Period
to 13 August 2020

The following table provides summary statistics for permanent job vacancies advertised in England with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 13 August 2020 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK > England
6 months to
13 Aug 2020
Same period 2019 Same period 2018
Rank 357 377 421
Rank change year-on-year +20 +44 -4
Permanent jobs citing Penetration Testing 456 1,103 1,175
As % of all permanent jobs advertised in England 0.79% 0.84% 0.74%
As % of the Processes & Methodologies category 0.85% 0.91% 0.81%
Number of salaries quoted 385 960 941
Median annual salary £58,000 £62,500 £60,000
Median salary % change year-on-year -7.20% +4.17% +9.09%
10th Percentile £37,500 £37,425 £37,500
90th Percentile £85,000 £100,000 £90,000
UK median annual salary £60,000 £62,500 £60,000
% change year-on-year -4.00% +4.17% +9.09%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies advertised in England with a requirement for process or methodology skills.

All Process and Methodology Skills
England
Permanent vacancies with a requirement for process or methodology skills 53,439 121,215 145,741
As % of all permanent IT jobs advertised in England 92.38% 92.21% 91.92%
Number of salaries quoted 43,189 96,234 116,957
Median annual salary £55,000 £52,500 £50,000
Median salary % change year-on-year +4.76% +5.00% -
10th Percentile £32,500 £30,000 £29,450
90th Percentile £90,250 £87,500 £82,500
UK median annual salary £55,000 £52,500 £50,000
% change year-on-year +4.76% +5.00% -

Penetration Testing
Job Vacancy Trend in England

Job postings citing Penetration Testing as a proportion of all IT jobs advertised in England.

Job vacancy trend for Penetration Testing in England

Penetration Testing
Salary Trend in England

3-month moving average salary quoted in jobs citing Penetration Testing in England.

Salary trend for Penetration Testing in England

Penetration Testing
Salary Histogram in England

Salary distribution for jobs citing Penetration Testing in England over the 6 months to 13 August 2020.

Salary histogram for Penetration Testing in England

Penetration Testing
Job Locations in England

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the England region over the 6 months to 13 August 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
London +5 215 £65,000 -13.33% 28
South East +125 85 £60,000 +4.35% 5
North of England +124 66 £55,000 +5.56% 14
Midlands +66 60 £54,000 -1.82% 3
West Midlands +56 50 £57,500 +4.55% 2
Yorkshire +116 35 £55,000 - 7
North West +109 29 £55,092 +10.18% 5
South West +16 16 £45,000 -18.18% 5
East of England +25 10 £48,750 -18.75% 2
East Midlands +73 9 £52,500 +7.69% 1
North East +18 2 £43,250 -16.99% 2
Penetration Testing
UK

For the 6 months to 13 August 2020, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads across the England region with a requirement for Penetration Testing.

1 230 (50.44%) Cybersecurity
2 221 (48.46%) Information Security
3 120 (26.32%) Firewall
4 104 (22.81%) Finance
5 98 (21.49%) ISO/IEC 27001
6 97 (21.27%) Windows
6 97 (21.27%) Linux
7 91 (19.96%) SIEM
8 88 (19.30%) Azure
9 83 (18.20%) CISSP
10 77 (16.89%) Degree
11 75 (16.45%) Vulnerability Management
11 75 (16.45%) Security Operations
12 73 (16.01%) AWS
13 70 (15.35%) Security Testing
14 68 (14.91%) Python
15 64 (14.04%) CREST Certified
16 63 (13.82%) CISM
17 61 (13.38%) Risk Management
18 60 (13.16%) GDPR
19 58 (12.72%) PCI DSS
20 56 (12.28%) Threat Intelligence
21 54 (11.84%) OWASP
22 53 (11.62%) Threat Modelling
23 52 (11.40%) Microsoft
24 51 (11.18%) OSCP
25 50 (10.96%) Cisco Certification
26 48 (10.53%) Security Cleared
27 46 (10.09%) CEH
28 45 (9.87%) Ethical Hacking

Penetration Testing
Co-occurring IT Skills in England by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 4 (0.88%) IIS
2 3 (0.66%) Skype for Business
3 2 (0.44%) SharePoint
4 1 (0.22%) BizTalk Server
4 1 (0.22%) Confluence
4 1 (0.22%) Elasticsearch
4 1 (0.22%) MS Exchange
Applications
1 2 (0.44%) Adobe Creative Suite
1 2 (0.44%) MS Visio
2 1 (0.22%) InfoPath
2 1 (0.22%) Microsoft Excel
2 1 (0.22%) Spreadsheet
Cloud Services
1 88 (19.30%) Azure
2 73 (16.01%) AWS
3 34 (7.46%) Office 365
4 23 (5.04%) SaaS
5 15 (3.29%) AWS CloudFormation
5 15 (3.29%) Cloud Computing
6 11 (2.41%) GCP
7 9 (1.97%) IaaS
7 9 (1.97%) PaaS
8 4 (0.88%) BrowserStack
8 4 (0.88%) G Suite
8 4 (0.88%) NuGet
9 2 (0.44%) Akamai
9 2 (0.44%) Amazon CloudWatch
9 2 (0.44%) Amazon EC2
9 2 (0.44%) Amazon S3
9 2 (0.44%) AWS CloudTrail
9 2 (0.44%) Google Analytics
9 2 (0.44%) vREST
10 1 (0.22%) Azure Active Directory
Communications & Networking
1 120 (26.32%) Firewall
2 45 (9.87%) VPN
3 44 (9.65%) TCP/IP
4 39 (8.55%) Intrusion Detection
5 35 (7.68%) Network Security
6 31 (6.80%) Wireless
7 30 (6.58%) WAN
8 28 (6.14%) Internet
9 23 (5.04%) LAN
10 22 (4.82%) HTTP
11 20 (4.39%) Wireless Security
12 17 (3.73%) DNS
13 15 (3.29%) Wireshark
14 12 (2.63%) Cisco ASA
15 10 (2.19%) DHCP
15 10 (2.19%) SMTP
15 10 (2.19%) SSL
16 9 (1.97%) IPsec
16 9 (1.97%) tcpdump
17 7 (1.54%) WLAN
Database & Business Intelligence
1 14 (3.07%) SQL Server
2 6 (1.32%) EDRMS
3 5 (1.10%) PostgreSQL
4 4 (0.88%) MySQL
4 4 (0.88%) Redis
5 3 (0.66%) Blockchain
5 3 (0.66%) SQL Server 2014
6 2 (0.44%) Amazon RDS
6 2 (0.44%) NoSQL
7 1 (0.22%) Big Data
7 1 (0.22%) Data Warehouse
7 1 (0.22%) Oracle Reports
7 1 (0.22%) SQL Server Integration Services
7 1 (0.22%) SQL Server Reporting Services
Development Applications
1 14 (3.07%) JIRA
2 12 (2.63%) Selenium
3 9 (1.97%) Burp Suite
3 9 (1.97%) Git (software)
3 9 (1.97%) Metasploit
4 8 (1.75%) SpecFlow
5 7 (1.54%) WebDriver
6 6 (1.32%) JMeter
7 5 (1.10%) Jenkins
7 5 (1.10%) Visual Studio
8 4 (0.88%) GitLab
8 4 (0.88%) IDA Disassembler
8 4 (0.88%) Locust
8 4 (0.88%) Moq
8 4 (0.88%) WebSurge
9 3 (0.66%) IntelliJ
9 3 (0.66%) Jasmine
9 3 (0.66%) OllyDbg
9 3 (0.66%) Snyk
9 3 (0.66%) WinDbg
General
1 104 (22.81%) Finance
2 26 (5.70%) Law
3 20 (4.39%) Banking
4 16 (3.51%) Retail
5 13 (2.85%) Public Sector
6 12 (2.63%) Legal
7 9 (1.97%) Games
8 8 (1.75%) Manufacturing
9 5 (1.10%) Investment Banking
10 4 (0.88%) Automotive
10 4 (0.88%) Telecoms
11 3 (0.66%) Retail Banking
12 2 (0.44%) Aerospace
12 2 (0.44%) Police
13 1 (0.22%) Advertising
13 1 (0.22%) Billing
13 1 (0.22%) Digital Economy
13 1 (0.22%) Financial Institution
13 1 (0.22%) Local Government
13 1 (0.22%) Marketing
Job Titles
1 87 (19.08%) Analyst
2 74 (16.23%) Security Analyst
3 72 (15.79%) Tester
4 71 (15.57%) Penetration Tester
5 41 (8.99%) Security Engineer
6 30 (6.58%) Security Officer
7 29 (6.36%) Consultant
7 29 (6.36%) Information Analyst
7 29 (6.36%) Information Security Analyst
7 29 (6.36%) Security Manager
8 25 (5.48%) Security Consultant
9 24 (5.26%) Security Specialist
10 18 (3.95%) Architect
10 18 (3.95%) Cybersecurity Analyst
10 18 (3.95%) Information Security Officer
10 18 (3.95%) Senior Analyst
11 15 (3.29%) Security Architect
12 13 (2.85%) Developer
12 13 (2.85%) Operational Security Manager
12 13 (2.85%) Security Tester
Libraries, Frameworks & Software Standards
1 29 (6.36%) .NET
2 10 (2.19%) Web Services
3 8 (1.75%) 802.1X
4 7 (1.54%) Middleware
4 7 (1.54%) REST
4 7 (1.54%) SOAP
4 7 (1.54%) XML
5 6 (1.32%) .NET Core
5 6 (1.32%) .NET Framework
5 6 (1.32%) React
6 5 (1.10%) OAuth
7 4 (0.88%) RESTful
7 4 (0.88%) Velocity
8 3 (0.66%) AngularJS
8 3 (0.66%) LDAP
8 3 (0.66%) OpenID
8 3 (0.66%) SAML
8 3 (0.66%) YAML
9 2 (0.44%) Android SDK
9 2 (0.44%) Twitter Bootstrap
Miscellaneous
1 40 (8.77%) Management Information System
2 35 (7.68%) Mobile App
3 33 (7.24%) Cyberthreat
4 31 (6.80%) Analytical Skills
5 25 (5.48%) Cyber Defence
5 25 (5.48%) Cybercrime
6 24 (5.26%) Security Operations Centre
7 23 (5.04%) Cyberattack
8 20 (4.39%) PKI
9 19 (4.17%) Distributed Denial-of-Service
9 19 (4.17%) Self-Motivation
10 17 (3.73%) Data Protection Act
11 11 (2.41%) Data Centre
11 11 (2.41%) Public Cloud
12 8 (1.75%) Blog
12 8 (1.75%) BYOD
13 7 (1.54%) Cloud Native
14 6 (1.32%) Driving Licence
15 5 (1.10%) Algorithms
15 5 (1.10%) Hybrid Cloud
Operating Systems
1 97 (21.27%) Linux
1 97 (21.27%) Windows
2 25 (5.48%) Unix
3 24 (5.26%) Mac OS
3 24 (5.26%) Windows Server
4 12 (2.63%) Kali Linux
5 9 (1.97%) Android
5 9 (1.97%) Apple iOS
6 7 (1.54%) Windows Server 2008
6 7 (1.54%) Windows Server 2012
7 4 (0.88%) Windows 10
7 4 (0.88%) Windows 7
7 4 (0.88%) Windows Server 2016
8 3 (0.66%) Mac OS X
8 3 (0.66%) Solaris
8 3 (0.66%) Ubuntu
8 3 (0.66%) Windows XP
9 2 (0.44%) CentOS
10 1 (0.22%) AIX
Processes & Methodologies
1 230 (50.44%) Cybersecurity
2 221 (48.46%) Information Security
3 91 (19.96%) SIEM
4 75 (16.45%) Security Operations
4 75 (16.45%) Vulnerability Management
5 70 (15.35%) Security Testing
6 61 (13.38%) Risk Management
7 56 (12.28%) Threat Intelligence
8 54 (11.84%) OWASP
9 53 (11.62%) Threat Modelling
10 45 (9.87%) Ethical Hacking
11 44 (9.65%) Cyber Threat Intelligence
11 44 (9.65%) Security Architecture
11 44 (9.65%) Vulnerability Assessment
12 41 (8.99%) Red Team
12 41 (8.99%) Test Automation
13 40 (8.77%) Agile Software Development
14 38 (8.33%) DevOps
14 38 (8.33%) Secure Coding
14 38 (8.33%) Vulnerability Scanning
Programming Languages
1 68 (14.91%) Python
2 43 (9.43%) Java
3 34 (7.46%) PowerShell
4 32 (7.02%) SQL
5 31 (6.80%) Bash Shell
6 24 (5.26%) C++
7 19 (4.17%) C#
8 13 (2.85%) C
8 13 (2.85%) JavaScript
9 11 (2.41%) Shell Script
10 8 (1.75%) Go
10 8 (1.75%) Ruby
11 5 (1.10%) PHP
11 5 (1.10%) TypeScript
12 3 (0.66%) Apex Code
12 3 (0.66%) Perl
13 1 (0.22%) Erlang
13 1 (0.22%) Haskell
13 1 (0.22%) Scala
13 1 (0.22%) T-SQL
Qualifications
1 83 (18.20%) CISSP
2 77 (16.89%) Degree
3 64 (14.04%) CREST Certified
4 63 (13.82%) CISM
5 51 (11.18%) OSCP
6 50 (10.96%) Cisco Certification
7 48 (10.53%) Security Cleared
8 46 (10.09%) CEH
9 40 (8.77%) CISA
10 39 (8.55%) SC Cleared
11 24 (5.26%) CCNA
11 24 (5.26%) CHECK Team Leader
11 24 (5.26%) Computer Science Degree
12 22 (4.82%) CHECK Team Member
12 22 (4.82%) Microsoft Certification
12 22 (4.82%) SANS
13 17 (3.73%) GIAC
14 16 (3.51%) (ISC)2 CCSP
15 15 (3.29%) MCSE
16 14 (3.07%) CCNP
Quality Assurance & Compliance
1 98 (21.49%) ISO/IEC 27001
2 60 (13.16%) GDPR
3 58 (12.72%) PCI DSS
4 45 (9.87%) NIST
5 42 (9.21%) Cyber Essentials
6 19 (4.17%) ISO 9001
7 18 (3.95%) COBIT
7 18 (3.95%) Sarbanes-Oxley
8 15 (3.29%) QA
9 12 (2.63%) Cyber Essentials PLUS
9 12 (2.63%) NCSC
10 7 (1.54%) BS7799
10 7 (1.54%) GLBA
11 6 (1.32%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
12 5 (1.10%) AICPA
13 4 (0.88%) NIST 800
14 2 (0.44%) IASME
15 1 (0.22%) Data Quality
15 1 (0.22%) HIPAA
System Software
1 32 (7.02%) Active Directory
2 20 (4.39%) VMware Infrastructure
3 16 (3.51%) Docker
4 9 (1.97%) Hyper-V
5 4 (0.88%) Firmware
5 4 (0.88%) vSphere
6 2 (0.44%) Virtual Machines
6 2 (0.44%) VMware NSX
7 1 (0.22%) Microsoft Virtual Server
7 1 (0.22%) Virtual Servers
7 1 (0.22%) VMware ESXi
Systems Management
1 21 (4.61%) Terraform
2 18 (3.95%) Kubernetes
3 17 (3.73%) Ansible
4 14 (3.07%) Puppet
5 10 (2.19%) Nessus
6 8 (1.75%) CSIRT
7 6 (1.32%) HP Fortify
7 6 (1.32%) Opscode Chef
8 5 (1.10%) Computer Incident Response Team
9 4 (0.88%) Cisco CUCM
9 4 (0.88%) HP ALM
10 3 (0.66%) Grafana
10 3 (0.66%) Nagios
10 3 (0.66%) Network Intrusion Detection System
10 3 (0.66%) Nmap
10 3 (0.66%) Prometheus
10 3 (0.66%) SCCM
10 3 (0.66%) SCVMM
11 2 (0.44%) Computer Emergency Response Teams
11 2 (0.44%) Host Intrusion Detection System
Vendors
1 52 (11.40%) Microsoft
2 43 (9.43%) Cisco
3 32 (7.02%) VMware
4 18 (3.95%) HP
5 16 (3.51%) CheckPoint
6 15 (3.29%) Splunk
7 12 (2.63%) Google
7 12 (2.63%) Juniper
8 11 (2.41%) AlienVault
9 8 (1.75%) Fortinet
9 8 (1.75%) LogRhythm
10 7 (1.54%) F5
10 7 (1.54%) Intel
10 7 (1.54%) SolarWinds
11 6 (1.32%) Qualys
12 5 (1.10%) Avaya
12 5 (1.10%) Black Duck
12 5 (1.10%) McAfee
12 5 (1.10%) Meraki
12 5 (1.10%) Red Hat