Period
to 17 July 2019

The following table provides summary statistics for permanent job vacancies advertised in the UK excluding London with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 17 July 2019 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK > UK excluding London
6 months to
17 Jul 2019
Same period 2018 Same period 2017
Rank 373 457 422
Rank change year-on-year +84 -35 -16
Permanent jobs citing Penetration Testing 645 600 654
As % of all permanent IT jobs advertised in the UK excluding London 0.77% 0.60% 0.65%
As % of the Processes & Methodologies category 0.84% 0.66% 0.71%
Number of salaries quoted 461 477 517
UK excluding London median annual salary £55,000 £52,500 £50,000
Median salary % change year-on-year +4.76% +5.00% -
10th Percentile £30,000 £35,000 £31,500
90th Percentile £77,500 £70,000 £70,250
UK median annual salary £62,500 £60,000 £55,000
% change year-on-year +4.17% +9.09% -

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies advertised in the UK excluding London with a requirement for process or methodology skills.

All Process and Methodology Skills
UK excluding London
Permanent vacancies with a requirement for process or methodology skills 76,354 91,480 91,960
As % of all permanent IT jobs advertised in the UK excluding London 91.46% 91.53% 91.14%
Number of salaries quoted 59,129 73,434 75,019
UK excluding London median annual salary £45,000 £45,000 £42,500
Median salary % change year-on-year - +5.88% -
10th Percentile £27,500 £26,750 £26,250
90th Percentile £70,000 £67,500 £65,000
UK median annual salary £52,500 £50,000 £48,500
% change year-on-year +5.00% +3.09% +2.11%

Penetration Testing
Job Vacancy Trend in the UK excluding London

Job postings citing Penetration Testing as a percentage of all IT jobs advertised in the UK excluding London.

Job vacancy trend for Penetration Testing in the UK excluding London

Penetration Testing
Salary Trend in the UK excluding London

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing in the UK excluding London.

Salary trend for Penetration Testing in the UK excluding London

Penetration Testing
Salary Histogram in the UK excluding London

The salary distribution of IT jobs citing Penetration Testing in the UK excluding London over the 6 months to 17 July 2019.

Salary histogram for Penetration Testing in the UK excluding London

Penetration Testing
Job Locations in the UK excluding London

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK excluding London region over the 6 months to 17 July 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
South East +26 156 £55,000 +4.76% 21
North of England -40 114 £52,500 +5.00% 23
East of England +106 112 £60,000 - 11
Midlands +75 110 £57,500 +9.52% 26
South West +56 107 £50,000 - 8
West Midlands +62 84 £55,000 +4.76% 22
Yorkshire +10 52 £53,750 +19.44% 7
North West -42 52 £50,000 -9.09% 14
Wales +29 30 £42,000 +15.35% 7
East Midlands +41 23 £53,750 -6.52% 4
Scotland +9 13 £47,500 -26.92% 1
North East +20 10 £52,101 -23.66% 2
Northern Ireland -19 9 £100,000 +128.57% 1
Penetration Testing
UK

For the 6 months to 17 July 2019, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads across the UK excluding London region with a requirement for Penetration Testing.

1 288 (44.65%) Cybersecurity
2 279 (43.26%) Information Security
3 165 (25.58%) CISSP
4 163 (25.27%) ISO/IEC 27001
5 156 (24.19%) Linux
6 153 (23.72%) Windows
7 151 (23.41%) Firewall
8 145 (22.48%) SIEM
9 124 (19.22%) Amazon AWS
10 114 (17.67%) Security Testing
11 103 (15.97%) Security Cleared
11 103 (15.97%) Security Operations
12 102 (15.81%) Vulnerability Scanning
12 102 (15.81%) ITIL
13 101 (15.66%) Microsoft Azure
14 91 (14.11%) PCI DSS
14 91 (14.11%) Agile Software Development
15 89 (13.80%) Management Information System
16 88 (13.64%) Network Security
16 88 (13.64%) CREST Certified
17 87 (13.49%) Degree
18 84 (13.02%) OWASP
18 84 (13.02%) Microsoft
18 84 (13.02%) Active Directory
19 83 (12.87%) Risk Management
20 80 (12.40%) CISM
21 78 (12.09%) Python
21 78 (12.09%) OSCP
22 75 (11.63%) GDPR
23 72 (11.16%) Ethical Hacking

Penetration Testing
Co-occurring IT Skills in the UK excluding London by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 27 (4.19%) Elasticsearch
2 25 (3.88%) Apache Spark
2 25 (3.88%) OpenStack
3 19 (2.95%) MS Exchange
4 17 (2.64%) IIS
5 13 (2.02%) Skype for Business
6 8 (1.24%) SharePoint
7 7 (1.09%) Exchange Server 2013
8 6 (0.93%) Apache
9 2 (0.31%) BizTalk Server
10 1 (0.16%) Confluence
Applications
1 17 (2.64%) Microsoft Office
2 1 (0.16%) Microsoft Excel
2 1 (0.16%) Microsoft PowerPoint
Business Applications
1 2 (0.31%) Dynamics CRM
2 1 (0.16%) Salesforce.com CRM
Cloud Services
1 124 (19.22%) Amazon AWS
2 101 (15.66%) Microsoft Azure
3 59 (9.15%) SaaS
4 33 (5.12%) Office 365
5 32 (4.96%) Google Cloud Platform
6 25 (3.88%) OpenShift
7 17 (2.64%) PaaS
8 16 (2.48%) IaaS
9 6 (0.93%) Dynamics 365
10 4 (0.62%) Azure Active Directory
10 4 (0.62%) Cloud Computing
11 2 (0.31%) Amazon CloudWatch
11 2 (0.31%) Amazon EC2
11 2 (0.31%) Amazon S3
11 2 (0.31%) AWS CloudFormation
11 2 (0.31%) CloudFront
11 2 (0.31%) Route 53
11 2 (0.31%) Virtual Private Cloud
12 1 (0.16%) GitHub
12 1 (0.16%) Sumo Logic
Communications & Networking
1 151 (23.41%) Firewall
2 88 (13.64%) Network Security
3 71 (11.01%) TCP/IP
4 58 (8.99%) Intrusion Detection
5 45 (6.98%) Internet
6 44 (6.82%) DNS
7 43 (6.67%) VPN
8 38 (5.89%) Wireless
9 35 (5.43%) WAN
10 28 (4.34%) LAN
11 27 (4.19%) DHCP
12 26 (4.03%) HTTPS
13 20 (3.10%) HTTP
14 17 (2.64%) SAN
15 16 (2.48%) MPLS
16 14 (2.17%) VLAN
17 13 (2.02%) PBX
18 12 (1.86%) Cisco Firepower
18 12 (1.86%) ISDN
18 12 (1.86%) NGN
Database & Business Intelligence
1 43 (6.67%) Big Data
2 31 (4.81%) SQL Server
3 14 (2.17%) MySQL
4 6 (0.93%) SQLite
5 5 (0.78%) Hadoop
6 4 (0.62%) MongoDB
7 2 (0.31%) Amazon RDS
7 2 (0.31%) NoSQL
7 2 (0.31%) SQL Server 2014
8 1 (0.16%) Azure SQL Database
8 1 (0.16%) Data Mining
8 1 (0.16%) Oracle Reports
Development Applications
1 49 (7.60%) JIRA
2 39 (6.05%) Git (software)
3 29 (4.50%) Bitbucket
4 27 (4.19%) git-flow
5 17 (2.64%) Selenium
6 10 (1.55%) IDA Disassembler
6 10 (1.55%) Metasploit
6 10 (1.55%) sqlmap
7 9 (1.40%) Jenkins
7 9 (1.40%) Team Foundation Server
8 8 (1.24%) Burp Suite
9 6 (0.93%) Protractor
9 6 (0.93%) Subversion
10 4 (0.62%) HP UFT
11 3 (0.47%) JUnit
11 3 (0.47%) Visual Studio
12 2 (0.31%) TeamCity
12 2 (0.31%) VSS/SourceSafe
12 2 (0.31%) WebDriver
12 2 (0.31%) Xcode
General
1 67 (10.39%) Finance
2 34 (5.27%) Retail
3 33 (5.12%) Legal
4 22 (3.41%) Games
5 13 (2.02%) Aerospace
6 12 (1.86%) Electronics
7 7 (1.09%) Telecoms
8 6 (0.93%) Advertising
9 5 (0.78%) Manufacturing
10 4 (0.62%) Financial Institution
10 4 (0.62%) Marketing
11 3 (0.47%) Banking
11 3 (0.47%) Military
11 3 (0.47%) Pharmaceutical
11 3 (0.47%) Publishing
12 2 (0.31%) Back Office
12 2 (0.31%) Law
Job Titles
1 111 (17.21%) Security Engineer
2 110 (17.05%) Analyst
3 88 (13.64%) Consultant
3 88 (13.64%) Security Analyst
4 74 (11.47%) Tester
5 67 (10.39%) Penetration Tester
6 54 (8.37%) Security Manager
7 53 (8.22%) Security Consultant
8 35 (5.43%) Senior Analyst
9 31 (4.81%) Architect
9 31 (4.81%) IT Analyst
10 30 (4.65%) IT Security Analyst
11 27 (4.19%) Information Analyst
11 27 (4.19%) Information Security Analyst
12 25 (3.88%) Information Manager
12 25 (3.88%) Information Security Manager
13 24 (3.72%) IT Engineer
13 24 (3.72%) IT Manager
14 23 (3.57%) Cybersecurity Analyst
14 23 (3.57%) Senior Security Analyst
Libraries, Frameworks & Software Standards
1 40 (6.20%) .NET
2 35 (5.43%) ASP.NET
3 33 (5.12%) Node.js
4 32 (4.96%) AngularJS
5 31 (4.81%) REST
6 27 (4.19%) Kafka
6 27 (4.19%) React
6 27 (4.19%) Spring MVC
7 25 (3.88%) GraphQL
7 25 (3.88%) Spring
7 25 (3.88%) Vue.js
8 12 (1.86%) Web Services
9 8 (1.24%) CSS
9 8 (1.24%) HTML
10 7 (1.09%) OAuth
11 6 (0.93%) LAMP
11 6 (0.93%) OpenID
11 6 (0.93%) RabbitMQ
12 5 (0.78%) 802.1X
12 5 (0.78%) OAuth2
Miscellaneous
1 89 (13.80%) Management Information System
2 39 (6.05%) Mobile App
3 34 (5.27%) Analytical Skills
4 24 (3.72%) Driving Licence
5 23 (3.57%) Data Centre
5 23 (3.57%) Internet of Things
6 18 (2.79%) Cyberattack
7 17 (2.64%) CMDB
8 15 (2.33%) Cybercrime
8 15 (2.33%) Cyberthreat
8 15 (2.33%) Security Operations Centre
9 13 (2.02%) Data Protection Act
9 13 (2.02%) Self-Motivation
10 11 (1.71%) PKI
11 10 (1.55%) Algorithms
11 10 (1.55%) Field-Programmable Gate Array
11 10 (1.55%) Verilog
11 10 (1.55%) VHDL
12 9 (1.40%) CCTV
12 9 (1.40%) Enterprise Software
Operating Systems
1 156 (24.19%) Linux
2 153 (23.72%) Windows
3 53 (8.22%) Windows Server
4 44 (6.82%) Android
5 32 (4.96%) Apple iOS
5 32 (4.96%) Windows Server 2012
6 25 (3.88%) Windows 10
7 21 (3.26%) Windows 8
8 19 (2.95%) Windows Server 2008
9 12 (1.86%) Windows Server 2003
10 11 (1.71%) Red Hat Enterprise Linux
11 10 (1.55%) Embedded Linux
12 9 (1.40%) Unix
12 9 (1.40%) Windows 7
13 8 (1.24%) CentOS
14 7 (1.09%) Ubuntu
15 6 (0.93%) Kali Linux
16 5 (0.78%) Solaris
17 2 (0.31%) HPUX
17 2 (0.31%) Mac OS X
Processes & Methodologies
1 288 (44.65%) Cybersecurity
2 279 (43.26%) Information Security
3 145 (22.48%) SIEM
4 114 (17.67%) Security Testing
5 103 (15.97%) Security Operations
6 102 (15.81%) ITIL
6 102 (15.81%) Vulnerability Scanning
7 91 (14.11%) Agile Software Development
8 84 (13.02%) OWASP
9 83 (12.87%) Risk Management
10 72 (11.16%) Ethical Hacking
10 72 (11.16%) Problem-Solving
11 65 (10.08%) Scrum
12 61 (9.46%) Test Automation
13 60 (9.30%) Data Protection
14 57 (8.84%) Vulnerability Management
15 55 (8.53%) Reverse Engineering
16 50 (7.75%) Incident Management
17 46 (7.13%) Software Engineering
18 44 (6.82%) Risk Assessment
Programming Languages
1 78 (12.09%) Python
2 71 (11.01%) C
3 59 (9.15%) PowerShell
4 56 (8.68%) Java
5 40 (6.20%) C++
6 37 (5.74%) SQL
7 31 (4.81%) C#
8 29 (4.50%) Bash Shell
9 25 (3.88%) JavaScript
10 23 (3.57%) Shell Script
11 15 (2.33%) PHP
12 12 (1.86%) Perl
13 11 (1.71%) Ruby
14 10 (1.55%) Embedded C
15 5 (0.78%) Go
15 5 (0.78%) TypeScript
16 4 (0.62%) VB
17 3 (0.47%) XAML
18 2 (0.31%) Objective-C
18 2 (0.31%) Scala
Qualifications
1 165 (25.58%) CISSP
2 103 (15.97%) Security Cleared
3 88 (13.64%) CREST Certified
4 87 (13.49%) Degree
5 80 (12.40%) CISM
6 78 (12.09%) OSCP
7 71 (11.01%) SC Cleared
8 69 (10.70%) Cisco Certification
9 59 (9.15%) CEH
10 56 (8.68%) CCNA
11 55 (8.53%) Microsoft Certification
12 49 (7.60%) MCSE
13 44 (6.82%) GIAC
13 44 (6.82%) SANS
14 36 (5.58%) CISA
15 33 (5.12%) DV Cleared
16 32 (4.96%) CHECK Team Member
16 32 (4.96%) OSCE
17 31 (4.81%) CompTIA Security+
18 30 (4.65%) CCNP
Quality Assurance & Compliance
1 163 (25.27%) ISO/IEC 27001
2 91 (14.11%) PCI DSS
3 75 (11.63%) GDPR
4 53 (8.22%) NIST
5 31 (4.81%) COBIT
5 31 (4.81%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 17 (2.64%) QA
7 16 (2.48%) Cyber Essentials
8 15 (2.33%) SLA
9 13 (2.02%) Sarbanes-Oxley
10 10 (1.55%) RMADS
11 7 (1.09%) ISO 9001
12 6 (0.93%) HIPAA
13 4 (0.62%) COSO
13 4 (0.62%) Web Application Security Consortium
14 3 (0.47%) Cyber Essentials PLUS
14 3 (0.47%) ISO 31000
15 2 (0.31%) PA-DSS
16 1 (0.16%) NCSC
16 1 (0.16%) PMO
System Software
1 84 (13.02%) Active Directory
2 53 (8.22%) VMware Infrastructure
3 34 (5.27%) Hyper-V
4 30 (4.65%) Docker
5 19 (2.95%) vSphere
6 12 (1.86%) XenApp
7 11 (1.71%) VMware ESXi
8 9 (1.40%) Virtual Machines
9 4 (0.62%) Snort
10 2 (0.31%) Firmware
10 2 (0.31%) iptables
10 2 (0.31%) NFS
10 2 (0.31%) Postfix
10 2 (0.31%) Samba
10 2 (0.31%) VMware Server
11 1 (0.16%) Shibboleth
Systems Management
1 30 (4.65%) Kubernetes
2 27 (4.19%) Nessus
3 17 (2.64%) SCCM
4 15 (2.33%) WSUS
5 13 (2.02%) Nmap
6 9 (1.40%) Ansible
6 9 (1.40%) Puppet
7 5 (0.78%) Opscode Chef
7 5 (0.78%) QRadar
8 4 (0.62%) HAProxy
9 3 (0.47%) Network Intrusion Detection System
9 3 (0.47%) RSA Archer
10 2 (0.31%) McAfee ePO
10 2 (0.31%) Mesos
10 2 (0.31%) Oozie
10 2 (0.31%) Rancher
10 2 (0.31%) Salt
10 2 (0.31%) Single Sign-On
10 2 (0.31%) Sysdig
10 2 (0.31%) TrustSec
Vendors
1 84 (13.02%) Microsoft
2 58 (8.99%) VMware
3 50 (7.75%) Cisco
4 28 (4.34%) Dell
5 27 (4.19%) Qualys
6 26 (4.03%) Google
7 22 (3.41%) HP
8 21 (3.26%) Veracode
9 19 (2.95%) Citrix
10 17 (2.64%) Veeam
11 16 (2.48%) Atlassian
12 15 (2.33%) CheckPoint
13 14 (2.17%) Splunk
14 13 (2.02%) Juniper
15 12 (1.86%) Mitel
15 12 (1.86%) Red Hat
15 12 (1.86%) Siemens
16 9 (1.40%) Fortinet
16 9 (1.40%) Oracle
16 9 (1.40%) Rapid7