Period
to 17 August 2019

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 17 August 2019 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing
UK
6 months to
17 Aug 2019
Same period 2018 Same period 2017
Rank 482 559 507
Rank change year-on-year +77 -52 -37
Contract jobs citing Penetration Testing 379 369 381
As % of all contract IT jobs advertised in the UK 0.42% 0.36% 0.40%
As % of the Processes & Methodologies category 0.48% 0.41% 0.46%
Number of daily rates quoted 249 233 228
UK median daily rate £513 £525 £475
Median daily rate % change year-on-year -2.38% +10.53% -5.00%
10th Percentile £359 £363 £336
90th Percentile £688 £733 £600
UK excluding London median daily rate £450 £500 £450
% change year-on-year -10.00% +11.11% -5.26%
Number of hourly rates quoted 1 8 3
UK median hourly rate £60.44 £41.00 £60.00
Median hourly rate % change year-on-year +47.40% -31.67% +205.73%
10th Percentile £60.22 £32.34 £54.70
90th Percentile £60.65 £94.13 £62.17
UK excluding London median hourly rate £60.44 £39.00 £60.00
% change year-on-year +54.96% -35.00% +205.73%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Contract vacancies with a requirement for process or methodology skills 79,119 89,298 82,253
As % of all contract IT jobs advertised in the UK 86.83% 86.65% 85.93%
Number of daily rates quoted 52,031 58,920 53,886
UK median daily rate £475 £450 £450
Median daily rate % change year-on-year +5.56% - +5.88%
10th Percentile £300 £300 £275
90th Percentile £650 £638 £625
UK excluding London median daily rate £438 £425 £400
% change year-on-year +2.94% +6.25% -
Number of hourly rates quoted 2,297 2,404 2,088
UK median hourly rate £24.65 £21.00 £24.82
Median hourly rate % change year-on-year +17.38% -15.37% +5.08%
10th Percentile £11.85 £11.18 £11.33
90th Percentile £53.75 £50.00 £50.25
UK excluding London median hourly rate £24.00 £20.00 £25.00
% change year-on-year +20.00% -20.00% +3.20%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 17 August 2019.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 17 August 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Contract
IT Job Ads
Median
Daily Rate
Past 6 Months
Median Daily Rate
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +51 350 £513 -2.38% 120
UK excluding London +57 200 £450 -10.00% 84
London +39 173 £563 +7.14% 42
South East +6 57 £458 -20.43% 16
South West -1 37 £400 -11.60% 10
Midlands +51 32 £445 -25.83% 23
North of England +26 30 £427 +1.97% 25
West Midlands +44 28 £444 -26.04% 18
North West +11 22 £425 +6.25% 14
East of England +2 18 £400 -21.18% 4
Scotland +48 16 £625 +78.57% 1
Wales +15 10 £450 - 2
Yorkshire +12 5 £550 +17.02% 11
East Midlands +18 4 £495 -17.50% 5
North East +24 3 £426 +5.67%

For the 6 months to 17 August 2019, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1 103 (27.18%) Information Security
2 86 (22.69%) Cybersecurity
3 83 (21.90%) Agile Software Development
4 77 (20.32%) Linux
4 77 (20.32%) Security Testing
5 71 (18.73%) Python
6 70 (18.47%) Java
7 68 (17.94%) Security Cleared
8 64 (16.89%) SC Cleared
9 63 (16.62%) OWASP
9 63 (16.62%) CISSP
10 58 (15.30%) Finance
11 57 (15.04%) Windows
12 56 (14.78%) Firewall
13 54 (14.25%) Amazon AWS
13 54 (14.25%) ISO/IEC 27001
14 53 (13.98%) Open Source
14 53 (13.98%) OSCP
14 53 (13.98%) CREST Certified
15 51 (13.46%) Security Architecture
16 47 (12.40%) SIEM
17 45 (11.87%) Security Operations
17 45 (11.87%) Vulnerability Management
18 43 (11.35%) DevOps
18 43 (11.35%) Nessus
19 42 (11.08%) Microsoft Azure
20 39 (10.29%) Test Automation
20 39 (10.29%) Threat Modelling
21 38 (10.03%) Risk Management
22 37 (9.76%) C#

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 9 (2.37%) nginx
2 8 (2.11%) Confluence
2 8 (2.11%) SharePoint
3 6 (1.58%) MS Exchange
4 4 (1.06%) Cloud Foundry
4 4 (1.06%) Exchange Server 2013
5 3 (0.79%) Exchange Server 2010
5 3 (0.79%) GlassFish
5 3 (0.79%) OpenStack
5 3 (0.79%) SAS
5 3 (0.79%) WebLogic
6 2 (0.53%) Apache
6 2 (0.53%) Apache Pig
6 2 (0.53%) Elasticsearch
6 2 (0.53%) IIS
7 1 (0.26%) Skype for Business
7 1 (0.26%) WordPress
Applications
1 4 (1.06%) Microsoft Excel
1 4 (1.06%) Microsoft Office
2 1 (0.26%) Microsoft PowerPoint
2 1 (0.26%) Microsoft Project
2 1 (0.26%) MS Visio
2 1 (0.26%) Spreadsheet
Business Applications
1 1 (0.26%) Dynamics AX
1 1 (0.26%) Dynamics CRM
1 1 (0.26%) Oracle EBS
1 1 (0.26%) Oracle EBS R12
1 1 (0.26%) Oracle Subledger Accounting
1 1 (0.26%) Remedy ITSM
Cloud Services
1 54 (14.25%) Amazon AWS
2 42 (11.08%) Microsoft Azure
3 22 (5.80%) Google Cloud Platform
4 12 (3.17%) Cloud Computing
5 11 (2.90%) GitHub
6 9 (2.37%) Office 365
7 5 (1.32%) SaaS
8 4 (1.06%) AWS CloudFormation
9 3 (0.79%) Amazon EC2
9 3 (0.79%) Amazon S3
9 3 (0.79%) Azure Data Factory
9 3 (0.79%) Mimecast
9 3 (0.79%) PaaS
10 2 (0.53%) Amazon CloudWatch
10 2 (0.53%) CloudFront
10 2 (0.53%) Route 53
10 2 (0.53%) Virtual Private Cloud
11 1 (0.26%) Azure Functions
11 1 (0.26%) IBM Cloud
11 1 (0.26%) Serverless
Communications & Networking
1 56 (14.78%) Firewall
2 25 (6.60%) Network Security
3 21 (5.54%) Internet
4 17 (4.49%) TCP/IP
5 14 (3.69%) HTTP
6 13 (3.43%) VPN
7 12 (3.17%) DNS
8 9 (2.37%) DHCP
8 9 (2.37%) Intrusion Detection
9 8 (2.11%) HTTPS
9 8 (2.11%) WAN
9 8 (2.11%) Wireless
10 7 (1.85%) SSL
11 6 (1.58%) IPsec
11 6 (1.58%) LAN
12 5 (1.32%) MPLS
13 4 (1.06%) SAN
13 4 (1.06%) VLAN
13 4 (1.06%) X.509
14 3 (0.79%) iSCSI
Database & Business Intelligence
1 16 (4.22%) Big Data
2 11 (2.90%) SQL Server
3 9 (2.37%) MongoDB
3 9 (2.37%) PostgreSQL
4 8 (2.11%) MySQL
5 4 (1.06%) Oracle Reports
6 3 (0.79%) Azure SQL Data Warehouse
6 3 (0.79%) Cosmos DB
6 3 (0.79%) Data Warehouse
6 3 (0.79%) Hadoop
6 3 (0.79%) Oracle Database
7 2 (0.53%) Amazon RDS
7 2 (0.53%) Apache Hive
7 2 (0.53%) Blockchain
7 2 (0.53%) Relational Database
8 1 (0.26%) Azure SQL Database
8 1 (0.26%) GIS
8 1 (0.26%) MS Access
8 1 (0.26%) NoSQL
8 1 (0.26%) Redis
Development Applications
1 35 (9.23%) Burp Suite
1 35 (9.23%) Metasploit
2 18 (4.75%) Git (software)
3 16 (4.22%) Jenkins
4 11 (2.90%) Selenium
5 10 (2.64%) Cucumber
5 10 (2.64%) JIRA
5 10 (2.64%) SonarQube
6 9 (2.37%) SoapUI
6 9 (2.37%) Team Foundation Server
7 7 (1.85%) JMeter
8 6 (1.58%) Zephyr
9 5 (1.32%) Snyk
10 4 (1.06%) AppScan
10 4 (1.06%) Artifactory
10 4 (1.06%) Cobertura
10 4 (1.06%) Gradle
10 4 (1.06%) Visual Studio Team System
11 3 (0.79%) VSS/SourceSafe
11 3 (0.79%) WebDriver
General
1 58 (15.30%) Finance
2 19 (5.01%) Legal
3 17 (4.49%) Telecoms
4 14 (3.69%) Law
5 11 (2.90%) Retail
6 9 (2.37%) Banking
7 7 (1.85%) Manufacturing
8 4 (1.06%) Marketing
9 3 (0.79%) Electronics
9 3 (0.79%) Financial Institution
10 1 (0.26%) Advertising
10 1 (0.26%) Billing
10 1 (0.26%) Digital Economy
10 1 (0.26%) Games
10 1 (0.26%) Local Government
10 1 (0.26%) Military
10 1 (0.26%) Publishing
Job Titles
1 117 (30.87%) Tester
2 92 (24.27%) Penetration Tester
3 47 (12.40%) Security Engineer
4 41 (10.82%) Architect
5 39 (10.29%) Analyst
5 39 (10.29%) Consultant
5 39 (10.29%) Security Architect
6 37 (9.76%) Security Consultant
7 33 (8.71%) Security Tester
8 28 (7.39%) Security Analyst
9 19 (5.01%) Security Specialist
10 16 (4.22%) Applications Engineer
11 14 (3.69%) Security Penetration Tester
12 12 (3.17%) Information Security Consultant
12 12 (3.17%) Security Manager
13 11 (2.90%) Project Manager
14 10 (2.64%) Information Analyst
14 10 (2.64%) Senior Data Warehouse Specialist
14 10 (2.64%) Senior Security Specialist
15 9 (2.37%) Information Security Manager
Libraries, Frameworks & Software Standards
1 34 (8.97%) Web Services
2 20 (5.28%) .NET
3 16 (4.22%) OAuth
4 12 (3.17%) Gherkin
4 12 (3.17%) SAML
4 12 (3.17%) Spring
5 11 (2.90%) AngularJS
5 11 (2.90%) OpenID
5 11 (2.90%) React
6 10 (2.64%) jQuery
7 7 (1.85%) HTML
8 6 (1.58%) JSON
9 5 (1.32%) ASP.NET
9 5 (1.32%) Middleware
9 5 (1.32%) Node.js
9 5 (1.32%) OAuth2
10 4 (1.06%) .NET Core
10 4 (1.06%) boto
10 4 (1.06%) RESTful
11 3 (0.79%) RabbitMQ
Miscellaneous
1 24 (6.33%) Management Information System
2 21 (5.54%) Mobile App
3 20 (5.28%) Analytical Skills
4 13 (3.43%) Greenfield Project
5 12 (3.17%) Cyberthreat
5 12 (3.17%) Public Cloud
6 11 (2.90%) User Experience
7 9 (2.37%) PKI
8 6 (1.58%) Security Operations Centre
9 5 (1.32%) Data Protection Act
10 4 (1.06%) Cyberattack
10 4 (1.06%) Data Centre
10 4 (1.06%) Distributed Denial-of-Service
10 4 (1.06%) Mainframe
10 4 (1.06%) SCADA
10 4 (1.06%) Self-Motivation
11 3 (0.79%) Cybercrime
11 3 (0.79%) Derivative
11 3 (0.79%) Private Cloud
11 3 (0.79%) Virtual Team
Operating Systems
1 77 (20.32%) Linux
2 57 (15.04%) Windows
3 21 (5.54%) Kali Linux
4 20 (5.28%) Android
4 20 (5.28%) Apple iOS
5 14 (3.69%) Unix
6 13 (3.43%) Windows Server
7 8 (2.11%) Red Hat Enterprise Linux
8 7 (1.85%) Windows Server 2012
9 4 (1.06%) CentOS
9 4 (1.06%) Solaris
9 4 (1.06%) Windows 7
10 3 (0.79%) Mac OS X
10 3 (0.79%) Ubuntu
10 3 (0.79%) Windows Server 2008
11 1 (0.26%) Debian
11 1 (0.26%) Mac OS
11 1 (0.26%) openSUSE
11 1 (0.26%) Windows 10
Processes & Methodologies
1 103 (27.18%) Information Security
2 86 (22.69%) Cybersecurity
3 83 (21.90%) Agile Software Development
4 77 (20.32%) Security Testing
5 63 (16.62%) OWASP
6 53 (13.98%) Open Source
7 51 (13.46%) Security Architecture
8 47 (12.40%) SIEM
9 45 (11.87%) Security Operations
9 45 (11.87%) Vulnerability Management
10 43 (11.35%) DevOps
11 39 (10.29%) Test Automation
11 39 (10.29%) Threat Modelling
12 38 (10.03%) Risk Management
13 33 (8.71%) Vulnerability Assessment
14 29 (7.65%) Social Engineering
14 29 (7.65%) Vulnerability Scanning
15 28 (7.39%) Ethical Hacking
16 26 (6.86%) Mentoring
17 24 (6.33%) Risk Assessment
Programming Languages
1 71 (18.73%) Python
2 70 (18.47%) Java
3 37 (9.76%) C#
4 32 (8.44%) PHP
5 29 (7.65%) JavaScript
6 26 (6.86%) C++
6 26 (6.86%) SQL
7 22 (5.80%) C
8 18 (4.75%) Ruby
9 14 (3.69%) PowerShell
10 12 (3.17%) Perl
11 11 (2.90%) Bash Shell
11 11 (2.90%) Objective-C
12 10 (2.64%) Shell Script
13 8 (2.11%) Apple Swift
14 7 (1.85%) Go
15 1 (0.26%) Java 8
15 1 (0.26%) sed
15 1 (0.26%) T-SQL
15 1 (0.26%) TypeScript
Qualifications
1 68 (17.94%) Security Cleared
2 64 (16.89%) SC Cleared
3 63 (16.62%) CISSP
4 53 (13.98%) CREST Certified
4 53 (13.98%) OSCP
5 34 (8.97%) CEH
6 32 (8.44%) SANS
7 26 (6.86%) CISM
8 25 (6.60%) GPEN
9 24 (6.33%) CHECK Team Leader
10 22 (5.80%) CHECK Team Member
10 22 (5.80%) GIAC
11 20 (5.28%) CISA
11 20 (5.28%) GXPN
12 18 (4.75%) Cisco Certification
12 18 (4.75%) Degree
12 18 (4.75%) GWAPT
13 17 (4.49%) DV Cleared
13 17 (4.49%) OSCE
14 11 (2.90%) Tigerscheme
Quality Assurance & Compliance
1 54 (14.25%) ISO/IEC 27001
2 22 (5.80%) PCI DSS
3 14 (3.69%) GDPR
3 14 (3.69%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
3 14 (3.69%) QA
4 12 (3.17%) NIST
5 8 (2.11%) Cyber Essentials
6 7 (1.85%) RMADS
6 7 (1.85%) Sarbanes-Oxley
7 5 (1.32%) COBIT
8 4 (1.06%) Data Quality
8 4 (1.06%) PMO
9 2 (0.53%) Cyber Essentials PLUS
9 2 (0.53%) PMBOK
9 2 (0.53%) SLA
10 1 (0.26%) Actionable Recommendations
10 1 (0.26%) FedRAMP
10 1 (0.26%) IFRS
10 1 (0.26%) ISAE 3402
10 1 (0.26%) ITGC
System Software
1 17 (4.49%) Active Directory
1 17 (4.49%) Docker
2 13 (3.43%) VMware Infrastructure
3 3 (0.79%) VMware ESXi
3 3 (0.79%) VMware NSX
3 3 (0.79%) XenApp
3 3 (0.79%) XenDesktop
4 2 (0.53%) Hyper-V
4 2 (0.53%) KVM
4 2 (0.53%) ProxySG
4 2 (0.53%) Snort
4 2 (0.53%) VMware Server
5 1 (0.26%) Varnish
5 1 (0.26%) Virtual Machines
5 1 (0.26%) Virtual Servers
5 1 (0.26%) zsh
Systems Management
1 43 (11.35%) Nessus
2 36 (9.50%) Nmap
3 17 (4.49%) Kubernetes
4 10 (2.64%) Red Hat Satellite
4 10 (2.64%) WSUS
5 7 (1.85%) QRadar
6 6 (1.58%) Puppet
6 6 (1.58%) Terraform
7 5 (1.32%) Opscode Chef
7 5 (1.32%) Prometheus
7 5 (1.32%) Single Sign-On
7 5 (1.32%) Sysdig
8 4 (1.06%) Ansible
8 4 (1.06%) Mesos
8 4 (1.06%) Nexpose
8 4 (1.06%) Rancher
8 4 (1.06%) WebInspect
9 3 (0.79%) HP Quality Center
10 2 (0.53%) HAProxy
10 2 (0.53%) SCCM
Vendors
1 26 (6.86%) Microsoft
2 19 (5.01%) HP
3 16 (4.22%) VMware
4 15 (3.96%) Cisco
5 14 (3.69%) Red Hat
6 11 (2.90%) BMC
6 11 (2.90%) Oracle
6 11 (2.90%) Qualys
7 10 (2.64%) Tripwire
8 9 (2.37%) Google
9 8 (2.11%) CheckPoint
9 8 (2.11%) IBM
9 8 (2.11%) Palo Alto
9 8 (2.11%) Rapid7
10 7 (1.85%) Forcepoint
10 7 (1.85%) SAP
11 6 (1.58%) ArcSight
11 6 (1.58%) F5
12 5 (1.32%) Citrix
12 5 (1.32%) FireEye