Penetration Testing contracts, contractor rates and trends for Penetration Testing skills

The following table provides summary statistics for contract job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Penetration Testing over the 6 months to 17 August 2019 with a comparison to the same period in the previous 2 years.

Note that daily and hourly rates are treated separately in these statistics. When calculating contractor rate percentiles, daily rates are never derived from quoted hourly rates or vice versa.

Penetration Testing UK
Location	6 months to 17 Aug 2019	Same period 2018	Same period 2017
Rank	482	559	507
Rank change year-on-year	+77	-52	-37
Contract jobs citing Penetration Testing	379	369	381
As % of all contract IT jobs advertised in the UK	0.42%	0.36%	0.40%
As % of the Processes & Methodologies category	0.48%	0.41%	0.46%
Number of daily rates quoted	249	233	228
UK median daily rate	£513	£525	£475
Median daily rate % change year-on-year	-2.38%	+10.53%	-5.00%
10th Percentile	£359	£363	£336
90th Percentile	£688	£733	£600
UK excluding London median daily rate	£450	£500	£450
% change year-on-year	-10.00%	+11.11%	-5.26%
Number of hourly rates quoted	1	8	3
UK median hourly rate	£60.44	£41.00	£60.00
Median hourly rate % change year-on-year	+47.40%	-31.67%	+205.73%
10th Percentile	£60.22	£32.34	£54.70
90th Percentile	£60.65	£94.13	£62.17
UK excluding London median hourly rate	£60.44	£39.00	£60.00
% change year-on-year	+54.96%	-35.00%	+205.73%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills UK
Contract vacancies with a requirement for process or methodology skills	79,119	89,298	82,253
As % of all contract IT jobs advertised in the UK	86.83%	86.65%	85.93%
Number of daily rates quoted	52,031	58,920	53,886
UK median daily rate	£475	£450	£450
Median daily rate % change year-on-year	+5.56%	-	+5.88%
10th Percentile	£300	£300	£275
90th Percentile	£650	£638	£625
UK excluding London median daily rate	£438	£425	£400
% change year-on-year	+2.94%	+6.25%	-
Number of hourly rates quoted	2,297	2,404	2,088
UK median hourly rate	£24.65	£21.00	£24.82
Median hourly rate % change year-on-year	+17.38%	-15.37%	+5.08%
10th Percentile	£11.85	£11.18	£11.33
90th Percentile	£53.75	£50.00	£50.25
UK excluding London median hourly rate	£24.00	£20.00	£25.00
% change year-on-year	+20.00%	-20.00%	+3.20%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Trend

This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Penetration Testing.

Contractor daily rate trend for Penetration Testing in the UK

Penetration Testing
Contractor Daily Rate Histogram

The daily rate distribution of IT jobs citing Penetration Testing over the 6 months to 17 August 2019.

Contractor daily rate histogram for Penetration Testing in the UK

Penetration Testing
Contractor Hourly Rate Trend

This chart provides the 3-month moving average for contractor hourly rates quoted in IT jobs citing Penetration Testing.

Contractor hourly rate trend for Penetration Testing in the UK

Penetration Testing
Top 15 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 17 August 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Contract IT Job Ads	Median Daily Rate Past 6 Months	Median Daily Rate % Change on Same Period Last Year	Live Job Vacancies
England	+51	350	£513	-2.38%	120
UK excluding London	+57	200	£450	-10.00%	84
London	+39	173	£563	+7.14%	42
South East	+6	57	£458	-20.43%	16
South West	-1	37	£400	-11.60%	10
Midlands	+51	32	£445	-25.83%	23
North of England	+26	30	£427	+1.97%	25
West Midlands	+44	28	£444	-26.04%	18
North West	+11	22	£425	+6.25%	14
East of England	+2	18	£400	-21.18%	4
Scotland	+48	16	£625	+78.57%	1
Wales	+15	10	£450	-	2
Yorkshire	+12	5	£550	+17.02%	11
East Midlands	+18	4	£495	-17.50%	5
North East	+24	3	£426	+5.67%

Penetration Testing
Top 30 Co-occurring IT Skills

For the 6 months to 17 August 2019, IT contractor jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all contract job ads with a requirement for Penetration Testing.

1	103 (27.18%)	Information Security
2	86 (22.69%)	Cybersecurity
3	83 (21.90%)	Agile Software Development
4	77 (20.32%)	Linux
4	77 (20.32%)	Security Testing
5	71 (18.73%)	Python
6	70 (18.47%)	Java
7	68 (17.94%)	Security Cleared
8	64 (16.89%)	SC Cleared
9	63 (16.62%)	OWASP
9	63 (16.62%)	CISSP
10	58 (15.30%)	Finance
11	57 (15.04%)	Windows
12	56 (14.78%)	Firewall
13	54 (14.25%)	Amazon AWS

13	54 (14.25%)	ISO/IEC 27001
14	53 (13.98%)	Open Source
14	53 (13.98%)	OSCP
14	53 (13.98%)	CREST Certified
15	51 (13.46%)	Security Architecture
16	47 (12.40%)	SIEM
17	45 (11.87%)	Security Operations
17	45 (11.87%)	Vulnerability Management
18	43 (11.35%)	DevOps
18	43 (11.35%)	Nessus
19	42 (11.08%)	Microsoft Azure
20	39 (10.29%)	Test Automation
20	39 (10.29%)	Threat Modelling
21	38 (10.03%)	Risk Management
22	37 (9.76%)	C#

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
Applications
Business Applications
Cloud Services
Communications & Networking
Database & Business Intelligence
Development Applications
General
Job Titles
Libraries, Frameworks & Software Standards
Miscellaneous
Operating Systems
Processes & Methodologies
Programming Languages
Qualifications
Quality Assurance & Compliance
System Software
Systems Management
Vendors

Application Platforms
1	9 (2.37%)	nginx
2	8 (2.11%)	Confluence
2	8 (2.11%)	SharePoint
3	6 (1.58%)	MS Exchange
4	4 (1.06%)	Cloud Foundry
4	4 (1.06%)	Exchange Server 2013
5	3 (0.79%)	Exchange Server 2010
5	3 (0.79%)	GlassFish
5	3 (0.79%)	OpenStack
5	3 (0.79%)	SAS
5	3 (0.79%)	WebLogic
6	2 (0.53%)	Apache
6	2 (0.53%)	Apache Pig
6	2 (0.53%)	Elasticsearch
6	2 (0.53%)	IIS
7	1 (0.26%)	Skype for Business
7	1 (0.26%)	WordPress

Applications
1	4 (1.06%)	Microsoft Excel
1	4 (1.06%)	Microsoft Office
2	1 (0.26%)	Microsoft PowerPoint
2	1 (0.26%)	Microsoft Project
2	1 (0.26%)	MS Visio
2	1 (0.26%)	Spreadsheet

Business Applications
1	1 (0.26%)	Dynamics AX
1	1 (0.26%)	Dynamics CRM
1	1 (0.26%)	Oracle EBS
1	1 (0.26%)	Oracle EBS R12
1	1 (0.26%)	Oracle Subledger Accounting
1	1 (0.26%)	Remedy ITSM

Cloud Services
1	54 (14.25%)	Amazon AWS
2	42 (11.08%)	Microsoft Azure
3	22 (5.80%)	Google Cloud Platform
4	12 (3.17%)	Cloud Computing
5	11 (2.90%)	GitHub
6	9 (2.37%)	Office 365
7	5 (1.32%)	SaaS
8	4 (1.06%)	AWS CloudFormation
9	3 (0.79%)	Amazon EC2
9	3 (0.79%)	Amazon S3
9	3 (0.79%)	Azure Data Factory
9	3 (0.79%)	Mimecast
9	3 (0.79%)	PaaS
10	2 (0.53%)	Amazon CloudWatch
10	2 (0.53%)	CloudFront
10	2 (0.53%)	Route 53
10	2 (0.53%)	Virtual Private Cloud
11	1 (0.26%)	Azure Functions
11	1 (0.26%)	IBM Cloud
11	1 (0.26%)	Serverless

Communications & Networking
1	56 (14.78%)	Firewall
2	25 (6.60%)	Network Security
3	21 (5.54%)	Internet
4	17 (4.49%)	TCP/IP
5	14 (3.69%)	HTTP
6	13 (3.43%)	VPN
7	12 (3.17%)	DNS
8	9 (2.37%)	DHCP
8	9 (2.37%)	Intrusion Detection
9	8 (2.11%)	HTTPS
9	8 (2.11%)	WAN
9	8 (2.11%)	Wireless
10	7 (1.85%)	SSL
11	6 (1.58%)	IPsec
11	6 (1.58%)	LAN
12	5 (1.32%)	MPLS
13	4 (1.06%)	SAN
13	4 (1.06%)	VLAN
13	4 (1.06%)	X.509
14	3 (0.79%)	iSCSI

Database & Business Intelligence
1	16 (4.22%)	Big Data
2	11 (2.90%)	SQL Server
3	9 (2.37%)	MongoDB
3	9 (2.37%)	PostgreSQL
4	8 (2.11%)	MySQL
5	4 (1.06%)	Oracle Reports
6	3 (0.79%)	Azure SQL Data Warehouse
6	3 (0.79%)	Cosmos DB
6	3 (0.79%)	Data Warehouse
6	3 (0.79%)	Hadoop
6	3 (0.79%)	Oracle Database
7	2 (0.53%)	Amazon RDS
7	2 (0.53%)	Apache Hive
7	2 (0.53%)	Blockchain
7	2 (0.53%)	Relational Database
8	1 (0.26%)	Azure SQL Database
8	1 (0.26%)	GIS
8	1 (0.26%)	MS Access
8	1 (0.26%)	NoSQL
8	1 (0.26%)	Redis

Development Applications
1	35 (9.23%)	Burp Suite
1	35 (9.23%)	Metasploit
2	18 (4.75%)	Git (software)
3	16 (4.22%)	Jenkins
4	11 (2.90%)	Selenium
5	10 (2.64%)	Cucumber
5	10 (2.64%)	JIRA
5	10 (2.64%)	SonarQube
6	9 (2.37%)	SoapUI
6	9 (2.37%)	Team Foundation Server
7	7 (1.85%)	JMeter
8	6 (1.58%)	Zephyr
9	5 (1.32%)	Snyk
10	4 (1.06%)	AppScan
10	4 (1.06%)	Artifactory
10	4 (1.06%)	Cobertura
10	4 (1.06%)	Gradle
10	4 (1.06%)	Visual Studio Team System
11	3 (0.79%)	VSS/SourceSafe
11	3 (0.79%)	WebDriver

General
1	58 (15.30%)	Finance
2	19 (5.01%)	Legal
3	17 (4.49%)	Telecoms
4	14 (3.69%)	Law
5	11 (2.90%)	Retail
6	9 (2.37%)	Banking
7	7 (1.85%)	Manufacturing
8	4 (1.06%)	Marketing
9	3 (0.79%)	Electronics
9	3 (0.79%)	Financial Institution
10	1 (0.26%)	Advertising
10	1 (0.26%)	Billing
10	1 (0.26%)	Digital Economy
10	1 (0.26%)	Games
10	1 (0.26%)	Local Government
10	1 (0.26%)	Military
10	1 (0.26%)	Publishing

Job Titles
1	117 (30.87%)	Tester
2	92 (24.27%)	Penetration Tester
3	47 (12.40%)	Security Engineer
4	41 (10.82%)	Architect
5	39 (10.29%)	Analyst
5	39 (10.29%)	Consultant
5	39 (10.29%)	Security Architect
6	37 (9.76%)	Security Consultant
7	33 (8.71%)	Security Tester
8	28 (7.39%)	Security Analyst
9	19 (5.01%)	Security Specialist
10	16 (4.22%)	Applications Engineer
11	14 (3.69%)	Security Penetration Tester
12	12 (3.17%)	Information Security Consultant
12	12 (3.17%)	Security Manager
13	11 (2.90%)	Project Manager
14	10 (2.64%)	Information Analyst
14	10 (2.64%)	Senior Data Warehouse Specialist
14	10 (2.64%)	Senior Security Specialist
15	9 (2.37%)	Information Security Manager

Libraries, Frameworks & Software Standards
1	34 (8.97%)	Web Services
2	20 (5.28%)	.NET
3	16 (4.22%)	OAuth
4	12 (3.17%)	Gherkin
4	12 (3.17%)	SAML
4	12 (3.17%)	Spring
5	11 (2.90%)	AngularJS
5	11 (2.90%)	OpenID
5	11 (2.90%)	React
6	10 (2.64%)	jQuery
7	7 (1.85%)	HTML
8	6 (1.58%)	JSON
9	5 (1.32%)	ASP.NET
9	5 (1.32%)	Middleware
9	5 (1.32%)	Node.js
9	5 (1.32%)	OAuth2
10	4 (1.06%)	.NET Core
10	4 (1.06%)	boto
10	4 (1.06%)	RESTful
11	3 (0.79%)	RabbitMQ

Miscellaneous
1	24 (6.33%)	Management Information System
2	21 (5.54%)	Mobile App
3	20 (5.28%)	Analytical Skills
4	13 (3.43%)	Greenfield Project
5	12 (3.17%)	Cyberthreat
5	12 (3.17%)	Public Cloud
6	11 (2.90%)	User Experience
7	9 (2.37%)	PKI
8	6 (1.58%)	Security Operations Centre
9	5 (1.32%)	Data Protection Act
10	4 (1.06%)	Cyberattack
10	4 (1.06%)	Data Centre
10	4 (1.06%)	Distributed Denial-of-Service
10	4 (1.06%)	Mainframe
10	4 (1.06%)	SCADA
10	4 (1.06%)	Self-Motivation
11	3 (0.79%)	Cybercrime
11	3 (0.79%)	Derivative
11	3 (0.79%)	Private Cloud
11	3 (0.79%)	Virtual Team

Operating Systems
1	77 (20.32%)	Linux
2	57 (15.04%)	Windows
3	21 (5.54%)	Kali Linux
4	20 (5.28%)	Android
4	20 (5.28%)	Apple iOS
5	14 (3.69%)	Unix
6	13 (3.43%)	Windows Server
7	8 (2.11%)	Red Hat Enterprise Linux
8	7 (1.85%)	Windows Server 2012
9	4 (1.06%)	CentOS
9	4 (1.06%)	Solaris
9	4 (1.06%)	Windows 7
10	3 (0.79%)	Mac OS X
10	3 (0.79%)	Ubuntu
10	3 (0.79%)	Windows Server 2008
11	1 (0.26%)	Debian
11	1 (0.26%)	Mac OS
11	1 (0.26%)	openSUSE
11	1 (0.26%)	Windows 10

Processes & Methodologies
1	103 (27.18%)	Information Security
2	86 (22.69%)	Cybersecurity
3	83 (21.90%)	Agile Software Development
4	77 (20.32%)	Security Testing
5	63 (16.62%)	OWASP
6	53 (13.98%)	Open Source
7	51 (13.46%)	Security Architecture
8	47 (12.40%)	SIEM
9	45 (11.87%)	Security Operations
9	45 (11.87%)	Vulnerability Management
10	43 (11.35%)	DevOps
11	39 (10.29%)	Test Automation
11	39 (10.29%)	Threat Modelling
12	38 (10.03%)	Risk Management
13	33 (8.71%)	Vulnerability Assessment
14	29 (7.65%)	Social Engineering
14	29 (7.65%)	Vulnerability Scanning
15	28 (7.39%)	Ethical Hacking
16	26 (6.86%)	Mentoring
17	24 (6.33%)	Risk Assessment

Programming Languages
1	71 (18.73%)	Python
2	70 (18.47%)	Java
3	37 (9.76%)	C#
4	32 (8.44%)	PHP
5	29 (7.65%)	JavaScript
6	26 (6.86%)	C++
6	26 (6.86%)	SQL
7	22 (5.80%)	C
8	18 (4.75%)	Ruby
9	14 (3.69%)	PowerShell
10	12 (3.17%)	Perl
11	11 (2.90%)	Bash Shell
11	11 (2.90%)	Objective-C
12	10 (2.64%)	Shell Script
13	8 (2.11%)	Apple Swift
14	7 (1.85%)	Go
15	1 (0.26%)	Java 8
15	1 (0.26%)	sed
15	1 (0.26%)	T-SQL
15	1 (0.26%)	TypeScript

Qualifications
1	68 (17.94%)	Security Cleared
2	64 (16.89%)	SC Cleared
3	63 (16.62%)	CISSP
4	53 (13.98%)	CREST Certified
4	53 (13.98%)	OSCP
5	34 (8.97%)	CEH
6	32 (8.44%)	SANS
7	26 (6.86%)	CISM
8	25 (6.60%)	GPEN
9	24 (6.33%)	CHECK Team Leader
10	22 (5.80%)	CHECK Team Member
10	22 (5.80%)	GIAC
11	20 (5.28%)	CISA
11	20 (5.28%)	GXPN
12	18 (4.75%)	Cisco Certification
12	18 (4.75%)	Degree
12	18 (4.75%)	GWAPT
13	17 (4.49%)	DV Cleared
13	17 (4.49%)	OSCE
14	11 (2.90%)	Tigerscheme

Quality Assurance & Compliance
1	54 (14.25%)	ISO/IEC 27001
2	22 (5.80%)	PCI DSS
3	14 (3.69%)	GDPR
3	14 (3.69%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
3	14 (3.69%)	QA
4	12 (3.17%)	NIST
5	8 (2.11%)	Cyber Essentials
6	7 (1.85%)	RMADS
6	7 (1.85%)	Sarbanes-Oxley
7	5 (1.32%)	COBIT
8	4 (1.06%)	Data Quality
8	4 (1.06%)	PMO
9	2 (0.53%)	Cyber Essentials PLUS
9	2 (0.53%)	PMBOK
9	2 (0.53%)	SLA
10	1 (0.26%)	Actionable Recommendations
10	1 (0.26%)	FedRAMP
10	1 (0.26%)	IFRS
10	1 (0.26%)	ISAE 3402
10	1 (0.26%)	ITGC

System Software
1	17 (4.49%)	Active Directory
1	17 (4.49%)	Docker
2	13 (3.43%)	VMware Infrastructure
3	3 (0.79%)	VMware ESXi
3	3 (0.79%)	VMware NSX
3	3 (0.79%)	XenApp
3	3 (0.79%)	XenDesktop
4	2 (0.53%)	Hyper-V
4	2 (0.53%)	KVM
4	2 (0.53%)	ProxySG
4	2 (0.53%)	Snort
4	2 (0.53%)	VMware Server
5	1 (0.26%)	Varnish
5	1 (0.26%)	Virtual Machines
5	1 (0.26%)	Virtual Servers
5	1 (0.26%)	zsh

Systems Management
1	43 (11.35%)	Nessus
2	36 (9.50%)	Nmap
3	17 (4.49%)	Kubernetes
4	10 (2.64%)	Red Hat Satellite
4	10 (2.64%)	WSUS
5	7 (1.85%)	QRadar
6	6 (1.58%)	Puppet
6	6 (1.58%)	Terraform
7	5 (1.32%)	Opscode Chef
7	5 (1.32%)	Prometheus
7	5 (1.32%)	Single Sign-On
7	5 (1.32%)	Sysdig
8	4 (1.06%)	Ansible
8	4 (1.06%)	Mesos
8	4 (1.06%)	Nexpose
8	4 (1.06%)	Rancher
8	4 (1.06%)	WebInspect
9	3 (0.79%)	HP Quality Center
10	2 (0.53%)	HAProxy
10	2 (0.53%)	SCCM

Vendors
1	26 (6.86%)	Microsoft
2	19 (5.01%)	HP
3	16 (4.22%)	VMware
4	15 (3.96%)	Cisco
5	14 (3.69%)	Red Hat
6	11 (2.90%)	BMC
6	11 (2.90%)	Oracle
6	11 (2.90%)	Qualys
7	10 (2.64%)	Tripwire
8	9 (2.37%)	Google
9	8 (2.11%)	CheckPoint
9	8 (2.11%)	IBM
9	8 (2.11%)	Palo Alto
9	8 (2.11%)	Rapid7
10	7 (1.85%)	Forcepoint
10	7 (1.85%)	SAP
11	6 (1.58%)	ArcSight
11	6 (1.58%)	F5
12	5 (1.32%)	Citrix
12	5 (1.32%)	FireEye

128 Penetration Testing job vacancies Nationwide

Penetration TestingJob Vacancy Trend

Penetration TestingContractor Daily Rate Trend

Penetration TestingContractor Daily Rate Histogram

Penetration TestingContractor Hourly Rate Trend

Penetration TestingTop 15 Contract Locations

Penetration TestingTop 30 Co-occurring IT Skills

Penetration TestingCo-occurring IT Skills by Category