Period
to 25 April 2018

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 25 April 2018 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
25 Apr 2018
Same period 2017 Same period 2016
Rank 611 800 834
Rank change year-on-year +189 +34 +242
Permanent jobs citing OWASP 666 392 482
As % of all permanent IT jobs advertised in the UK 0.38% 0.23% 0.24%
As % of the Processes & Methodologies category 0.41% 0.25% 0.26%
Number of salaries quoted 510 334 446
UK median annual salary £55,500 £55,000 £52,500
Median salary % change year-on-year +0.91% +4.76% -
10th Percentile £38,175 £35,000 £33,750
90th Percentile £88,750 £74,625 £80,000
UK excluding London median annual salary £55,000 £50,000 £47,500
% change year-on-year +10.00% +5.26% -9.52%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 160,685 153,962 184,220
As % of all permanent IT jobs advertised in the UK 90.83% 90.48% 89.98%
Number of salaries quoted 130,206 126,729 153,106
UK median annual salary £50,000 £47,500 £47,500
Median salary % change year-on-year +5.26% - +5.56%
10th Percentile £29,250 £28,000 £27,500
90th Percentile £81,250 £78,750 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +4.94%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 25 April 2018.

Salary histogram for OWASP in the UK

OWASP
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 25 April 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +172 614 £56,500 +2.73% 69
UK excluding London +139 377 £55,000 +10.00% 45
London +73 261 £72,500 +20.83% 29
South East +63 162 £52,500 -12.50% 12
North of England +45 105 £57,500 +40.24% 10
North West +41 79 £60,000 +33.33% 6
Midlands +10 48 £60,000 +41.18% 8
West Midlands +12 37 £60,000 +41.18% 5
Yorkshire +6 25 £45,000 +9.76% 4
South West -10 19 £46,000 -23.33% 5
East of England -22 14 £56,250 +18.42% 5
Wales - 13 £65,000 - 2
East Midlands 0 11 £50,000 +49.25% 3
Scotland -28 11 £60,000 +20.00% 1
Northern Ireland - 5 £45,000 - 2
North East - 1 £30,000 -

For the 6 months to 25 April 2018, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1 240 (36.04%) Agile Software Development
2 223 (33.48%) CISSP
3 213 (31.98%) Information Security
4 190 (28.53%) Java
5 182 (27.33%) SANS
6 171 (25.68%) ISO/IEC 27001
7 161 (24.17%) Penetration Testing
8 158 (23.72%) Cybersecurity
9 157 (23.57%) JavaScript
10 154 (23.12%) Finance
11 145 (21.77%) CISM
12 144 (21.62%) Scrum
13 136 (20.42%) Firewall
13 136 (20.42%) SQL
14 133 (19.97%) Continuous Integration
15 129 (19.37%) HTML
16 120 (18.02%) Windows
17 118 (17.72%) .NET
18 115 (17.27%) C#
18 115 (17.27%) CSS
18 115 (17.27%) Linux
19 110 (16.52%) Amazon AWS
20 109 (16.37%) PCI DSS
20 109 (16.37%) Security Testing
21 108 (16.22%) Test Automation
22 102 (15.32%) Python
22 102 (15.32%) Security Architecture
23 101 (15.17%) SDLC
24 97 (14.56%) Degree
25 92 (13.81%) Microsoft Azure

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 34 (5.11%) OpenStack
2 24 (3.60%) WebSphere
3 22 (3.30%) Confluence
4 21 (3.15%) Apache Solr
4 21 (3.15%) Tomcat
5 14 (2.10%) Apache
6 12 (1.80%) nginx
7 11 (1.65%) IIS
8 10 (1.50%) CMS
8 10 (1.50%) JBoss
8 10 (1.50%) Umbraco
8 10 (1.50%) WebLogic
9 9 (1.35%) Elasticsearch
9 9 (1.35%) Oracle SOA Suite
9 9 (1.35%) SAS
10 5 (0.75%) Cloud Foundry
10 5 (0.75%) CloudStack
11 2 (0.30%) Apache Spark
11 2 (0.30%) WebSphere Application Server
Applications
1 5 (0.75%) Microsoft PowerPoint
2 1 (0.15%) Microsoft Excel
Business Applications
1 4 (0.60%) Sentinel
2 1 (0.15%) NetSuite
2 1 (0.15%) Payment Gateway
Cloud Services
1 110 (16.52%) Amazon AWS
2 92 (13.81%) Microsoft Azure
3 42 (6.31%) Google Cloud Platform
4 29 (4.35%) SaaS
5 17 (2.55%) Cloud Computing
6 16 (2.40%) npm
7 14 (2.10%) Amazon ElastiCache
8 10 (1.50%) IaaS
8 10 (1.50%) NuGet
9 9 (1.35%) OpenShift
10 8 (1.20%) Amazon S3
10 8 (1.20%) PaaS
11 7 (1.05%) Office 365
11 7 (1.05%) Serverless
12 6 (0.90%) GitHub
13 5 (0.75%) BlazeMeter
14 4 (0.60%) Sauce Labs
15 3 (0.45%) Amazon SQS
16 2 (0.30%) BrowserStack
16 2 (0.30%) Firebase
Communications & Networking
1 136 (20.42%) Firewall
2 52 (7.81%) Network Security
3 46 (6.91%) HTTP
4 16 (2.40%) DNS
5 13 (1.95%) TCP/IP
6 11 (1.65%) Internet
6 11 (1.65%) Intrusion Detection
6 11 (1.65%) SAN
6 11 (1.65%) WAN
7 9 (1.35%) AMQP
8 8 (1.20%) SSL
8 8 (1.20%) Wireless
9 6 (0.90%) FTP
9 6 (0.90%) SSH
10 5 (0.75%) LAN
10 5 (0.75%) NAS
11 3 (0.45%) Broadband
11 3 (0.45%) tcpdump
11 3 (0.45%) VPN
11 3 (0.45%) Wireshark
Database & Business Intelligence
1 84 (12.61%) MySQL
2 60 (9.01%) SQL Server
3 55 (8.26%) NoSQL
4 39 (5.86%) MongoDB
5 32 (4.80%) PostgreSQL
6 30 (4.50%) Data Warehouse
7 25 (3.75%) MariaDB
8 22 (3.30%) SQL Server Integration Services
9 18 (2.70%) DB2
10 17 (2.55%) Big Data
11 14 (2.10%) Redis
12 11 (1.65%) BusinessObjects
12 11 (1.65%) Relational Database
13 10 (1.50%) SQL Server 2016
14 7 (1.05%) Hadoop
14 7 (1.05%) SSDT
15 5 (0.75%) Amazon Redshift
15 5 (0.75%) Looker
15 5 (0.75%) Qlik Sense
15 5 (0.75%) SQL Server Reporting Services
Development Applications
1 79 (11.86%) Git (software)
2 44 (6.61%) Jenkins
3 36 (5.41%) Selenium
4 34 (5.11%) JIRA
5 30 (4.50%) Team Foundation Server
6 28 (4.20%) JMeter
7 27 (4.05%) WebDriver
8 26 (3.90%) Visual Studio
9 23 (3.45%) Maven
10 19 (2.85%) Fiddler
11 18 (2.70%) TeamCity
12 16 (2.40%) Burp Suite
12 16 (2.40%) gulp
13 15 (2.25%) SoapUI
14 13 (1.95%) Cucumber
14 13 (1.95%) Subversion
15 11 (1.65%) JUnit
16 10 (1.50%) IntelliJ
16 10 (1.50%) LoadRunner
16 10 (1.50%) SpecFlow
General
1 154 (23.12%) Finance
2 31 (4.65%) Retail
3 25 (3.75%) Legal
4 22 (3.30%) Games
5 18 (2.70%) Banking
6 10 (1.50%) Back Office
6 10 (1.50%) Investment Banking
7 9 (1.35%) Law
8 8 (1.20%) Marketing
8 8 (1.20%) Telecoms
9 4 (0.60%) Financial Institution
10 2 (0.30%) Billing
10 2 (0.30%) Electronics
10 2 (0.30%) Publishing
11 1 (0.15%) French Language
11 1 (0.15%) Manufacturing
Job Titles
1 143 (21.47%) Developer
2 95 (14.26%) Analyst
3 79 (11.86%) Security Engineer
4 74 (11.11%) Architect
5 70 (10.51%) Security Analyst
6 60 (9.01%) Tester
7 46 (6.91%) Security Manager
8 42 (6.31%) Penetration Tester
9 40 (6.01%) Security Architect
10 34 (5.11%) .NET Developer
10 34 (5.11%) Java Developer
10 34 (5.11%) Security Specialist
11 32 (4.80%) Consultant
12 31 (4.65%) Senior Developer
13 30 (4.50%) Information Analyst
13 30 (4.50%) Information Security Analyst
13 30 (4.50%) Security Consultant
14 28 (4.20%) Software Engineer
15 27 (4.05%) Applications Engineer
16 25 (3.75%) Applications Specialist
Libraries, Frameworks & Software Standards
1 129 (19.37%) HTML
2 118 (17.72%) .NET
3 115 (17.27%) CSS
4 79 (11.86%) Web Services
5 63 (9.46%) REST
6 62 (9.31%) Spring
7 56 (8.41%) HTML5
7 56 (8.41%) XML
8 55 (8.26%) JSON
9 44 (6.61%) RESTful
10 41 (6.16%) ASP.NET
11 39 (5.86%) .NET Framework
12 36 (5.41%) CSS3
13 35 (5.26%) AngularJS
13 35 (5.26%) Spring Boot
14 32 (4.80%) SOAP
15 28 (4.20%) jQuery
16 27 (4.05%) ASP.NET MVC
17 22 (3.30%) J2EE
17 22 (3.30%) WCF
Miscellaneous
1 64 (9.61%) Management Information System
2 44 (6.61%) Computer Science
3 43 (6.46%) Analytical Skills
4 35 (5.26%) Cyber Defence
5 31 (4.65%) Fintech
5 31 (4.65%) Mobile App
6 25 (3.75%) Enterprise Software
7 23 (3.45%) Public Cloud
8 21 (3.15%) Data Centre
9 20 (3.00%) User Experience
10 16 (2.40%) BYOD
10 16 (2.40%) Cyberthreat
11 14 (2.10%) Cyberattack
12 11 (1.65%) Clustering
12 11 (1.65%) Mainframe
13 10 (1.50%) Algorithms
13 10 (1.50%) CESG
14 9 (1.35%) Linux Command Line
15 7 (1.05%) Self-Motivation
16 6 (0.90%) Virtual Team
Operating Systems
1 120 (18.02%) Windows
2 115 (17.27%) Linux
3 50 (7.51%) Unix
4 40 (6.01%) Windows Server
5 20 (3.00%) Apple iOS
6 18 (2.70%) Android
6 18 (2.70%) Red Hat Enterprise Linux
7 16 (2.40%) Windows Server 2012
8 8 (1.20%) Solaris
9 7 (1.05%) AIX
9 7 (1.05%) Kali Linux
9 7 (1.05%) Windows Server 2008
10 6 (0.90%) Mac OS X
10 6 (0.90%) Windows 10
11 5 (0.75%) Debian
11 5 (0.75%) HPUX
11 5 (0.75%) Windows Mobile
11 5 (0.75%) zOS
12 3 (0.45%) Oracle Linux
12 3 (0.45%) Ubuntu
Processes & Methodologies
1 240 (36.04%) Agile Software Development
2 213 (31.98%) Information Security
3 161 (24.17%) Penetration Testing
4 158 (23.72%) Cybersecurity
5 144 (21.62%) Scrum
6 133 (19.97%) Continuous Integration
7 109 (16.37%) Security Testing
8 108 (16.22%) Test Automation
9 102 (15.32%) Security Architecture
10 101 (15.17%) SDLC
11 90 (13.51%) TDD
12 89 (13.36%) MVC
13 81 (12.16%) SIEM
14 80 (12.01%) DevOps
15 74 (11.11%) SOA
16 72 (10.81%) Software Engineering
17 67 (10.06%) Problem-Solving
18 63 (9.46%) BDD
19 60 (9.01%) Ethical Hacking
20 59 (8.86%) Secure Coding
Programming Languages
1 190 (28.53%) Java
2 157 (23.57%) JavaScript
3 136 (20.42%) SQL
4 115 (17.27%) C#
5 102 (15.32%) Python
6 77 (11.56%) Ruby
7 46 (6.91%) PHP
8 42 (6.31%) C
9 39 (5.86%) C++
10 32 (4.80%) Shell Script
11 30 (4.50%) PowerShell
12 21 (3.15%) Bash Shell
13 16 (2.40%) Java 8
13 16 (2.40%) T-SQL
14 15 (2.25%) Go
15 13 (1.95%) Perl
16 8 (1.20%) TypeScript
17 6 (0.90%) Groovy
18 4 (0.60%) ES6
18 4 (0.60%) Objective-C
Qualifications
1 223 (33.48%) CISSP
2 182 (27.33%) SANS
3 145 (21.77%) CISM
4 97 (14.56%) Degree
5 84 (12.61%) CEH
6 52 (7.81%) CSSLP
7 39 (5.86%) CISA
7 39 (5.86%) Cisco Certification
8 28 (4.20%) OSCP
9 25 (3.75%) CREST Certified
10 23 (3.45%) Computer Science Degree
11 22 (3.30%) GIAC
12 21 (3.15%) Master's Degree
13 19 (2.85%) Security Cleared
14 18 (2.70%) CCNA
15 13 (1.95%) CRISC
16 12 (1.80%) (ISC)2 CCSP
16 12 (1.80%) CCSP
16 12 (1.80%) EC-Council LPT
16 12 (1.80%) ECSA
Quality Assurance & Compliance
1 171 (25.68%) ISO/IEC 27001
2 109 (16.37%) PCI DSS
3 68 (10.21%) QA
4 38 (5.71%) GDPR
5 31 (4.65%) GCP
5 31 (4.65%) HIPAA
6 17 (2.55%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 17 (2.55%) Web Application Security Consortium
7 13 (1.95%) COBIT
8 11 (1.65%) GPG13
9 7 (1.05%) PSD2
10 6 (0.90%) ISO 22301
10 6 (0.90%) ISO 9001
11 5 (0.75%) Cyber Essentials
12 4 (0.60%) HMG Security Policy Framework
12 4 (0.60%) ISO/IEC 27005
12 4 (0.60%) MiFID
12 4 (0.60%) WCAG
13 2 (0.30%) BS7799
13 2 (0.30%) RMADS
System Software
1 35 (5.26%) VMware Infrastructure
2 21 (3.15%) Docker
3 12 (1.80%) Active Directory
4 8 (1.20%) Apache ZooKeeper
5 7 (1.05%) Virtual Machines
5 7 (1.05%) vSphere
6 5 (0.75%) Xen
6 5 (0.75%) XenServer
7 1 (0.15%) OpenAM
7 1 (0.15%) VirtualBox
Systems Management
1 28 (4.20%) Nessus
2 26 (3.90%) WebInspect
3 20 (3.00%) Kubernetes
4 19 (2.85%) Single Sign-On
5 18 (2.70%) Puppet
6 16 (2.40%) Opscode Chef
7 15 (2.25%) Ansible
8 14 (2.10%) CASB
9 10 (1.50%) Nmap
10 7 (1.05%) Cobbler
10 7 (1.05%) HP Fortify
11 6 (0.90%) CSIRT
12 5 (0.75%) McAfee ePO
12 5 (0.75%) Terraform
13 4 (0.60%) logstash
14 3 (0.45%) Kibana
15 2 (0.30%) Computer Emergency Response Teams
15 2 (0.30%) Tivoli
16 1 (0.15%) Host Intrusion Detection System
16 1 (0.15%) OpenVAS
Vendors
1 69 (10.36%) Microsoft
2 41 (6.16%) VMware
3 36 (5.41%) Oracle
4 35 (5.26%) Veracode
5 26 (3.90%) Qualys
6 17 (2.55%) Capita
6 17 (2.55%) Red Hat
7 15 (2.25%) IBM
8 14 (2.10%) Google
8 14 (2.10%) HP
8 14 (2.10%) Rapid7
9 11 (1.65%) RedGate
10 10 (1.50%) Cisco
10 10 (1.50%) Sun
11 9 (1.35%) Ab Initio
12 7 (1.05%) McAfee
12 7 (1.05%) Symantec
12 7 (1.05%) WorldPay
13 6 (0.90%) Juniper
13 6 (0.90%) New Relic