Period
to 22 October 2017

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 22 October 2017 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
22 Oct 2017
Same period 2016 Same period 2015
Rank 769 733 959
Rank change year-on-year -36 +226 +140
Permanent jobs citing OWASP 440 563 347
As % of all permanent IT jobs advertised in the UK 0.25% 0.30% 0.16%
As % of the Processes & Methodologies category 0.28% 0.33% 0.18%
Number of salaries quoted 361 509 279
UK median annual salary £60,000 £55,000 £54,250
Median salary % change year-on-year +9.09% +1.38% +20.56%
10th Percentile £37,500 £36,250 £28,000
90th Percentile £100,000 £80,000 £80,000
UK excluding London median annual salary £51,250 £50,000 £50,000
% change year-on-year +2.50% - +17.65%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 156751 169256 193744
As % of all permanent IT jobs advertised in the UK 89.94% 89.24% 88.61%
Number of salaries quoted 123378 140808 159309
UK median annual salary £50,000 £49,500 £47,500
Median salary % change year-on-year +1.01% +4.21% +5.56%
10th Percentile £28,750 £28,000 £27,500
90th Percentile £80,000 £78,750 £76,250
UK excluding London median annual salary £43,354 £42,500 £42,500
% change year-on-year +2.01% - +6.25%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 22 October 2017.

Salary histogram for OWASP in the UK

OWASP
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 22 October 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -55 425 £60,000 +9.09% 36
London +31 222 £72,500 +11.54% 15
UK excluding London -82 211 £51,250 +2.50% 21
South East +10 104 £50,000 -9.09% 7
North of England -15 56 £50,000 +17.65% 6
Yorkshire +10 35 £45,000 +5.88% 2
North West -29 21 £62,500 +47.06% 2
Midlands +26 20 £60,000 +26.32% 4
South West -8 18 £55,000 - 2
West Midlands +14 13 £60,000 +26.32% 1
East Midlands +34 7 £60,000 +26.32% 3
East of England -29 7 £90,000 +20.00% 2
Northern Ireland - 3 £51,250 -
Wales +16 2 £55,000 -
Scotland -17 1 £65,000 +73.33%

For the 6 months to 22 October 2017, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for OWASP.

1 213 (48.41%) Agile Software Development
2 156 (35.45%) Java
3 155 (35.23%) Information Security
4 144 (32.73%) JavaScript
5 136 (30.91%) Python
6 135 (30.68%) Penetration Testing
7 126 (28.64%) Finance
8 117 (26.59%) SQL
9 115 (26.14%) CISSP
10 108 (24.55%) ISO/IEC 27001
11 105 (23.86%) HTML
12 99 (22.50%) .NET
13 97 (22.05%) Amazon AWS
14 95 (21.59%) Linux
15 90 (20.45%) Security Testing
15 90 (20.45%) DevOps
16 87 (19.77%) Continuous Integration
17 84 (19.09%) CSS
18 81 (18.41%) Ruby
19 80 (18.18%) Scrum
20 76 (17.27%) Jenkins
21 75 (17.05%) Firewall
21 75 (17.05%) Windows
22 74 (16.82%) Security Architecture
23 73 (16.59%) Open Source
23 73 (16.59%) CEH
23 73 (16.59%) C#
24 70 (15.91%) CISM
25 68 (15.45%) Cybersecurity
26 67 (15.23%) Microsoft

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 47 (10.68%) WebSphere
2 34 (7.73%) Tomcat
3 30 (6.82%) nginx
4 28 (6.36%) OpenStack
5 23 (5.23%) WebLogic
6 22 (5.00%) Cloud Foundry
6 22 (5.00%) JBoss
7 18 (4.09%) CloudStack
8 16 (3.64%) Apache
9 10 (2.27%) IIS
10 9 (2.05%) Elasticsearch
10 9 (2.05%) WebSphere Application Server
11 7 (1.59%) CMS
12 6 (1.36%) Umbraco
13 5 (1.14%) Oracle SOA Suite
13 5 (1.14%) SharePoint
14 4 (0.91%) Confluence
15 3 (0.68%) Sitefinity
16 2 (0.45%) Apache Solr
17 1 (0.23%) Kentico
Applications
1 3 (0.68%) Microsoft Excel
2 2 (0.45%) Microsoft Office
2 2 (0.45%) Microsoft PowerPoint
2 2 (0.45%) Microsoft Project
2 2 (0.45%) MS Visio
Business Applications
1 5 (1.14%) Payment Gateway
2 1 (0.23%) Salesforce.com CRM
Cloud Services
1 97 (22.05%) Amazon AWS
2 34 (7.73%) Microsoft Azure
3 31 (7.05%) npm
4 26 (5.91%) SaaS
5 22 (5.00%) PaaS
6 10 (2.27%) GitHub
7 5 (1.14%) Cloud Computing
7 5 (1.14%) Office 365
8 4 (0.91%) Azure Active Directory
9 3 (0.68%) Amazon ElastiCache
9 3 (0.68%) Amazon S3
9 3 (0.68%) Amazon SQS
9 3 (0.68%) Google Cloud Platform
10 2 (0.45%) Heroku
11 1 (0.23%) Boomi
11 1 (0.23%) OpenShift
11 1 (0.23%) Serverless
Communications & Networking
1 75 (17.05%) Firewall
2 60 (13.64%) Network Security
3 39 (8.86%) TCP/IP
4 20 (4.55%) Wireless
5 19 (4.32%) Internet
6 15 (3.41%) DNS
6 15 (3.41%) HTTP
7 11 (2.50%) DHCP
8 10 (2.27%) LDAP
8 10 (2.27%) Wireshark
9 9 (2.05%) Multicast
10 8 (1.82%) LAN
10 8 (1.82%) NAS
10 8 (1.82%) SAN
10 8 (1.82%) WAN
11 5 (1.14%) Intrusion Detection
11 5 (1.14%) VoIP
12 4 (0.91%) tcpdump
13 3 (0.68%) Ethernet
13 3 (0.68%) SSL
Database & Business Intelligence
1 49 (11.14%) SQL Server
2 44 (10.00%) MySQL
3 27 (6.14%) NoSQL
4 20 (4.55%) SQL Server Integration Services
5 12 (2.73%) MongoDB
6 10 (2.27%) MariaDB
7 6 (1.36%) Relational Database
8 5 (1.14%) Azure SQL Database
8 5 (1.14%) Data Warehouse
8 5 (1.14%) Hadoop
8 5 (1.14%) Looker
8 5 (1.14%) Oracle Database
8 5 (1.14%) Redis
9 4 (0.91%) PostgreSQL
10 3 (0.68%) Big Data
10 3 (0.68%) SQL Server 2008
11 2 (0.45%) Blockchain
12 1 (0.23%) Couchbase
12 1 (0.23%) Hazelcast
12 1 (0.23%) Power BI
Development Applications
1 76 (17.27%) Jenkins
2 62 (14.09%) Git (software)
3 35 (7.95%) gulp
4 32 (7.27%) JUnit
5 31 (7.05%) TeamCity
6 30 (6.82%) Metasploit
6 30 (6.82%) Subversion
7 28 (6.36%) Gradle
7 28 (6.36%) Maven
8 27 (6.14%) Burp Suite
9 22 (5.00%) IBM UrbanCode
10 21 (4.77%) CircleCI
10 21 (4.77%) Travis CI
11 20 (4.55%) AppScan
12 19 (4.32%) Jasmine
13 12 (2.73%) Paros
14 10 (2.27%) Team Foundation Server
15 9 (2.05%) Selenium
16 8 (1.82%) JIRA
16 8 (1.82%) Visual Studio
General
1 126 (28.64%) Finance
2 25 (5.68%) Retail
3 18 (4.09%) Banking
4 17 (3.86%) Legal
5 16 (3.64%) Telecoms
6 8 (1.82%) Automotive
7 7 (1.59%) Manufacturing
8 6 (1.36%) Financial Institution
9 5 (1.14%) Aerospace
10 4 (0.91%) Advertising
10 4 (0.91%) Back Office
10 4 (0.91%) Billing
10 4 (0.91%) Games
11 2 (0.45%) Law
11 2 (0.45%) Publishing
12 1 (0.23%) Electronics
12 1 (0.23%) Pharmaceutical
12 1 (0.23%) Retail Banking
Job Titles
1 85 (19.32%) Developer
2 65 (14.77%) Consultant
3 60 (13.64%) Security Consultant
4 52 (11.82%) Tester
5 50 (11.36%) Penetration Tester
6 43 (9.77%) DevOps Engineer
7 36 (8.18%) Analyst
8 34 (7.73%) Security Analyst
9 32 (7.27%) Architect
10 30 (6.82%) Senior Developer
11 29 (6.59%) Security Manager
12 27 (6.14%) Information Security Consultant
13 23 (5.23%) Information Analyst
13 23 (5.23%) Information Security Analyst
13 23 (5.23%) Security Specialist
14 20 (4.55%) Security Architect
15 19 (4.32%) Java Developer
15 19 (4.32%) Security Penetration Tester
15 19 (4.32%) Security Tester
16 17 (3.86%) Applications Engineer
Libraries, Frameworks & Software Standards
1 105 (23.86%) HTML
2 99 (22.50%) .NET
3 84 (19.09%) CSS
4 52 (11.82%) Web Services
5 44 (10.00%) HTML5
6 42 (9.55%) REST
7 37 (8.41%) XML
8 36 (8.18%) AngularJS
9 29 (6.59%) jQuery
10 28 (6.36%) JSON
11 27 (6.14%) ASP.NET
12 25 (5.68%) RESTful
13 24 (5.45%) CSS3
14 22 (5.00%) Ajax
15 19 (4.32%) ASP.NET Web API
15 19 (4.32%) SOAP
16 18 (4.09%) Node.js
17 17 (3.86%) J2EE
17 17 (3.86%) OAuth
17 17 (3.86%) Spring
Miscellaneous
1 58 (13.18%) Mobile App
2 42 (9.55%) Computer Science
3 34 (7.73%) Management Information System
4 25 (5.68%) Driving Licence
5 18 (4.09%) User Experience
6 16 (3.64%) Analytical Skills
7 14 (3.18%) Cyberthreat
8 11 (2.50%) Public Cloud
9 10 (2.27%) Cyber Defence
10 9 (2.05%) BYOD
10 9 (2.05%) Cyber Attack
11 8 (1.82%) Clustering
11 8 (1.82%) Data Centre
11 8 (1.82%) Fintech
11 8 (1.82%) iPad
12 7 (1.59%) Algorithms
13 6 (1.36%) Distributed Denial-of-Service
13 6 (1.36%) Enterprise Software
13 6 (1.36%) FMCG
14 5 (1.14%) Virtual Team
Operating Systems
1 95 (21.59%) Linux
2 75 (17.05%) Windows
3 58 (13.18%) Unix
4 45 (10.23%) Android
4 45 (10.23%) Apple iOS
5 19 (4.32%) Red Hat Enterprise Linux
6 15 (3.41%) Kali Linux
7 9 (2.05%) Solaris
8 8 (1.82%) CentOS
9 6 (1.36%) Oracle Linux
10 4 (0.91%) Windows Server
11 3 (0.68%) AIX
11 3 (0.68%) HPUX
11 3 (0.68%) Ubuntu
12 2 (0.45%) KNOPPIX
12 2 (0.45%) Mac OS
13 1 (0.23%) Debian
13 1 (0.23%) VMS
Processes & Methodologies
1 213 (48.41%) Agile Software Development
2 155 (35.23%) Information Security
3 135 (30.68%) Penetration Testing
4 90 (20.45%) DevOps
4 90 (20.45%) Security Testing
5 87 (19.77%) Continuous Integration
6 80 (18.18%) Scrum
7 74 (16.82%) Security Architecture
8 73 (16.59%) Open Source
9 68 (15.45%) Cybersecurity
10 55 (12.50%) Test Automation
11 50 (11.36%) Web Development
12 49 (11.14%) Risk Management
12 49 (11.14%) Vulnerability Assessment
13 46 (10.45%) BDD
14 45 (10.23%) Ethical Hacking
15 44 (10.00%) Risk Assessment
16 42 (9.55%) TDD
17 35 (7.95%) Performance Tuning
17 35 (7.95%) Waterfall
Programming Languages
1 156 (35.45%) Java
2 144 (32.73%) JavaScript
3 136 (30.91%) Python
4 117 (26.59%) SQL
5 81 (18.41%) Ruby
6 73 (16.59%) C#
7 55 (12.50%) Shell Script
8 39 (8.86%) C++
9 36 (8.18%) PHP
10 31 (7.05%) Groovy
10 31 (7.05%) Perl
11 26 (5.91%) Bash Shell
12 25 (5.68%) C
13 19 (4.32%) Scala
14 17 (3.86%) VB.NET
15 15 (3.41%) T-SQL
16 12 (2.73%) Objective-C
17 7 (1.59%) Apple Swift
18 6 (1.36%) PowerShell
19 5 (1.14%) PL/SQL
Qualifications
1 115 (26.14%) CISSP
2 73 (16.59%) CEH
3 70 (15.91%) CISM
4 59 (13.41%) Degree
5 52 (11.82%) OSCP
6 47 (10.68%) CREST Certified
7 24 (5.45%) Computer Science Degree
8 22 (5.00%) SANS
9 21 (4.77%) CISA
10 19 (4.32%) OSCE
11 18 (4.09%) Security Cleared
11 18 (4.09%) Tigerscheme
12 14 (3.18%) SC Cleared
13 13 (2.95%) CHECK Team Member
13 13 (2.95%) Cyber Scheme
13 13 (2.95%) GIAC
13 13 (2.95%) GPEN
14 11 (2.50%) Cisco Certification
15 10 (2.27%) CHECK Team Leader
16 8 (1.82%) CLAS
Quality Assurance & Compliance
1 108 (24.55%) ISO/IEC 27001
2 50 (11.36%) PCI DSS
3 24 (5.45%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
4 22 (5.00%) GDPR
5 21 (4.77%) ISO 9001
5 21 (4.77%) ISO/IEC 27005
6 14 (3.18%) Cyber Essentials
7 10 (2.27%) Cyber Essentials PLUS
8 9 (2.05%) SAS 70
9 7 (1.59%) QA
10 6 (1.36%) COBIT
10 6 (1.36%) NIST 800
11 4 (0.91%) Web Application Security Consortium
12 3 (0.68%) BS25999
12 3 (0.68%) RMADS
12 3 (0.68%) Sarbanes-Oxley
13 2 (0.45%) WAI
13 2 (0.45%) WCAG
14 1 (0.23%) HIPAA
14 1 (0.23%) IASME
System Software
1 28 (6.36%) Virtual Machines
2 25 (5.68%) Active Directory
3 22 (5.00%) vSphere
4 18 (4.09%) Xen
4 18 (4.09%) XenServer
5 15 (3.41%) VMware Infrastructure
6 11 (2.50%) Docker
7 5 (1.14%) VMware ESXi
8 3 (0.68%) Firmware
Systems Management
1 64 (14.55%) Puppet
2 58 (13.18%) Opscode Chef
3 55 (12.50%) Ansible
4 49 (11.14%) Nessus
5 28 (6.36%) Cobbler
6 26 (5.91%) Kubernetes
6 26 (5.91%) Tivoli
7 25 (5.68%) Terraform
8 19 (4.32%) Nmap
9 11 (2.50%) HP Fortify
10 9 (2.05%) WebInspect
11 8 (1.82%) Salt
12 4 (0.91%) Core Impact
12 4 (0.91%) FortiGate
12 4 (0.91%) Nagios
12 4 (0.91%) ZABBIX
13 3 (0.68%) Kibana
13 3 (0.68%) logstash
14 1 (0.23%) Defensics
14 1 (0.23%) OpenVAS
Vendors
1 67 (15.23%) Microsoft
2 46 (10.45%) Oracle
3 26 (5.91%) Red Hat
4 17 (3.86%) EnterpriseDB
5 15 (3.41%) IBM
5 15 (3.41%) VMware
6 12 (2.73%) Apple
6 12 (2.73%) HP
7 9 (2.05%) Google
8 8 (1.82%) Xamarin
9 7 (1.59%) Cisco
10 6 (1.36%) Qualys
10 6 (1.36%) Sun
11 5 (1.14%) NetApp
11 5 (1.14%) Veracode
12 4 (0.91%) CheckPoint
12 4 (0.91%) Palo Alto
12 4 (0.91%) SolarWinds
13 2 (0.45%) Juniper
13 2 (0.45%) Salesforce.com