Period
to 18 January 2019

The following table provides summary statistics for permanent job vacancies advertised in the UK excluding London with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 18 January 2019 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK > UK excluding London
6 months to
18 Jan 2019
Same period 2018 Same period 2017
Rank 326 390 366
Rank change year-on-year +64 -24 +79
Permanent jobs citing Penetration Testing 795 703 801
As % of all permanent IT jobs advertised in the UK excluding London 0.94% 0.71% 0.78%
As % of the Processes & Methodologies category 1.03% 0.78% 0.86%
Number of salaries quoted 614 549 603
UK excluding London median annual salary £52,500 £50,000 £52,500
Median salary % change year-on-year +5.00% -4.76% +0.96%
10th Percentile £36,250 £34,161 £33,750
90th Percentile £75,000 £72,500 £78,750
UK median annual salary £60,000 £57,500 £60,000
% change year-on-year +4.35% -4.17% +9.09%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies advertised in the UK excluding London with a requirement for process or methodology skills.

All Process and Methodology Skills
UK excluding London
Permanent vacancies with a requirement for process or methodology skills 77,482 90,400 93,511
As % of all permanent IT jobs advertised in the UK excluding London 91.46% 90.95% 90.83%
Number of salaries quoted 60,513 73,296 76,185
UK excluding London median annual salary £45,000 £45,000 £42,500
Median salary % change year-on-year - +5.88% -
10th Percentile £27,000 £26,250 £26,250
90th Percentile £70,000 £67,500 £65,000
UK median annual salary £52,500 £50,000 £47,500
% change year-on-year +5.00% +5.26% -

Penetration Testing
Job Vacancy Trend in the UK excluding London

Job postings citing Penetration Testing as a percentage of all IT jobs advertised in the UK excluding London.

Job vacancy trend for Penetration Testing in the UK excluding London

Penetration Testing
Salary Trend in the UK excluding London

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing in the UK excluding London.

Salary trend for Penetration Testing in the UK excluding London

Penetration Testing
Salary Histogram in the UK excluding London

The salary distribution of IT jobs citing Penetration Testing in the UK excluding London over the 6 months to 18 January 2019.

Salary histogram for Penetration Testing in the UK excluding London

Penetration Testing
Job Locations in the UK excluding London

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK excluding London region over the 6 months to 18 January 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
North of England +162 356 £50,000 - 33
North West +146 277 £50,000 -6.10% 16
East of England +106 134 £65,000 +13.04% 14
South East -133 115 £60,000 +14.29% 17
Midlands +56 93 £50,000 +5.26% 22
Yorkshire +30 74 £48,750 +2.63% 17
South West +29 63 £47,500 +5.56% 11
West Midlands +31 60 £45,000 -10.00% 17
East Midlands +39 32 £57,500 +61.65% 4
Wales +24 19 £45,000 -5.26% 2
Scotland +11 10 £43,750 +9.38% 5
North East +16 5 £65,750 -
Northern Ireland -6 5 £62,500 +4.17% 3
Penetration Testing
UK

For the 6 months to 18 January 2019, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads across the UK excluding London region with a requirement for Penetration Testing.

1 449 (56.48%) Information Security
2 371 (46.67%) CISSP
3 359 (45.16%) ISO/IEC 27001
4 340 (42.77%) SIEM
5 311 (39.12%) Microsoft
6 305 (38.36%) Linux
7 285 (35.85%) Windows
8 231 (29.06%) PCI DSS
9 217 (27.30%) Cybersecurity
10 203 (25.53%) OWASP
10 203 (25.53%) Risk Management
11 196 (24.65%) GDPR
12 193 (24.28%) CREST Certified
12 193 (24.28%) Management Information System
13 179 (22.52%) Vulnerability Assessment
14 173 (21.76%) SANS
15 169 (21.26%) Vulnerability Management
15 169 (21.26%) Cisco
16 156 (19.62%) Finance
16 156 (19.62%) Security Management
17 155 (19.50%) Microsoft Azure
18 153 (19.25%) Network Security
19 152 (19.12%) Amazon AWS
19 152 (19.12%) Data Protection
19 152 (19.12%) Cisco Certification
20 147 (18.49%) Degree
21 142 (17.86%) Firewall
22 137 (17.23%) Security Testing
23 134 (16.86%) Disaster Recovery
23 134 (16.86%) VMware

Penetration Testing
Co-occurring IT Skills in the UK excluding London by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 22 (2.77%) SharePoint
2 14 (1.76%) Apache Pig
3 7 (0.88%) Confluence
3 7 (0.88%) Skype for Business
4 3 (0.38%) IIS
5 1 (0.13%) Apache Spark
5 1 (0.13%) Elasticsearch
5 1 (0.13%) Mendix
5 1 (0.13%) nginx
Applications
1 107 (13.46%) Microsoft PowerPoint
2 11 (1.38%) Microsoft Office
3 2 (0.25%) Microsoft Excel
4 1 (0.13%) Microsoft Project
Business Applications
1 1 (0.13%) SAP IS-U
Cloud Services
1 155 (19.50%) Microsoft Azure
2 152 (19.12%) Amazon AWS
3 15 (1.89%) SaaS
4 11 (1.38%) Google Cloud Platform
4 11 (1.38%) Office 365
5 9 (1.13%) Cloud Computing
6 8 (1.01%) AWS CloudFormation
6 8 (1.01%) IaaS
7 4 (0.50%) Amazon S3
7 4 (0.50%) Amazon SQS
7 4 (0.50%) GitHub
7 4 (0.50%) PaaS
8 3 (0.38%) Amazon EC2
8 3 (0.38%) Amazon ELB
8 3 (0.38%) Route 53
8 3 (0.38%) Virtual Private Cloud
9 2 (0.25%) IBM Cloud
10 1 (0.13%) Serverless
Communications & Networking
1 153 (19.25%) Network Security
2 142 (17.86%) Firewall
3 121 (15.22%) Wi-Fi
4 44 (5.53%) VPN
5 31 (3.90%) TCP/IP
6 30 (3.77%) Intrusion Detection
6 30 (3.77%) SSL
7 25 (3.14%) LAN
8 22 (2.77%) HTTP
9 20 (2.52%) WAN
10 15 (1.89%) Cisco ASA
11 12 (1.51%) DNS
11 12 (1.51%) Wireless
12 10 (1.26%) IPsec
13 9 (1.13%) F5 BIG-IP LTM
13 9 (1.13%) Internet
14 8 (1.01%) Cisco IOS
15 7 (0.88%) BGP
15 7 (0.88%) F5 BIG-IP GTM
16 6 (0.75%) OSPF
Database & Business Intelligence
1 24 (3.02%) Big Data
1 24 (3.02%) SQL Server
2 20 (2.52%) Hadoop
2 20 (2.52%) MySQL
3 14 (1.76%) Apache Hive
4 9 (1.13%) Data Warehouse
5 5 (0.63%) NoSQL
6 4 (0.50%) MongoDB
6 4 (0.50%) Relational Database
7 3 (0.38%) Amazon Aurora
7 3 (0.38%) Amazon RDS
7 3 (0.38%) DB2
7 3 (0.38%) Redis
8 2 (0.25%) SQL Server 2014
9 1 (0.13%) BusinessObjects Business Intelligence
9 1 (0.13%) HBase
9 1 (0.13%) Impala
9 1 (0.13%) Parquet
9 1 (0.13%) RDBMS
9 1 (0.13%) Sqoop
Development Applications
1 51 (6.42%) JIRA
2 33 (4.15%) Selenium
3 27 (3.40%) Git (software)
4 18 (2.26%) Atlassian Bamboo
5 17 (2.14%) Bitbucket
5 17 (2.14%) CodeSonar
5 17 (2.14%) git-flow
5 17 (2.14%) Robot Framework
6 16 (2.01%) Metasploit
7 10 (1.26%) Burp Suite
8 9 (1.13%) Cucumber
9 6 (0.75%) Jenkins
10 5 (0.63%) LoadRunner
10 5 (0.63%) SoapUI
10 5 (0.63%) Subversion
10 5 (0.63%) TeamCity
11 4 (0.50%) Visual Studio
12 3 (0.38%) AppScan
12 3 (0.38%) FitNesse
12 3 (0.38%) GDB
General
1 156 (19.62%) Finance
2 131 (16.48%) Legal
3 43 (5.41%) Retail
4 17 (2.14%) Telecoms
5 11 (1.38%) Banking
6 8 (1.01%) Electronics
6 8 (1.01%) Financial Institution
7 5 (0.63%) Law
7 5 (0.63%) Military
8 4 (0.50%) Aerospace
8 4 (0.50%) Games
9 3 (0.38%) Advertising
10 2 (0.25%) Back Office
10 2 (0.25%) Publishing
11 1 (0.13%) Automotive
11 1 (0.13%) Billing
11 1 (0.13%) Investment Banking
11 1 (0.13%) Manufacturing
11 1 (0.13%) Marketing
Job Titles
1 198 (24.91%) Analyst
2 188 (23.65%) Security Analyst
3 160 (20.13%) Security Manager
4 134 (16.86%) IT Analyst
4 134 (16.86%) IT Security Analyst
5 124 (15.60%) Information Manager
5 124 (15.60%) Information Security Manager
6 122 (15.35%) Senior Analyst
7 116 (14.59%) Senior Security Analyst
8 108 (13.58%) Senior IT Security Analyst
8 108 (13.58%) Tester
9 95 (11.95%) Penetration Tester
10 89 (11.19%) Security Engineer
11 58 (7.30%) Consultant
12 47 (5.91%) Architect
13 46 (5.79%) Security Consultant
14 41 (5.16%) Security Architect
15 39 (4.91%) Senior Penetration Tester
15 39 (4.91%) Senior Tester
16 33 (4.15%) IT Manager
Libraries, Frameworks & Software Standards
1 24 (3.02%) REST
2 21 (2.64%) .NET
3 20 (2.52%) Java EE
3 20 (2.52%) STL
4 19 (2.39%) Django
5 18 (2.26%) Node.js
5 18 (2.26%) SOAP
6 17 (2.14%) .NET Framework
6 17 (2.14%) ASP.NET
6 17 (2.14%) LAMP
6 17 (2.14%) RabbitMQ
6 17 (2.14%) Spring MVC
7 14 (1.76%) Web Services
8 13 (1.64%) OAuth
8 13 (1.64%) OAuth2
8 13 (1.64%) OpenID
9 12 (1.51%) HTML
9 12 (1.51%) XACML
10 11 (1.38%) CSS
11 6 (0.75%) SAML
Miscellaneous
1 193 (24.28%) Management Information System
2 106 (13.33%) Cyber Kill Chain
3 49 (6.16%) Mobile App
4 46 (5.79%) Analytical Skills
5 41 (5.16%) Security Operations Centre
6 39 (4.91%) Data Centre
7 24 (3.02%) Data Protection Act
8 23 (2.89%) Self-Motivation
9 22 (2.77%) Cyberthreat
10 15 (1.89%) Fintech
11 13 (1.64%) Enterprise Software
12 10 (1.26%) PKI
13 8 (1.01%) Embedded Systems
14 7 (0.88%) NHS
14 7 (0.88%) User Experience
15 6 (0.75%) Cybercrime
15 6 (0.75%) Distributed Denial-of-Service
16 5 (0.63%) Algorithms
16 5 (0.63%) Enterprise Cloud
16 5 (0.63%) VHDL
Operating Systems
1 305 (38.36%) Linux
2 285 (35.85%) Windows
3 27 (3.40%) Android
3 27 (3.40%) Apple iOS
4 20 (2.52%) Unix
5 17 (2.14%) Mac OS X
6 16 (2.01%) Kali Linux
7 14 (1.76%) Windows Server
8 5 (0.63%) Embedded Linux
8 5 (0.63%) Windows Server 2008
9 1 (0.13%) Red Hat Enterprise Linux
9 1 (0.13%) Ubuntu
9 1 (0.13%) Windows Phone
Processes & Methodologies
1 449 (56.48%) Information Security
2 340 (42.77%) SIEM
3 217 (27.30%) Cybersecurity
4 203 (25.53%) OWASP
4 203 (25.53%) Risk Management
5 179 (22.52%) Vulnerability Assessment
6 169 (21.26%) Vulnerability Management
7 156 (19.62%) Security Management
8 152 (19.12%) Data Protection
9 137 (17.23%) Security Testing
10 134 (16.86%) Disaster Recovery
11 133 (16.73%) Mentoring
12 130 (16.35%) Data Loss Prevention
13 128 (16.10%) Business Continuity
14 119 (14.97%) Incident Management
15 117 (14.72%) Due Diligence
16 113 (14.21%) Scenario Testing
17 110 (13.84%) Risk Analysis
18 109 (13.71%) Threat Analysis
19 107 (13.46%) Web Development
Programming Languages
1 131 (16.48%) SQL
2 76 (9.56%) Python
3 54 (6.79%) Java
4 46 (5.79%) C++
5 44 (5.53%) C
6 38 (4.78%) Bash Shell
7 37 (4.65%) C#
8 30 (3.77%) JavaScript
9 29 (3.65%) PowerShell
10 24 (3.02%) Ruby
11 23 (2.89%) Perl
11 23 (2.89%) PHP
12 21 (2.64%) Objective-C
13 5 (0.63%) Embedded C
13 5 (0.63%) Go
13 5 (0.63%) Shell Script
14 3 (0.38%) VB
15 1 (0.13%) T-SQL
15 1 (0.13%) VBScript
15 1 (0.13%) XAML
Qualifications
1 371 (46.67%) CISSP
2 193 (24.28%) CREST Certified
3 173 (21.76%) SANS
4 152 (19.12%) Cisco Certification
5 147 (18.49%) Degree
6 119 (14.97%) (ISC)2 CCSP
7 109 (13.71%) Security Cleared
8 74 (9.31%) CISM
8 74 (9.31%) OSCP
9 48 (6.04%) CEH
10 47 (5.91%) DV Cleared
11 44 (5.53%) SC Cleared
12 41 (5.16%) Microsoft Certification
13 40 (5.03%) MCSE
13 40 (5.03%) SSCP
14 34 (4.28%) GIAC
15 32 (4.03%) CISA
16 31 (3.90%) CCNP
17 27 (3.40%) CompTIA Security+
18 25 (3.14%) CSSLP
Quality Assurance & Compliance
1 359 (45.16%) ISO/IEC 27001
2 231 (29.06%) PCI DSS
3 196 (24.65%) GDPR
4 46 (5.79%) Cyber Essentials
5 29 (3.65%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 25 (3.14%) COBIT
7 13 (1.64%) Cyber Essentials PLUS
8 10 (1.26%) PMO
8 10 (1.26%) QA
9 8 (1.01%) Sarbanes-Oxley
10 6 (0.75%) HIPAA
10 6 (0.75%) ISO 9001
11 5 (0.63%) ISO 22301
11 5 (0.63%) Web Application Security Consortium
12 4 (0.50%) RMADS
13 3 (0.38%) SLA
14 1 (0.13%) GPG13
14 1 (0.13%) NIST 800
System Software
1 127 (15.97%) VMware Infrastructure
2 117 (14.72%) Active Directory
3 20 (2.52%) Docker
4 17 (2.14%) vSphere
5 6 (0.75%) Firmware
6 4 (0.50%) ProxySG
7 3 (0.38%) Hyper-V
7 3 (0.38%) Virtual Machines
8 1 (0.13%) Apache Flume
8 1 (0.13%) HDFS
8 1 (0.13%) Snort
8 1 (0.13%) Virtual Servers
8 1 (0.13%) VMware NSX
Systems Management
1 30 (3.77%) Nessus
2 29 (3.65%) Puppet
3 19 (2.39%) Nmap
4 17 (2.14%) Salt
5 10 (1.26%) Ansible
5 10 (1.26%) Opscode Chef
6 9 (1.13%) Nexpose
7 8 (1.01%) OpenVAS
8 7 (0.88%) Defensics
8 7 (0.88%) HP Quality Center
9 4 (0.50%) Computer Emergency Response Teams
10 3 (0.38%) AirWatch
10 3 (0.38%) Cisco CUCM
10 3 (0.38%) Cisco UCCX
10 3 (0.38%) Foglight
10 3 (0.38%) McAfee ePO
10 3 (0.38%) Microsoft Clustering
10 3 (0.38%) Packer
10 3 (0.38%) Terraform
11 2 (0.25%) SCCM
Vendors
1 311 (39.12%) Microsoft
2 169 (21.26%) Cisco
3 134 (16.86%) VMware
4 22 (2.77%) Splunk
5 18 (2.26%) LogRhythm
5 18 (2.26%) Red Hat
6 13 (1.64%) F5
7 12 (1.51%) CheckPoint
8 11 (1.38%) Blue Coat
9 10 (1.26%) AlienVault
9 10 (1.26%) Symantec
10 8 (1.01%) Qualys
11 7 (0.88%) Codenomicon
11 7 (0.88%) Juniper
11 7 (0.88%) McAfee
11 7 (0.88%) SolarWinds
12 6 (0.75%) HP
12 6 (0.75%) IBM
12 6 (0.75%) Meraki
13 5 (0.63%) NetApp