Period
to 22 November 2017

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 22 November 2017 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
22 Nov 2017
Same period 2016 Same period 2015
Rank 507 447 583
Rank change year-on-year -60 +136 +3
Contract jobs citing Penetration Testing 424 519 331
As % of all contract IT jobs advertised in the UK 0.41% 0.49% 0.29%
As % of the Processes & Methodologies category 0.49% 0.59% 0.36%
Number of daily rates quoted 252 338 230
UK median daily rate £490 £460 £450
Median daily rate % change year-on-year +6.52% +2.22% -1.10%
10th Percentile £350 £350 £300
90th Percentile £625 £638 £590
UK excluding London median daily rate £475 £475 £444
% change year-on-year - +7.04% +4.41%
Number of hourly rates quoted 3 1 1
UK median hourly rate £60.87 £35.00 £45.00
Median hourly rate % change year-on-year +73.91% -22.22% -25.00%
UK excluding London median hourly rate £60.44 £35.00 £45.00
% change year-on-year +72.67% -22.22% -25.00%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 87155 88463 92228
As % of all contract IT jobs advertised in the UK 84.47% 83.90% 81.79%
Number of daily rates quoted 58071 58482 59737
UK median daily rate £450 £425 £413
Median daily rate % change year-on-year +5.88% +2.91% +3.25%
10th Percentile £281 £263 £263
90th Percentile £631 £600 £600
UK excluding London median daily rate £400 £400 £385
% change year-on-year - +3.90% +2.67%
Number of hourly rates quoted 2066 2352 2726
UK median hourly rate £23.63 £24.00 £22.50
Median hourly rate % change year-on-year -1.56% +6.67% +18.42%
10th Percentile £11.50 £11.25 £11.33
90th Percentile £49.88 £48.75 £47.61
UK excluding London median hourly rate £24.00 £24.50 £23.75
% change year-on-year -2.04% +3.16% +18.75%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 22 November 2017.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 22 November 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -44 408 £490 +8.89% 101
London -34 218 £500 +11.11% 36
UK excluding London -36 196 £475 - 66
South East -50 53 £500 - 31
North of England +68 46 £400 +6.67% 18
East of England -10 34 £524 +23.35% 5
North West +13 27 £400 -8.05% 8
Midlands +19 25 £475 +18.75% 2
South West +10 24 £452 +29.00% 8
West Midlands +26 23 £475 +18.75% 1
Yorkshire +19 13 £404 +15.50% 9
Scotland -3 12 £356 +5.56%
North East +63 6 £320 -1.54% 1
Wales -2 2 - - 2
East Midlands -8 2 £450 +10.43% 1

For the 6 months to 22 November 2017, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all contract ads with a requirement for Penetration Testing.

1 155 (36.56%) Information Security
2 126 (29.72%) Cybersecurity
3 107 (25.24%) CISSP
4 97 (22.88%) Firewall
5 91 (21.46%) SIEM
6 89 (20.99%) Linux
7 87 (20.52%) ISO/IEC 27001
8 85 (20.05%) Agile Software Development
9 83 (19.58%) Vulnerability Management
10 76 (17.92%) Finance
11 75 (17.69%) Windows
12 71 (16.75%) OWASP
13 64 (15.09%) Security Testing
14 61 (14.39%) CISM
15 58 (13.68%) Cyberthreat
16 56 (13.21%) Security Operations
17 54 (12.74%) Risk Management
18 52 (12.26%) Ethical Hacking
19 49 (11.56%) ITIL
20 48 (11.32%) Network Security
21 47 (11.08%) Degree
22 46 (10.85%) PCI DSS
23 45 (10.61%) Incident Management
23 45 (10.61%) Vulnerability Scanning
24 44 (10.38%) Management Information System
24 44 (10.38%) Java
25 43 (10.14%) Analytics
26 42 (9.91%) Unix
26 42 (9.91%) Test Automation
27 41 (9.67%) Vulnerability Assessment

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 10 (2.36%) nginx
2 8 (1.89%) IIS
3 5 (1.18%) Liferay
4 4 (0.94%) CMS
4 4 (0.94%) SharePoint
4 4 (0.94%) TYPO3
4 4 (0.94%) Umbraco
4 4 (0.94%) WordPress
5 3 (0.71%) OpenStack
5 3 (0.71%) Tomcat
6 1 (0.24%) Confluence
Applications
1 5 (1.18%) Microsoft Excel
2 4 (0.94%) Microsoft Office
2 4 (0.94%) MS Visio
3 2 (0.47%) Microsoft PowerPoint
4 1 (0.24%) Microsoft Project
Business Applications
1 7 (1.65%) Oracle Utilities
2 1 (0.24%) Oracle Financials
Cloud Services
1 35 (8.25%) Amazon AWS
2 15 (3.54%) Microsoft Azure
3 14 (3.30%) IaaS
4 6 (1.42%) GitHub
4 6 (1.42%) SaaS
5 5 (1.18%) Cloud Computing
5 5 (1.18%) IBM Cloud
5 5 (1.18%) PaaS
6 4 (0.94%) AWS CloudFormation
6 4 (0.94%) Mimecast
7 3 (0.71%) Amazon ELB
7 3 (0.71%) Amazon S3
7 3 (0.71%) Office 365
7 3 (0.71%) Route 53
8 2 (0.47%) Virtual Private Cloud
9 1 (0.24%) G Suite
Communications & Networking
1 97 (22.88%) Firewall
2 48 (11.32%) Network Security
3 31 (7.31%) TCP/IP
4 26 (6.13%) Intrusion Detection
5 22 (5.19%) Internet
6 21 (4.95%) LAN
6 21 (4.95%) WAN
7 17 (4.01%) VPN
8 16 (3.77%) VLAN
9 13 (3.07%) SAN
10 12 (2.83%) DHCP
10 12 (2.83%) NAS
11 11 (2.59%) DNS
11 11 (2.59%) MPLS
11 11 (2.59%) Wi-Fi
12 9 (2.12%) IPsec
12 9 (2.12%) Reverse Proxy
12 9 (2.12%) SSL
12 9 (2.12%) VoIP
13 6 (1.42%) Wireless
Database & Business Intelligence
1 19 (4.48%) MongoDB
2 8 (1.89%) PostgreSQL
3 4 (0.94%) Maltego
4 3 (0.71%) Big Data
4 3 (0.71%) SQL Server
5 2 (0.47%) DB2
5 2 (0.47%) RDBMS
5 2 (0.47%) Relational Database
6 1 (0.24%) Amazon DynamoDB
6 1 (0.24%) Data Warehouse
6 1 (0.24%) MySQL
Development Applications
1 33 (7.78%) Jenkins
2 17 (4.01%) Selenium
3 14 (3.30%) Cucumber
4 11 (2.59%) Burp Suite
4 11 (2.59%) Git (software)
5 10 (2.36%) JIRA
6 8 (1.89%) AppScan
6 8 (1.89%) WebDriver
7 7 (1.65%) CircleCI
7 7 (1.65%) JMeter
7 7 (1.65%) JUnit
7 7 (1.65%) Metasploit
7 7 (1.65%) RSpec
7 7 (1.65%) Travis CI
8 5 (1.18%) LoadRunner
8 5 (1.18%) Visual Studio
9 4 (0.94%) Subversion
10 3 (0.71%) Gatling
10 3 (0.71%) Maven
10 3 (0.71%) SoapUI
General
1 76 (17.92%) Finance
2 25 (5.90%) Banking
3 21 (4.95%) Legal
3 21 (4.95%) Telecoms
4 20 (4.72%) Retail
5 13 (3.07%) Law
6 8 (1.89%) Games
7 6 (1.42%) Billing
8 4 (0.94%) Electronics
9 3 (0.71%) Marketing
10 2 (0.47%) Financial Institution
10 2 (0.47%) Manufacturing
11 1 (0.24%) Automotive
11 1 (0.24%) Local Government
11 1 (0.24%) Pharmaceutical
Job Titles
1 113 (26.65%) Analyst
2 77 (18.16%) Security Analyst
3 69 (16.27%) Consultant
4 64 (15.09%) Security Consultant
5 48 (11.32%) Tester
6 39 (9.20%) Penetration Tester
7 31 (7.31%) Application Security Analyst
8 28 (6.60%) Security Engineer
9 25 (5.90%) Security Specialist
10 24 (5.66%) Security Manager
11 22 (5.19%) Architect
12 21 (4.95%) Information Security Consultant
13 20 (4.72%) Information Analyst
13 20 (4.72%) Information Security Analyst
13 20 (4.72%) IT Analyst
13 20 (4.72%) Security Architect
14 19 (4.48%) Business Analyst
14 19 (4.48%) Network Engineer
15 16 (3.77%) IT Security Analyst
16 14 (3.30%) Technical Analyst
Libraries, Frameworks & Software Standards
1 20 (4.72%) Web Services
2 14 (3.30%) .NET
3 6 (1.42%) ActiveMQ
4 5 (1.18%) HTML
5 4 (0.94%) CSS
5 4 (0.94%) SAML
6 3 (0.71%) Middleware
6 3 (0.71%) Spring
7 2 (0.47%) .NET Framework
7 2 (0.47%) ASP.NET
7 2 (0.47%) Java EE
7 2 (0.47%) Node.js
7 2 (0.47%) REST
8 1 (0.24%) 802.1X
8 1 (0.24%) JSON
8 1 (0.24%) Memcached
8 1 (0.24%) SailPoint
8 1 (0.24%) SOAP
8 1 (0.24%) Velocity
8 1 (0.24%) XML
Miscellaneous
1 58 (13.68%) Cyberthreat
2 44 (10.38%) Management Information System
3 33 (7.78%) Distributed Denial-of-Service
4 28 (6.60%) Analytical Skills
5 26 (6.13%) PKI
6 23 (5.42%) Data Centre
7 12 (2.83%) Linux Command Line
8 9 (2.12%) Mobile App
8 9 (2.12%) Wiki
9 7 (1.65%) Computer Science
9 7 (1.65%) Cyber Attack
9 7 (1.65%) Security Operations Centre
10 6 (1.42%) Algorithms
10 6 (1.42%) CESG
11 4 (0.94%) Cyber Defence
11 4 (0.94%) Data Protection Act
11 4 (0.94%) FMCG
11 4 (0.94%) Online Banking
11 4 (0.94%) User Experience
11 4 (0.94%) Virtual Team
Operating Systems
1 89 (20.99%) Linux
2 75 (17.69%) Windows
3 42 (9.91%) Unix
4 12 (2.83%) Windows Server
5 8 (1.89%) Kali Linux
6 7 (1.65%) AIX
7 6 (1.42%) Red Hat Enterprise Linux
8 5 (1.18%) CentOS
9 4 (0.94%) Android
9 4 (0.94%) Apple iOS
9 4 (0.94%) Mac OS X
9 4 (0.94%) Windows 10
10 3 (0.71%) Ubuntu
11 2 (0.47%) zOS
12 1 (0.24%) Solaris
12 1 (0.24%) Windows NT
Processes & Methodologies
1 155 (36.56%) Information Security
2 126 (29.72%) Cybersecurity
3 91 (21.46%) SIEM
4 85 (20.05%) Agile Software Development
5 83 (19.58%) Vulnerability Management
6 71 (16.75%) OWASP
7 64 (15.09%) Security Testing
8 56 (13.21%) Security Operations
9 54 (12.74%) Risk Management
10 52 (12.26%) Ethical Hacking
11 49 (11.56%) ITIL
12 45 (10.61%) Incident Management
12 45 (10.61%) Vulnerability Scanning
13 43 (10.14%) Analytics
14 42 (9.91%) Test Automation
15 41 (9.67%) Vulnerability Assessment
16 34 (8.02%) SDLC
17 31 (7.31%) BDD
17 31 (7.31%) Security Architecture
18 30 (7.08%) Security Management
Programming Languages
1 44 (10.38%) Java
2 37 (8.73%) Python
3 23 (5.42%) Ruby
3 23 (5.42%) SQL
4 20 (4.72%) PHP
5 14 (3.30%) Bash Shell
6 13 (3.07%) C#
6 13 (3.07%) JavaScript
7 10 (2.36%) C
7 10 (2.36%) Perl
8 9 (2.12%) C++
9 7 (1.65%) Scala
10 4 (0.94%) C-shell
10 4 (0.94%) Korn
10 4 (0.94%) Shell Script
11 3 (0.71%) COBOL
11 3 (0.71%) Groovy
12 2 (0.47%) VB.NET
13 1 (0.24%) Assembly Language
13 1 (0.24%) Go
Qualifications
1 107 (25.24%) CISSP
2 61 (14.39%) CISM
3 47 (11.08%) Degree
4 35 (8.25%) CEH
5 32 (7.55%) CREST Certified
6 29 (6.84%) Security Cleared
7 26 (6.13%) CRISC
8 24 (5.66%) CISA
9 18 (4.25%) SC Cleared
10 15 (3.54%) CHECK Team Member
10 15 (3.54%) MCSE
10 15 (3.54%) Microsoft Certification
11 14 (3.30%) CompTIA Security+
11 14 (3.30%) Security+ Certification
12 13 (3.07%) Cisco Certification
13 12 (2.83%) SANS
14 10 (2.36%) CASP
14 10 (2.36%) SSCP
15 9 (2.12%) CGEIT
15 9 (2.12%) GIAC
Quality Assurance & Compliance
1 87 (20.52%) ISO/IEC 27001
2 46 (10.85%) PCI DSS
3 24 (5.66%) GDPR
4 21 (4.95%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
5 18 (4.25%) COBIT
6 12 (2.83%) QA
7 10 (2.36%) WCAG
8 7 (1.65%) Cyber Essentials
8 7 (1.65%) NIST 800
8 7 (1.65%) Sarbanes-Oxley
9 3 (0.71%) Data Quality
9 3 (0.71%) RMADS
9 3 (0.71%) WAI
10 2 (0.47%) Cyber Essentials PLUS
10 2 (0.47%) HMG Security Policy Framework
11 1 (0.24%) CESG Infosec
11 1 (0.24%) GAAP
11 1 (0.24%) ISAE 3402
11 1 (0.24%) JSP 440
11 1 (0.24%) PMO
System Software
1 21 (4.95%) Active Directory
2 18 (4.25%) VMware Infrastructure
3 8 (1.89%) ProxySG
4 6 (1.42%) Docker
5 5 (1.18%) Virtual Machines
5 5 (1.18%) VMware ESXi
5 5 (1.18%) VMware NSX
6 4 (0.94%) Virtual Servers
7 3 (0.71%) XenApp
7 3 (0.71%) XenDesktop
8 2 (0.47%) RACF
9 1 (0.24%) BitLocker
9 1 (0.24%) IAG
9 1 (0.24%) vSphere
Systems Management
1 19 (4.48%) Puppet
2 14 (3.30%) Nessus
3 12 (2.83%) Terraform
4 11 (2.59%) HP Fortify
5 7 (1.65%) Ansible
5 7 (1.65%) Opscode Chef
6 6 (1.42%) QRadar
7 5 (1.18%) BMC PATROL
7 5 (1.18%) Nmap
7 5 (1.18%) Systems Management Server (SMS)
8 4 (0.94%) CA Single Sign-On
9 3 (0.71%) Nexpose
9 3 (0.71%) Packer
9 3 (0.71%) Red Hat Satellite
10 2 (0.47%) AirWatch
10 2 (0.47%) Microsoft Clustering
10 2 (0.47%) SCCM
10 2 (0.47%) WSUS
10 2 (0.47%) zSecure
11 1 (0.24%) CSIRT
Vendors
1 37 (8.73%) Microsoft
2 25 (5.90%) Cisco
2 25 (5.90%) Oracle
3 22 (5.19%) Splunk
3 22 (5.19%) VMware
4 20 (4.72%) Citrix
5 17 (4.01%) HP
6 15 (3.54%) ArcSight
6 15 (3.54%) CheckPoint
6 15 (3.54%) Juniper
6 15 (3.54%) Qualys
7 14 (3.30%) Palo Alto
8 11 (2.59%) IBM
9 9 (2.12%) SolarWinds
10 8 (1.89%) Blue Coat
11 7 (1.65%) Red Hat
12 6 (1.42%) BMC
13 5 (1.18%) CA
13 5 (1.18%) Nokia
13 5 (1.18%) Sophos