Period
to 27 February 2020

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 27 February 2020 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
27 Feb 2020
Same period 2019 Same period 2018
Rank 473 485 529
Rank change year-on-year +12 +44 -49
Contract jobs citing Penetration Testing 260 432 404
As % of all contract IT jobs advertised in the UK 0.38% 0.44% 0.40%
As % of the Processes & Methodologies category 0.45% 0.50% 0.46%
Number of daily rates quoted 164 240 246
UK median daily rate £525 £525 £500
Median daily rate % change year-on-year - +5.00% +11.11%
10th Percentile £350 £400 £355
90th Percentile £688 £675 £675
UK excluding London median daily rate £450 £500 £500
% change year-on-year -10.00% - +6.38%
Number of hourly rates quoted 4 4 0
UK median hourly rate £35.00 £35.00 -
UK excluding London median hourly rate £35.00 £35.00 -

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 57,665 86,503 87,773
As % of all contract IT jobs advertised in the UK 85.11% 87.34% 86.38%
Number of daily rates quoted 37,175 57,175 58,542
UK median daily rate £475 £475 £450
Median daily rate % change year-on-year - +5.56% +5.88%
10th Percentile £282 £300 £281
90th Percentile £650 £650 £638
UK excluding London median daily rate £437 £425 £413
% change year-on-year +2.78% +3.03% +3.13%
Number of hourly rates quoted 1,912 2,257 2,141
UK median hourly rate £24.05 £24.08 £24.00
Median hourly rate % change year-on-year -0.12% +0.33% -2.04%
10th Percentile £12.44 £11.50 £11.25
90th Percentile £53.70 £50.00 £50.25
UK excluding London median hourly rate £21.32 £22.92 £24.00
% change year-on-year -6.96% -4.52% +0.21%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 27 February 2020.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Histogram

The hourly rate distribution of IT jobs citing Penetration Testing over the 6 months to 27 February 2020.

Contractor hourly rate histogram for Penetration Testing in the UK

Penetration Testing
Top 14 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 27 February 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +24 234 £525 - 134
UK excluding London +45 133 £450 -10.00% 90
London +45 121 £575 +9.52% 48
South East +50 47 £463 -7.50% 22
North of England +38 26 £450 -12.20% 31
Midlands +47 18 £363 -27.34% 21
Scotland +42 18 £450 -25.00% 3
North West +18 15 £450 -10.00% 15
South West +18 12 £425 -4.49% 8
Yorkshire +51 11 £450 -29.41% 15
East of England +27 11 £500 +1.01% 4
West Midlands +34 10 £351 -29.90% 13
East Midlands +48 8 £450 -20.00% 8
Wales +22 1 £550 +14.58% 1

For the 6 months to 27 February 2020, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 84 (32.31%) Cybersecurity
2 83 (31.92%) Information Security
3 75 (28.85%) Security Testing
4 63 (24.23%) AWS
5 56 (21.54%) Firewall
6 52 (20.00%) Agile Software Development
7 48 (18.46%) ISO/IEC 27001
8 47 (18.08%) Linux
9 46 (17.69%) Security Cleared
10 43 (16.54%) Windows
11 41 (15.77%) Finance
12 39 (15.00%) Test Automation
13 38 (14.62%) Security Architecture
13 38 (14.62%) CISSP
14 36 (13.85%) SC Cleared
15 35 (13.46%) Azure
16 33 (12.69%) Open Source
16 33 (12.69%) Vulnerability Management
16 33 (12.69%) GDPR
17 31 (11.92%) DevOps
17 31 (11.92%) Public Sector
18 29 (11.15%) Vulnerability Scanning
18 29 (11.15%) SIEM
19 28 (10.77%) TCP/IP
19 28 (10.77%) CREST Certified
20 27 (10.38%) Python
20 27 (10.38%) Risk Management
20 27 (10.38%) Security Management
21 26 (10.00%) Nessus
22 25 (9.62%) Incident Management

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 19 (7.31%) Confluence
2 9 (3.46%) SharePoint
3 7 (2.69%) IIS
3 7 (2.69%) nginx
4 4 (1.54%) Apache
5 3 (1.15%) Elasticsearch
6 2 (0.77%) Apache Spark
6 2 (0.77%) CMS
6 2 (0.77%) OpenStack
7 1 (0.38%) Drupal
7 1 (0.38%) GlassFish
7 1 (0.38%) Kentico
7 1 (0.38%) MS Exchange
7 1 (0.38%) WebLogic
Applications
1 4 (1.54%) Microsoft Office
2 1 (0.38%) Microsoft Project
Business Applications
1 5 (1.92%) Aligne
2 1 (0.38%) Payment Gateway
2 1 (0.38%) Remedy ITSM
Cloud Services
1 63 (24.23%) AWS
2 35 (13.46%) Azure
3 21 (8.08%) GCP
4 6 (2.31%) AWS CloudFormation
4 6 (2.31%) BrowserStack
4 6 (2.31%) Office 365
5 5 (1.92%) Amazon S3
5 5 (1.92%) Google Analytics
5 5 (1.92%) Google Compute Engine
6 4 (1.54%) CloudFront
6 4 (1.54%) GitHub
6 4 (1.54%) Route 53
6 4 (1.54%) Virtual Private Cloud
7 3 (1.15%) SaaS
8 2 (0.77%) Amazon CloudWatch
8 2 (0.77%) Amazon EC2
8 2 (0.77%) Azure Active Directory
8 2 (0.77%) Heroku
8 2 (0.77%) OpenShift
8 2 (0.77%) Slack
Communications & Networking
1 56 (21.54%) Firewall
2 28 (10.77%) TCP/IP
3 18 (6.92%) Internet
4 16 (6.15%) DNS
4 16 (6.15%) Kerberos
5 15 (5.77%) Intrusion Detection
6 12 (4.62%) Network Security
7 9 (3.46%) VPN
8 8 (3.08%) DHCP
8 8 (3.08%) WAN
9 7 (2.69%) HTTP
9 7 (2.69%) X.509
10 6 (2.31%) DSL
10 6 (2.31%) VoIP
11 5 (1.92%) LAN
11 5 (1.92%) Remote Desktop
11 5 (1.92%) SMTP
11 5 (1.92%) Wireless
12 4 (1.54%) MPLS
12 4 (1.54%) SSL
Database & Business Intelligence
1 11 (4.23%) SQL Server
2 10 (3.85%) PostgreSQL
3 9 (3.46%) Big Data
3 9 (3.46%) Blockchain
4 5 (1.92%) MongoDB
4 5 (1.92%) Oracle Database
5 3 (1.15%) MySQL
5 3 (1.15%) Oracle Reports
6 2 (0.77%) Amazon RDS
Development Applications
1 23 (8.85%) JIRA
2 15 (5.77%) Burp Suite
2 15 (5.77%) Jenkins
3 12 (4.62%) Git (software)
4 10 (3.85%) Selenium
5 9 (3.46%) Metasploit
6 8 (3.08%) Cucumber
7 6 (2.31%) Gatling
7 6 (2.31%) WebDriver
8 4 (1.54%) Bitbucket
8 4 (1.54%) GitLab
9 3 (1.15%) Team Foundation Server
10 2 (0.77%) AppScan
10 2 (0.77%) Atlassian Bamboo
10 2 (0.77%) CircleCI
10 2 (0.77%) git-flow
10 2 (0.77%) gulp
11 1 (0.38%) SonarQube
11 1 (0.38%) Sonatype Nexus
11 1 (0.38%) Subversion
General
1 41 (15.77%) Finance
2 31 (11.92%) Public Sector
3 16 (6.15%) Retail
4 11 (4.23%) Legal
5 6 (2.31%) Local Government
6 5 (1.92%) Telecoms
7 4 (1.54%) Financial Institution
8 3 (1.15%) Banking
9 2 (0.77%) Aerospace
9 2 (0.77%) Billing
10 1 (0.38%) German Language
10 1 (0.38%) Law
10 1 (0.38%) Police
Job Titles
1 49 (18.85%) Architect
2 42 (16.15%) Tester
3 34 (13.08%) Security Architect
4 33 (12.69%) Penetration Tester
5 32 (12.31%) Consultant
6 31 (11.92%) Analyst
7 30 (11.54%) Security Consultant
8 25 (9.62%) Security Engineer
9 16 (6.15%) Security Analyst
10 15 (5.77%) Cybersecurity Consultant
11 12 (4.62%) Information Architect
11 12 (4.62%) Security Tester
12 10 (3.85%) Security Manager
13 9 (3.46%) Network Engineer
14 8 (3.08%) Information Assurance Architect
14 8 (3.08%) IT Analyst
14 8 (3.08%) Senior Tester
14 8 (3.08%) Test Analyst
14 8 (3.08%) Test Manager
15 7 (2.69%) Information Officer
Libraries, Frameworks & Software Standards
1 17 (6.54%) Web Services
2 16 (6.15%) SAML
3 13 (5.00%) Node.js
4 10 (3.85%) .NET
5 9 (3.46%) CSS
5 9 (3.46%) OAuth
5 9 (3.46%) OAuth2
6 7 (2.69%) HTML
7 5 (1.92%) Spring
8 4 (1.54%) REST
9 3 (1.15%) LAMP
9 3 (1.15%) LEMP Stack
9 3 (1.15%) RabbitMQ
10 2 (0.77%) ASP.NET
10 2 (0.77%) GraphQL
10 2 (0.77%) OpenID
10 2 (0.77%) Spring MVC
10 2 (0.77%) SQLAlchemy
10 2 (0.77%) Vue.js
10 2 (0.77%) YAML
Miscellaneous
1 23 (8.85%) Management Information System
2 15 (5.77%) Mobile App
3 9 (3.46%) PKI
4 8 (3.08%) Greenfield Project
5 7 (2.69%) Cyberthreat
6 6 (2.31%) Analytical Skills
6 6 (2.31%) Robotics
7 5 (1.92%) Data Centre
7 5 (1.92%) Public Cloud
8 4 (1.54%) CESG
9 3 (1.15%) Cyber Defence
9 3 (1.15%) Foreign Exchange (FX)
10 2 (0.77%) Analytical Mindset
10 2 (0.77%) Cyberattack
10 2 (0.77%) Driving Licence
10 2 (0.77%) Security Operations Centre
11 1 (0.38%) Cyber Kill Chain
11 1 (0.38%) Self-Motivation
11 1 (0.38%) Shadow IT
11 1 (0.38%) Virtual Team
Operating Systems
1 47 (18.08%) Linux
2 43 (16.54%) Windows
3 7 (2.69%) Kali Linux
3 7 (2.69%) Unix
3 7 (2.69%) Windows Server
4 6 (2.31%) Android
5 5 (1.92%) CentOS
6 4 (1.54%) Apple iOS
6 4 (1.54%) Red Hat Enterprise Linux
7 3 (1.15%) Ubuntu
7 3 (1.15%) Windows Server 2012
8 2 (0.77%) Mac OS X
9 1 (0.38%) VMS
9 1 (0.38%) Windows 7
Processes & Methodologies
1 84 (32.31%) Cybersecurity
2 83 (31.92%) Information Security
3 75 (28.85%) Security Testing
4 52 (20.00%) Agile Software Development
5 39 (15.00%) Test Automation
6 38 (14.62%) Security Architecture
7 33 (12.69%) Open Source
7 33 (12.69%) Vulnerability Management
8 31 (11.92%) DevOps
9 29 (11.15%) SIEM
9 29 (11.15%) Vulnerability Scanning
10 27 (10.38%) Risk Management
10 27 (10.38%) Security Management
11 25 (9.62%) Incident Management
12 24 (9.23%) Ethical Hacking
12 24 (9.23%) OWASP
13 22 (8.46%) Continuous Improvement
13 22 (8.46%) Security Operations
14 18 (6.92%) Performance Testing
14 18 (6.92%) Vulnerability Assessment
Programming Languages
1 27 (10.38%) Python
2 15 (5.77%) Java
3 9 (3.46%) PHP
4 8 (3.08%) Bash Shell
4 8 (3.08%) SQL
5 6 (2.31%) C++
5 6 (2.31%) Groovy
5 6 (2.31%) PowerShell
5 6 (2.31%) Scala
6 5 (1.92%) C
6 5 (1.92%) JavaScript
7 4 (1.54%) Ruby
8 3 (1.15%) C#
8 3 (1.15%) Go
9 2 (0.77%) Shell Script
10 1 (0.38%) Perl
10 1 (0.38%) VB.NET
Qualifications
1 46 (17.69%) Security Cleared
2 38 (14.62%) CISSP
3 36 (13.85%) SC Cleared
4 28 (10.77%) CREST Certified
5 22 (8.46%) CISM
6 21 (8.08%) Degree
6 21 (8.08%) OSCP
7 16 (6.15%) SANS
8 15 (5.77%) CEH
8 15 (5.77%) CLAS
9 14 (5.38%) GIAC
10 12 (4.62%) TOGAF Certification
11 10 (3.85%) CompTIA Security+
11 10 (3.85%) Computer Science Degree
11 10 (3.85%) DV Cleared
12 9 (3.46%) CISA
12 9 (3.46%) Cisco Certification
13 8 (3.08%) CESG Certified Professional
14 5 (1.92%) CCNA
14 5 (1.92%) SSCP
Quality Assurance & Compliance
1 48 (18.46%) ISO/IEC 27001
2 33 (12.69%) GDPR
3 25 (9.62%) NIST
4 19 (7.31%) QA
5 18 (6.92%) PCI DSS
6 15 (5.77%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
7 13 (5.00%) COBIT
8 11 (4.23%) SLA
9 8 (3.08%) Sarbanes-Oxley
10 5 (1.92%) Cyber Essentials
10 5 (1.92%) NCSC
11 4 (1.54%) Cyber Essentials PLUS
11 4 (1.54%) ISAE 3402
12 2 (0.77%) HMG Security Policy Framework
12 2 (0.77%) NIST 800
12 2 (0.77%) PMO
System Software
1 10 (3.85%) Docker
2 6 (2.31%) Active Directory
3 4 (1.54%) Hyper-V
4 3 (1.15%) VMware Infrastructure
5 2 (0.77%) Snort
5 2 (0.77%) VMware NSX
6 1 (0.38%) Firmware
6 1 (0.38%) ProxySG
6 1 (0.38%) Virtual Machines
6 1 (0.38%) Virtual Servers
Systems Management
1 26 (10.00%) Nessus
2 15 (5.77%) Terraform
3 11 (4.23%) Ansible
4 7 (2.69%) Kubernetes
4 7 (2.69%) Nmap
5 6 (2.31%) QRadar
6 5 (1.92%) HP Fortify
6 5 (1.92%) RSA Archer
7 4 (1.54%) Computer Emergency Response Teams
7 4 (1.54%) Single Sign-On
7 4 (1.54%) ThinApp
8 3 (1.15%) Opscode Chef
8 3 (1.15%) Prometheus
9 2 (0.77%) HAProxy
9 2 (0.77%) HP ALM
9 2 (0.77%) WebInspect
10 1 (0.38%) Kibana
10 1 (0.38%) logstash
10 1 (0.38%) Nagios
10 1 (0.38%) Nexpose
Vendors
1 25 (9.62%) Google
2 16 (6.15%) Microsoft
3 13 (5.00%) Cisco
4 12 (4.62%) Qualys
5 11 (4.23%) Splunk
6 10 (3.85%) Oracle
7 9 (3.46%) Rapid7
8 8 (3.08%) McAfee
9 7 (2.69%) ArcSight
9 7 (2.69%) VMware
10 5 (1.92%) CheckPoint
10 5 (1.92%) Palo Alto
11 4 (1.54%) AlienVault
11 4 (1.54%) Fortinet
11 4 (1.54%) Juniper
11 4 (1.54%) Salesforce.com
12 3 (1.15%) Red Hat
13 2 (0.77%) HP
13 2 (0.77%) Remedy
13 2 (0.77%) Sophos