Period
to 21 April 2018

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 21 April 2018 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
21 Apr 2018
Same period 2017 Same period 2016
Rank 524 502 506
Rank change year-on-year -22 +4 +103
Contract jobs citing Penetration Testing 390 362 411
As % of all contract IT jobs advertised in the UK 0.39% 0.39% 0.39%
As % of the Processes & Methodologies category 0.45% 0.47% 0.46%
Number of daily rates quoted 242 231 262
UK median daily rate £500 £450 £470
Median daily rate % change year-on-year +11.11% -4.26% +5.03%
10th Percentile £368 £325 £325
90th Percentile £675 £600 £575
UK excluding London median daily rate £488 £460 £425
% change year-on-year +5.98% +8.24% +6.25%
Number of hourly rates quoted 5 2 3
UK median hourly rate £39.00 £60.87 £42.50
Median hourly rate % change year-on-year -35.93% +43.22% +23.19%
10th Percentile £29.20 £60.87 £23.10
90th Percentile £55.45 £60.87 £48.75
UK excluding London median hourly rate £38.50 £60.87 £42.50
% change year-on-year -36.75% +43.22% +23.19%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 86,588 77,629 89,283
As % of all contract IT jobs advertised in the UK 85.60% 84.37% 83.69%
Number of daily rates quoted 57,199 51,073 58,321
UK median daily rate £450 £438 £425
Median daily rate % change year-on-year +2.86% +2.94% +6.25%
10th Percentile £298 £270 £263
90th Percentile £638 £620 £606
UK excluding London median daily rate £420 £400 £393
% change year-on-year +5.00% +1.91% +4.67%
Number of hourly rates quoted 2,222 2,117 2,437
UK median hourly rate £22.50 £25.00 £25.00
Median hourly rate % change year-on-year -10.00% - +21.95%
10th Percentile £11.19 £11.35 £11.50
90th Percentile £50.25 £51.25 £50.00
UK excluding London median hourly rate £21.24 £25.00 £25.00
% change year-on-year -15.04% - +13.68%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 21 April 2018.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Histogram

The hourly rate distribution of IT jobs citing Penetration Testing over the 6 months to 21 April 2018.

Contractor hourly rate histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 21 April 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -18 379 £500 +11.11% 104
London -13 200 £525 +16.67% 35
UK excluding London -44 185 £488 +5.98% 73
North of England +9 63 £475 +15.15% 19
South East -34 50 £510 +7.37% 17
North West +5 43 £500 +21.21% 11
South West +9 30 £390 -9.30% 11
East of England -3 29 £563 +2.32% 7
Yorkshire -2 17 £439 -7.53% 4
Midlands -19 7 £413 -5.71% 15
East Midlands +5 5 £413 +10.00% 1
Scotland -45 4 £413 -2.88% 2
North East +35 3 £403 +25.98% 4
Wales -11 3 £390 -41.13%
West Midlands -15 2 - - 14

For the 6 months to 21 April 2018, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 169 (43.33%) Information Security
2 110 (28.21%) Cybersecurity
3 109 (27.95%) CISSP
4 94 (24.10%) Agile Software Development
5 82 (21.03%) Security Testing
6 80 (20.51%) Finance
7 79 (20.26%) ISO/IEC 27001
7 79 (20.26%) SIEM
8 75 (19.23%) Firewall
9 70 (17.95%) PCI DSS
10 67 (17.18%) Amazon AWS
10 67 (17.18%) Vulnerability Scanning
11 61 (15.64%) Windows
12 59 (15.13%) Vulnerability Management
13 57 (14.62%) CISM
14 55 (14.10%) Risk Management
14 55 (14.10%) Linux
15 53 (13.59%) Security Architecture
16 52 (13.33%) Security Cleared
17 49 (12.56%) Intrusion Detection
18 48 (12.31%) Open Source
19 47 (12.05%) Stakeholder Management
20 46 (11.79%) Security Operations
21 43 (11.03%) Network Security
22 42 (10.77%) DevOps
23 40 (10.26%) Java
24 39 (10.00%) CEH
25 38 (9.74%) Vulnerability Assessment
25 38 (9.74%) Test Automation
25 38 (9.74%) Security Management

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 12 (3.08%) IIS
2 11 (2.82%) Apache
3 10 (2.56%) Apache Spark
4 5 (1.28%) CMS
4 5 (1.28%) Confluence
4 5 (1.28%) SharePoint
5 3 (0.77%) Adobe Experience Manager
5 3 (0.77%) BizTalk Server
5 3 (0.77%) Sitecore CMS
5 3 (0.77%) Umbraco
5 3 (0.77%) WebSphere
6 2 (0.51%) MS Exchange
7 1 (0.26%) Drupal
7 1 (0.26%) Joomla!
7 1 (0.26%) nginx
7 1 (0.26%) OpenStack
7 1 (0.26%) Tomcat
Applications
1 7 (1.79%) Microsoft Project
2 5 (1.28%) Microsoft Office
3 3 (0.77%) Microsoft Excel
3 3 (0.77%) Microsoft PowerPoint
3 3 (0.77%) MS Visio
4 1 (0.26%) Spreadsheet
Business Applications
1 2 (0.51%) Magento
2 1 (0.26%) Dynamics CRM
Cloud Services
1 67 (17.18%) Amazon AWS
2 35 (8.97%) Microsoft Azure
3 26 (6.67%) IaaS
4 14 (3.59%) SaaS
5 12 (3.08%) PaaS
6 6 (1.54%) Office 365
7 5 (1.28%) Cloud Computing
8 2 (0.51%) AWS Lambda
8 2 (0.51%) AWS OpsWorks
8 2 (0.51%) Google Cloud Platform
8 2 (0.51%) Serverless
9 1 (0.26%) Amazon S3
9 1 (0.26%) Asana
9 1 (0.26%) AWS CloudTrail
9 1 (0.26%) BrowserStack
9 1 (0.26%) GitHub
9 1 (0.26%) Mimecast
9 1 (0.26%) OpenShift
9 1 (0.26%) Sauce Labs
9 1 (0.26%) Virtual Private Cloud
Communications & Networking
1 75 (19.23%) Firewall
2 49 (12.56%) Intrusion Detection
3 43 (11.03%) Network Security
4 19 (4.87%) SAN
5 17 (4.36%) Internet
6 16 (4.10%) NAS
7 15 (3.85%) TCP/IP
7 15 (3.85%) WAN
8 14 (3.59%) LAN
9 9 (2.31%) FTP
9 9 (2.31%) IPsec
10 8 (2.05%) Intranet
10 8 (2.05%) SSL
10 8 (2.05%) VPN
11 6 (1.54%) HTTP
11 6 (1.54%) VoIP
11 6 (1.54%) X.509
12 5 (1.28%) DNS
13 4 (1.03%) 3GPP
13 4 (1.03%) MPLS
Database & Business Intelligence
1 14 (3.59%) SQL Server
2 10 (2.56%) Amazon Redshift
2 10 (2.56%) Apache Cassandra
3 9 (2.31%) Hadoop
4 5 (1.28%) MySQL
5 4 (1.03%) Big Data
5 4 (1.03%) MongoDB
6 3 (0.77%) DB2
6 3 (0.77%) PostgreSQL
7 2 (0.51%) Amazon RDS
7 2 (0.51%) Maltego
7 2 (0.51%) MariaDB
8 1 (0.26%) Data Warehouse
8 1 (0.26%) NoSQL
8 1 (0.26%) Oracle Reports
8 1 (0.26%) Power BI
8 1 (0.26%) SQL Server Integration Services
Development Applications
1 17 (4.36%) Jenkins
1 17 (4.36%) Selenium
2 13 (3.33%) Burp Suite
3 12 (3.08%) JIRA
4 9 (2.31%) Metasploit
5 7 (1.79%) WebDriver
6 6 (1.54%) Cucumber
7 5 (1.28%) Git (software)
7 5 (1.28%) JMeter
7 5 (1.28%) Zephyr
8 4 (1.03%) JUnit
8 4 (1.03%) SoapUI
9 3 (0.77%) GitLab
9 3 (0.77%) Jasmine
9 3 (0.77%) RSpec
10 2 (0.51%) LoadRunner
11 1 (0.26%) Subversion
11 1 (0.26%) TestDirector
11 1 (0.26%) TestPartner
11 1 (0.26%) Visual Studio
General
1 80 (20.51%) Finance
2 28 (7.18%) Banking
3 24 (6.15%) Legal
4 11 (2.82%) Telecoms
5 5 (1.28%) Financial Institution
6 4 (1.03%) Games
6 4 (1.03%) Retail
7 3 (0.77%) Law
7 3 (0.77%) Manufacturing
7 3 (0.77%) Marketing
8 2 (0.51%) Billing
8 2 (0.51%) Electronics
9 1 (0.26%) Investment Banking
9 1 (0.26%) Multimedia
9 1 (0.26%) Publishing
9 1 (0.26%) Retail Banking
Job Titles
1 68 (17.44%) Analyst
2 60 (15.38%) Consultant
3 57 (14.62%) Security Consultant
4 46 (11.79%) Architect
4 46 (11.79%) Security Analyst
5 44 (11.28%) Security Manager
6 39 (10.00%) Security Architect
7 38 (9.74%) Tester
8 32 (8.21%) Penetration Tester
9 24 (6.15%) Security Specialist
10 23 (5.90%) Project Manager
11 21 (5.38%) Security Engineer
12 18 (4.62%) Cybersecurity Consultant
13 17 (4.36%) Information Manager
13 17 (4.36%) Information Security Consultant
13 17 (4.36%) Information Security Manager
13 17 (4.36%) Senior Analyst
14 16 (4.10%) DevOps Engineer
15 15 (3.85%) Senior Security Analyst
15 15 (3.85%) Test Analyst
Libraries, Frameworks & Software Standards
1 27 (6.92%) Web Services
2 12 (3.08%) Node.js
3 8 (2.05%) .NET
3 8 (2.05%) JSON
4 7 (1.79%) Middleware
5 3 (0.77%) HTML
5 3 (0.77%) OAuth
5 3 (0.77%) OAuth2
5 3 (0.77%) OpenID
5 3 (0.77%) XACML
6 2 (0.51%) 802.1X
6 2 (0.51%) ASP.NET Web API
6 2 (0.51%) CSS
6 2 (0.51%) jQuery
6 2 (0.51%) LAMP
6 2 (0.51%) SAML
7 1 (0.26%) HTML5
7 1 (0.26%) RESTful
7 1 (0.26%) Ruby on Rails
7 1 (0.26%) SOAP
Miscellaneous
1 37 (9.49%) Management Information System
2 30 (7.69%) CESG
3 29 (7.44%) Analytical Skills
4 25 (6.41%) Cyberthreat
5 22 (5.64%) Mobile App
6 17 (4.36%) Cyberattack
7 15 (3.85%) Fintech
8 12 (3.08%) Data Centre
9 11 (2.82%) Computer Science
10 10 (2.56%) Distributed Denial-of-Service
10 10 (2.56%) Security Operations Centre
11 9 (2.31%) PKI
12 8 (2.05%) Data Protection Act
12 8 (2.05%) Public Cloud
13 6 (1.54%) Client/Server
13 6 (1.54%) Clustering
13 6 (1.54%) Virtual Team
14 5 (1.28%) Mainframe
15 4 (1.03%) PMI
15 4 (1.03%) Smart Meter
Operating Systems
1 61 (15.64%) Windows
2 55 (14.10%) Linux
3 25 (6.41%) Unix
4 19 (4.87%) Windows Server
5 15 (3.85%) Apple iOS
6 13 (3.33%) Android
7 8 (2.05%) Red Hat Enterprise Linux
8 7 (1.79%) Windows 10
9 5 (1.28%) CentOS
10 4 (1.03%) Mac OS X
10 4 (1.03%) Solaris
11 3 (0.77%) Kali Linux
11 3 (0.77%) Ubuntu
11 3 (0.77%) zOS
12 2 (0.51%) VMS
13 1 (0.26%) Check Point GAiA
13 1 (0.26%) FreeBSD
13 1 (0.26%) OpenBSD
Processes & Methodologies
1 169 (43.33%) Information Security
2 110 (28.21%) Cybersecurity
3 94 (24.10%) Agile Software Development
4 82 (21.03%) Security Testing
5 79 (20.26%) SIEM
6 67 (17.18%) Vulnerability Scanning
7 59 (15.13%) Vulnerability Management
8 55 (14.10%) Risk Management
9 53 (13.59%) Security Architecture
10 48 (12.31%) Open Source
11 47 (12.05%) Stakeholder Management
12 46 (11.79%) Security Operations
13 42 (10.77%) DevOps
14 38 (9.74%) Security Management
14 38 (9.74%) Test Automation
14 38 (9.74%) Vulnerability Assessment
15 36 (9.23%) Ethical Hacking
16 34 (8.72%) Threat Intelligence
17 32 (8.21%) Project Management
18 31 (7.95%) Data Protection
Programming Languages
1 40 (10.26%) Java
2 32 (8.21%) Python
3 14 (3.59%) C
4 12 (3.08%) SQL
5 10 (2.56%) Groovy
6 9 (2.31%) JavaScript
6 9 (2.31%) Ruby
7 8 (2.05%) COBOL
7 8 (2.05%) PHP
8 7 (1.79%) C++
9 4 (1.03%) Bash Shell
9 4 (1.03%) C#
9 4 (1.03%) Shell Script
10 3 (0.77%) Perl
10 3 (0.77%) Scala
11 2 (0.51%) PowerShell
11 2 (0.51%) VB.NET
12 1 (0.26%) Go
Qualifications
1 109 (27.95%) CISSP
2 57 (14.62%) CISM
3 52 (13.33%) Security Cleared
4 39 (10.00%) CEH
5 36 (9.23%) SC Cleared
6 31 (7.95%) CISA
7 29 (7.44%) GIAC
8 24 (6.15%) SANS
9 23 (5.90%) CREST Certified
10 21 (5.38%) Cisco Certification
10 21 (5.38%) Degree
11 15 (3.85%) OSCP
12 14 (3.59%) GCIA
13 12 (3.08%) GCIH
14 11 (2.82%) DV Cleared
14 11 (2.82%) GSEC
15 9 (2.31%) CESG Certified Professional
15 9 (2.31%) CHECK Team Member
15 9 (2.31%) PCI QSA
16 8 (2.05%) CLAS
Quality Assurance & Compliance
1 79 (20.26%) ISO/IEC 27001
2 70 (17.95%) PCI DSS
3 30 (7.69%) GDPR
4 26 (6.67%) QA
5 20 (5.13%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 8 (2.05%) CESG Infosec
6 8 (2.05%) HMG Security Policy Framework
7 5 (1.28%) COBIT
8 4 (1.03%) WCAG
9 3 (0.77%) ISO 9001
9 3 (0.77%) NIST 800
9 3 (0.77%) PMO
10 2 (0.51%) Cyber Essentials
10 2 (0.51%) ISO/IEC 27005
11 1 (0.26%) GCP
11 1 (0.26%) ISO 31000
11 1 (0.26%) Sarbanes-Oxley
11 1 (0.26%) SLA
System Software
1 20 (5.13%) Docker
2 14 (3.59%) VMware Infrastructure
3 13 (3.33%) Active Directory
4 7 (1.79%) Virtual Machines
5 4 (1.03%) VMware NSX
6 3 (0.77%) Hyper-V
7 2 (0.51%) XenApp
7 2 (0.51%) XenDesktop
8 1 (0.26%) BitLocker
8 1 (0.26%) KVM
8 1 (0.26%) OpenAM
8 1 (0.26%) QEMU
8 1 (0.26%) VirtualBox
8 1 (0.26%) vSphere
Systems Management
1 26 (6.67%) Nessus
2 13 (3.33%) Kubernetes
3 12 (3.08%) Ansible
4 8 (2.05%) IBM BigFix
4 8 (2.05%) Opscode Chef
4 8 (2.05%) Puppet
5 6 (1.54%) Microsoft Clustering
5 6 (1.54%) Single Sign-On
6 4 (1.03%) CSIRT
6 4 (1.03%) HP ALM
6 4 (1.03%) QRadar
6 4 (1.03%) Terraform
7 3 (0.77%) EnCase
7 3 (0.77%) McAfee ePO
7 3 (0.77%) Nmap
7 3 (0.77%) Packer
8 2 (0.51%) Computer Emergency Response Teams
8 2 (0.51%) HP Quality Center
8 2 (0.51%) Systems Management Server (SMS)
9 1 (0.26%) CloudForms
Vendors
1 37 (9.49%) Microsoft
2 21 (5.38%) Cisco
3 15 (3.85%) VMware
4 12 (3.08%) Citrix
5 10 (2.56%) Oracle
5 10 (2.56%) Qualys
6 7 (1.79%) CheckPoint
6 7 (1.79%) Trustwave
7 6 (1.54%) Acunetix
7 6 (1.54%) CyberArk
7 6 (1.54%) HP
7 6 (1.54%) McAfee
7 6 (1.54%) Red Hat
8 5 (1.28%) Sitecore
8 5 (1.28%) Splunk
8 5 (1.28%) Symantec
9 4 (1.03%) ArcSight
9 4 (1.03%) IBM
10 3 (0.77%) Adobe
10 3 (0.77%) Google