46 (12.81%) SC Cleared
4 31 (8.64%) Cisco Certification
4 31 (8.64%) CISM
5 28 (7.80%) Degree
6 23 (6.41%) CEH
6 23 (6.41%) CISA
7 18 (5.01%) OSCP
8 15 (4.18%) GIAC
9 12 (3.34%) Computer Science Degree
10 10 (2.79%) DV Cleared
11 9 (2.51%) CREST Certified
11 9 (2.51%) SANS
12 8 (2.23%) (ISC)2 CCSP
12 8 (2.23%) CHECK Team Member
13 7 (1.95%) CCIE
13 7 (1.95%) CCNP
14 6 (1.67%) CLAS
14 6 (1.67%) CSSLP
Quality Assurance & Compliance
1 51 (14.21%) ISO/IEC 27001
2 39 (10.86%) PCI DSS
3 29 (8.08%) GDPR
4 17 (4.74%) QA
5 10 (2.79%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 9 (2.51%) PSD2
7 5 (1.39%) Actionable Recommendations
8 4 (1.11%) Cyber Essentials
8 4 (1.11%) PMO
9 3 (0.84%) COBIT
10 2 (0.56%) ISO/IEC 27005
10 2 (0.56%) NIST 800
10 2 (0.56%) SLA
10 2 (0.56%) WCAG
11 1 (0.28%) GCP
11 1 (0.28%) HMG Security Policy Framework
11 1 (0.28%) ISO 31000
11 1 (0.28%) ISO 9001
11 1 (0.28%) RMADS
11 1 (0.28%) Sarbanes-Oxley
System Software
1 36 (10.03%) Active Directory
2 25 (6.96%) VMware Infrastructure
3 14 (3.90%) Docker
4 7 (1.95%) OpenAM
5 4 (1.11%) BitLocker
5 4 (1.11%) Virtual Machines
6 3 (0.84%) Hyper-V
6 3 (0.84%) VMware NSX
7 2 (0.56%) XenApp
7 2 (0.56%) XenDesktop
8 1 (0.28%) KVM
8 1 (0.28%) ProxySG
8 1 (0.28%) QEMU
8 1 (0.28%) VirtualBox
Systems Management
1 20 (5.57%) Nessus
2 14 (3.90%) Single Sign-On
3 13 (3.62%) Kubernetes
4 12 (3.34%) Microsoft Clustering
5 7 (1.95%) CSIRT
6 6 (1.67%) Computer Emergency Response Teams
6 6 (1.67%) Opscode Chef
7 5 (1.39%) Host Intrusion Detection System
7 5 (1.39%) McAfee ePO
7 5 (1.39%) QRadar
7 5 (1.39%) SCCM
8 4 (1.11%) Network Intrusion Detection System
8 4 (1.11%) Systems Management Server (SMS)
9 3 (0.84%) EnCase
9 3 (0.84%) Nmap
9 3 (0.84%) Puppet
9 3 (0.84%) WebSphere Service Registry and Repository
10 2 (0.56%) Ansible
10 2 (0.56%) HP Quality Center
10 2 (0.56%) OSSEC
Vendors
1 54 (15.04%) Microsoft
2 30 (8.36%) Cisco
3 28 (7.80%) VMware
4 15 (4.18%) Citrix
5 13 (3.62%) IBM
6 11 (3.06%) ArcSight
6 11 (3.06%) McAfee
7 9 (2.51%) Google
7 9 (2.51%) Splunk
8 8 (2.23%) Qualys
9 7 (1.95%) Oracle
10 6 (1.67%) Apigee
10 6 (1.67%) CyberArk
10 6 (1.67%) ForgeRock
10 6 (1.67%) Palo Alto
11 5 (1.39%) CheckPoint
11 5 (1.39%) HP
11 5 (1.39%) Sitecore
12 4 (1.11%) Red Hat
12 4 (1.11%) Trustwave