Job Vacancy Trend Daily Rate Trend Daily Rate Histogram Hourly Rate Trend Hourly Rate Histogram Job Locations Skill Sets
Period
to 20 September 2018

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 20 September 2018 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
20 Sep 2018		 Same period 2017 Same period 2016
Rank 554 487 464
Rank change year-on-year -67 -23 +117
Contract jobs citing Penetration Testing 358 420 528
As % of all contract IT jobs advertised in the UK 0.35% 0.42% 0.49%
As % of the Processes & Methodologies category 0.40% 0.50% 0.58%
Number of daily rates quoted 218 244 338
UK median daily rate £525 £490 £488
Median daily rate % change year-on-year +7.14% +0.51% +8.33%
10th Percentile £363 £341 £339
90th Percentile £720 £625 £627
UK excluding London median daily rate £504 £475 £475
% change year-on-year +6.05% - +15.15%
Number of hourly rates quoted 7 4 2
UK median hourly rate £39.00 £60.44 £27.31
Median hourly rate % change year-on-year -35.47% +121.27% -39.31%
10th Percentile £31.30 £55.05 £19.96
90th Percentile £91.80 £63.38 £35.82
UK excluding London median hourly rate £39.00 £60.00 £27.31
% change year-on-year -35.00% +119.68% -39.31%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 88,745 84,585 91,698
As % of all contract IT jobs advertised in the UK 86.20% 85.59% 85.03%
Number of daily rates quoted 58,601 55,681 60,671
UK median daily rate £450 £450 £425
Median daily rate % change year-on-year - +5.88% +6.12%
10th Percentile £300 £278 £263
90th Percentile £638 £625 £600
UK excluding London median daily rate £425 £400 £400
% change year-on-year +6.25% - +6.67%
Number of hourly rates quoted 2,450 2,094 2,377
UK median hourly rate £20.50 £24.00 £23.00
Median hourly rate % change year-on-year -14.58% +4.35% +4.55%
10th Percentile £11.17 £11.25 £11.25
90th Percentile £50.00 £50.00 £47.83
UK excluding London median hourly rate £20.00 £24.00 £23.39
% change year-on-year -16.67% +2.62% +6.31%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 20 September 2018.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Histogram

The hourly rate distribution of IT jobs citing Penetration Testing over the 6 months to 20 September 2018.

Contractor hourly rate histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 September 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year		 Matching
Contract
IT Job Ads		 Median
Daily Rate
Past 6 Months		 Median Daily Rate
% Change
on Same Period
Last Year		 Live
Job
Vacancies
England -64 349 £525 +7.14% 128
London -59 175 £540 +8.00% 54
UK excluding London -32 173 £504 +6.05% 86
South East +19 80 £600 +20.00% 22
North of England -15 34 £425 +21.43% 18
East of England -2 31 £509 +13.06% 8
North West -15 25 £413 +10.00% 9
South West -13 19 £472 -12.19% 14
East Midlands +15 11 £600 +33.33% 4
Midlands -40 11 £600 +31.15% 12
Yorkshire -13 7 £488 - 6
West Midlands -56 4 £600 +26.32% 8
North East -12 2 £403 +25.98% 3
Scotland -34 2 £350 +7.69% 8
Wales -19 1 - - 4

For the 6 months to 20 September 2018, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 136 (37.99%) Information Security
2 75 (20.95%) Firewall
3 74 (20.67%) Cybersecurity
4 69 (19.27%) CISSP
5 68 (18.99%) Finance
6 67 (18.72%) Windows
7 66 (18.44%) Agile Software Development
8 63 (17.60%) SIEM
9 62 (17.32%) Amazon AWS
10 58 (16.20%) Security Cleared
11 57 (15.92%) Microsoft
12 55 (15.36%) Security Testing
13 48 (13.41%) Management Information System
14 47 (13.13%) Linux
15 46 (12.85%) SC Cleared
15 46 (12.85%) DevOps
16 44 (12.29%) Security Architecture
17 42 (11.73%) Network Security
17 42 (11.73%) ISO/IEC 27001
18 41 (11.45%) Ethical Hacking
19 40 (11.17%) Risk Management
19 40 (11.17%) Active Directory
20 39 (10.89%) Vulnerability Management
21 38 (10.61%) Degree
22 35 (9.78%) Java
22 35 (9.78%) Banking
22 35 (9.78%) Security Operations
23 33 (9.22%) SQL Server
23 33 (9.22%) CISM
23 33 (9.22%) Stakeholder Management

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 21 (5.87%) IIS
2 10 (2.79%) SharePoint
3 9 (2.51%) Apache
4 7 (1.96%) Confluence
5 5 (1.40%) Apache Spark
5 5 (1.40%) Oracle SOA Suite
6 4 (1.12%) BizTalk Server
6 4 (1.12%) MS Exchange
6 4 (1.12%) WebSphere
7 3 (0.84%) Adobe Experience Manager
7 3 (0.84%) CMS
7 3 (0.84%) nginx
7 3 (0.84%) SharePoint 2013
7 3 (0.84%) Sitecore CMS
7 3 (0.84%) Umbraco
8 2 (0.56%) Tomcat
9 1 (0.28%) Exchange Server 2003
9 1 (0.28%) Exchange Server 2007
9 1 (0.28%) Exchange Server 2010
9 1 (0.28%) Joomla!
Applications
1 11 (3.07%) Microsoft Office
2 6 (1.68%) Microsoft Project
3 5 (1.40%) MS Visio
4 4 (1.12%) Microsoft Excel
4 4 (1.12%) Microsoft PowerPoint
Business Applications
1 2 (0.56%) Magento
Cloud Services
1 62 (17.32%) Amazon AWS
2 31 (8.66%) Microsoft Azure
3 11 (3.07%) Mimecast
3 11 (3.07%) Office 365
4 10 (2.79%) PaaS
5 8 (2.23%) IaaS
6 5 (1.40%) Google Cloud Platform
7 4 (1.12%) Cloud Computing
7 4 (1.12%) GitHub
7 4 (1.12%) Virtual Private Cloud
8 3 (0.84%) Amazon EC2
8 3 (0.84%) Amazon S3
8 3 (0.84%) OpenShift
8 3 (0.84%) Route 53
8 3 (0.84%) SaaS
8 3 (0.84%) Sumo Logic
9 2 (0.56%) Akamai
9 2 (0.56%) AWS Lambda
9 2 (0.56%) Cloudflare
9 2 (0.56%) Serverless
Communications & Networking
1 75 (20.95%) Firewall
2 42 (11.73%) Network Security
3 21 (5.87%) Internet
4 19 (5.31%) LAN
4 19 (5.31%) TCP/IP
5 18 (5.03%) Intrusion Detection
5 18 (5.03%) SAN
5 18 (5.03%) WAN
6 16 (4.47%) VPN
7 14 (3.91%) HTTP
7 14 (3.91%) IPsec
7 14 (3.91%) SSL
8 12 (3.35%) DNS
8 12 (3.35%) NAS
9 10 (2.79%) Cisco ASA
10 8 (2.23%) BGP
10 8 (2.23%) MPLS
10 8 (2.23%) OSPF
10 8 (2.23%) Wi-Fi
11 6 (1.68%) FTP
Database & Business Intelligence
1 33 (9.22%) SQL Server
2 7 (1.96%) Hadoop
3 6 (1.68%) MySQL
4 5 (1.40%) Amazon RDS
4 5 (1.40%) Amazon Redshift
4 5 (1.40%) Apache Cassandra
5 4 (1.12%) DB2
5 4 (1.12%) Maltego
5 4 (1.12%) MongoDB
5 4 (1.12%) PostgreSQL
6 2 (0.56%) Blockchain
6 2 (0.56%) MariaDB
7 1 (0.28%) Big Data
7 1 (0.28%) NonStop SQL
Development Applications
1 10 (2.79%) GitLab
1 10 (2.79%) Jenkins
2 8 (2.23%) JIRA
3 7 (1.96%) Selenium
3 7 (1.96%) Team Foundation Server
4 6 (1.68%) Burp Suite
4 6 (1.68%) Metasploit
5 5 (1.40%) Git (software)
5 5 (1.40%) Octopus Deploy
6 4 (1.12%) TeamCity
6 4 (1.12%) WebDriver
7 3 (0.84%) Fiddler
7 3 (0.84%) Jasmine
7 3 (0.84%) JMeter
7 3 (0.84%) Visual Studio
8 2 (0.56%) LoadRunner
8 2 (0.56%) Visual Studio Team System
8 2 (0.56%) Zephyr
9 1 (0.28%) Cucumber
9 1 (0.28%) SoapUI
General
1 68 (18.99%) Finance
2 35 (9.78%) Banking
3 25 (6.98%) Legal
4 7 (1.96%) Financial Institution
4 7 (1.96%) Telecoms
5 5 (1.40%) Aerospace
5 5 (1.40%) Manufacturing
6 3 (0.84%) Marketing
7 2 (0.56%) Billing
7 2 (0.56%) Law
7 2 (0.56%) Retail
8 1 (0.28%) Automotive
8 1 (0.28%) French Language
8 1 (0.28%) Investment Banking
8 1 (0.28%) Italian Language
8 1 (0.28%) Russian Language
Job Titles
1 65 (18.16%) Analyst
2 52 (14.53%) Security Analyst
3 44 (12.29%) Architect
3 44 (12.29%) Consultant
4 35 (9.78%) Security Architect
5 34 (9.50%) Tester
6 32 (8.94%) Security Consultant
6 32 (8.94%) Security Manager
7 28 (7.82%) Penetration Tester
8 22 (6.15%) Information Manager
8 22 (6.15%) Information Security Manager
9 21 (5.87%) Security Specialist
10 17 (4.75%) Security Engineer
11 16 (4.47%) Cybersecurity Analyst
12 14 (3.91%) Information Security Consultant
12 14 (3.91%) Project Manager
12 14 (3.91%) Test Manager
13 13 (3.63%) Information Analyst
14 11 (3.07%) Information Security Analyst
14 11 (3.07%) Solutions Architect
Libraries, Frameworks & Software Standards
1 27 (7.54%) OAuth
2 26 (7.26%) Web Services
3 17 (4.75%) Middleware
3 17 (4.75%) SAML
4 16 (4.47%) JSON
5 15 (4.19%) SOAP
6 14 (3.91%) OpenID
6 14 (3.91%) REST
7 6 (1.68%) .NET
8 5 (1.40%) J2EE
8 5 (1.40%) Java EE
8 5 (1.40%) OAuth2
9 4 (1.12%) LAMP
9 4 (1.12%) RESTful
10 3 (0.84%) ASP.NET Web API
10 3 (0.84%) pytest
11 2 (0.56%) 802.1X
11 2 (0.56%) Node.js
11 2 (0.56%) Regular Expression
12 1 (0.28%) WebSockets
Miscellaneous
1 48 (13.41%) Management Information System
2 28 (7.82%) PKI
3 25 (6.98%) Computer Science
4 24 (6.70%) Data Centre
5 22 (6.15%) Mobile App
5 22 (6.15%) Self-Motivation
6 17 (4.75%) Analytical Skills
7 13 (3.63%) Clustering
8 11 (3.07%) Cyber Defence
8 11 (3.07%) Fintech
9 10 (2.79%) CESG
9 10 (2.79%) Cyberthreat
10 7 (1.96%) Public Cloud
10 7 (1.96%) RSA SecurID
11 6 (1.68%) Client/Server
11 6 (1.68%) Cyberattack
11 6 (1.68%) Hybrid Cloud
12 5 (1.40%) Data Protection Act
12 5 (1.40%) Mainframe
12 5 (1.40%) SCADA
Operating Systems
1 67 (18.72%) Windows
2 47 (13.13%) Linux
3 22 (6.15%) Unix
4 20 (5.59%) Windows Server
5 15 (4.19%) Solaris
6 10 (2.79%) Android
7 9 (2.51%) Windows 10
8 7 (1.96%) Apple iOS
9 5 (1.40%) AIX
9 5 (1.40%) Kali Linux
10 4 (1.12%) zOS
11 3 (0.84%) Red Hat Enterprise Linux
12 2 (0.56%) Windows Server 2008
13 1 (0.28%) Mac OS
13 1 (0.28%) Windows 2000 Server
13 1 (0.28%) Windows 7
13 1 (0.28%) Windows Server 2003
13 1 (0.28%) Windows Server 2012
Processes & Methodologies
1 136 (37.99%) Information Security
2 74 (20.67%) Cybersecurity
3 66 (18.44%) Agile Software Development
4 63 (17.60%) SIEM
5 55 (15.36%) Security Testing
6 46 (12.85%) DevOps
7 44 (12.29%) Security Architecture
8 41 (11.45%) Ethical Hacking
9 40 (11.17%) Risk Management
10 39 (10.89%) Vulnerability Management
11 35 (9.78%) Security Operations
12 33 (9.22%) Stakeholder Management
13 30 (8.38%) Identity Access Management
14 29 (8.10%) Migration
14 29 (8.10%) OWASP
15 28 (7.82%) Vulnerability Scanning
16 27 (7.54%) Test Automation
17 26 (7.26%) Incident Management
18 24 (6.70%) Data Protection
19 23 (6.42%) Load Balancing
Programming Languages
1 35 (9.78%) Java
2 25 (6.98%) Python
3 20 (5.59%) PowerShell
4 12 (3.35%) Bash Shell
4 12 (3.35%) C#
5 11 (3.07%) Perl
6 9 (2.51%) C
6 9 (2.51%) JavaScript
6 9 (2.51%) Ruby
7 7 (1.96%) SQL
8 6 (1.68%) C++
8 6 (1.68%) PHP
9 5 (1.40%) Groovy
10 1 (0.28%) Apple Swift
10 1 (0.28%) Kotlin
10 1 (0.28%) Objective-C
10 1 (0.28%) VB.NET
Qualifications
1 69 (19.27%) CISSP
2 58 (16.20%) Security Cleared
3 46 (12.85%) SC Cleared
4 38 (10.61%) Degree
5 33 (9.22%) CISM
6 32 (8.94%) CEH
7 31 (8.66%) CISA
8 26 (7.26%) Cisco Certification
9 20 (5.59%) Computer Science Degree
10 18 (5.03%) GIAC
11 14 (3.91%) OSCP
12 13 (3.63%) CompTIA Security+
12 13 (3.63%) CREST Certified
13 12 (3.35%) DV Cleared
14 10 (2.79%) SANS
15 8 (2.23%) (ISC)2 CCSP
15 8 (2.23%) CCIE
16 6 (1.68%) CCSP
17 5 (1.40%) CSSLP
17 5 (1.40%) ISACA
Quality Assurance & Compliance
1 42 (11.73%) ISO/IEC 27001
2 29 (8.10%) GDPR
3 28 (7.82%) PCI DSS
4 16 (4.47%) QA
5 14 (3.91%) PSD2
6 10 (2.79%) Cyber Essentials
7 8 (2.23%) Actionable Recommendations
7 8 (2.23%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
8 7 (1.96%) COBIT
9 5 (1.40%) PMO
10 4 (1.12%) GCP
11 2 (0.56%) Sarbanes-Oxley
11 2 (0.56%) SLA
12 1 (0.28%) COSO
12 1 (0.28%) HMG Security Policy Framework
12 1 (0.28%) ISO 31000
12 1 (0.28%) ISO/IEC 27005
12 1 (0.28%) NIST 800
12 1 (0.28%) RMADS
12 1 (0.28%) WCAG
System Software
1 40 (11.17%) Active Directory
2 23 (6.42%) VMware Infrastructure
3 17 (4.75%) Docker
4 9 (2.51%) OpenAM
5 4 (1.12%) BitLocker
5 4 (1.12%) Firmware
5 4 (1.12%) Virtual Desktop
6 3 (0.84%) ProxySG
6 3 (0.84%) Virtual Machines
7 2 (0.56%) Hyper-V
8 1 (0.28%) VMware NSX
Systems Management
1 16 (4.47%) Single Sign-On
2 15 (4.19%) Nessus
3 14 (3.91%) Host Intrusion Detection System
3 14 (3.91%) Kubernetes
4 13 (3.63%) Microsoft Clustering
4 13 (3.63%) Network Intrusion Detection System
5 10 (2.79%) QRadar
6 9 (2.51%) Computer Emergency Response Teams
7 8 (2.23%) Opscode Chef
8 7 (1.96%) CSIRT
9 6 (1.68%) SCCM
10 5 (1.40%) McAfee ePO
10 5 (1.40%) WebSphere Service Registry and Repository
11 4 (1.12%) EnCase
11 4 (1.12%) Systems Management Server (SMS)
12 3 (0.84%) HP Quality Center
13 2 (0.56%) FTK
13 2 (0.56%) HP Fortify
13 2 (0.56%) Kibana
13 2 (0.56%) Microsoft Intune
Vendors
1 57 (15.92%) Microsoft
2 30 (8.38%) Cisco
3 27 (7.54%) VMware
4 16 (4.47%) IBM
5 14 (3.91%) ArcSight
5 14 (3.91%) Citrix
5 14 (3.91%) Qualys
6 12 (3.35%) McAfee
7 11 (3.07%) CheckPoint
7 11 (3.07%) Oracle
7 11 (3.07%) Proofpoint
8 10 (2.79%) Google
9 9 (2.51%) Apigee
9 9 (2.51%) ForgeRock
9 9 (2.51%) Splunk
10 8 (2.23%) Palo Alto
11 7 (1.96%) Juniper
12 6 (1.68%) AlienVault
12 6 (1.68%) Blue Coat
12 6 (1.68%) F5