Period
to 22 November 2017

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 22 November 2017 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
22 Nov 2017
Same period 2016 Same period 2015
Rank 732 726 953
Rank change year-on-year -6 +227 +183
Permanent jobs citing OWASP 478 534 358
As % of all permanent IT jobs advertised in the UK 0.26% 0.28% 0.17%
As % of the Processes & Methodologies category 0.29% 0.31% 0.19%
Number of salaries quoted 387 492 275
UK median annual salary £60,000 £55,000 £52,500
Median salary % change year-on-year +9.09% +4.76% +5.00%
10th Percentile £38,750 £36,250 £28,000
90th Percentile £100,000 £77,500 £77,500
UK excluding London median annual salary £52,500 £50,000 £47,500
% change year-on-year +5.00% +5.26% +5.56%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 162377 170041 191608
As % of all permanent IT jobs advertised in the UK 89.91% 89.40% 88.80%
Number of salaries quoted 128248 141329 157803
UK median annual salary £50,000 £49,500 £47,500
Median salary % change year-on-year +1.01% +4.21% +5.56%
10th Percentile £28,750 £28,000 £27,500
90th Percentile £80,000 £78,750 £77,500
UK excluding London median annual salary £44,000 £42,500 £42,500
% change year-on-year +3.53% - +6.25%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 22 November 2017.

Salary histogram for OWASP in the UK

OWASP
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 22 November 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -26 458 £60,000 +9.09% 40
UK excluding London -41 240 £52,500 +5.00% 28
London +28 230 £72,500 +11.54% 15
South East +31 120 £50,000 -9.09% 8
North of England -27 59 £45,000 +5.88% 11
Yorkshire +19 35 £45,000 +5.88% 4
Midlands +17 25 £60,000 +29.73% 2
North West -39 24 £62,500 +47.06% 5
West Midlands +1 17 £61,000 +35.56% 1
South West -9 16 £50,000 -9.09% 3
East of England -12 10 £90,000 +20.00% 1
East Midlands +28 8 £57,500 +21.05% 1
Northern Ireland - 5 £43,750 -
Wales +14 4 £55,000 - 2
Scotland -13 1 £65,000 +73.33% 1

For the 6 months to 22 November 2017, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for OWASP.

1 222 (46.44%) Agile Software Development
2 166 (34.73%) Java
3 156 (32.64%) JavaScript
3 156 (32.64%) Information Security
4 144 (30.13%) Python
4 144 (30.13%) Penetration Testing
5 131 (27.41%) Finance
6 122 (25.52%) SQL
6 122 (25.52%) CISSP
7 118 (24.69%) ISO/IEC 27001
8 117 (24.48%) HTML
9 114 (23.85%) .NET
10 107 (22.38%) Linux
11 100 (20.92%) Amazon AWS
12 97 (20.29%) Security Testing
13 95 (19.87%) Continuous Integration
14 92 (19.25%) Firewall
15 91 (19.04%) CSS
16 90 (18.83%) Windows
16 90 (18.83%) Ruby
17 87 (18.20%) C#
18 83 (17.36%) DevOps
19 78 (16.32%) Scrum
20 74 (15.48%) CISM
20 74 (15.48%) Open Source
21 73 (15.27%) Security Architecture
22 70 (14.64%) CEH
23 69 (14.44%) Jenkins
23 69 (14.44%) Cybersecurity
24 68 (14.23%) Unix

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 46 (9.62%) WebSphere
2 35 (7.32%) Tomcat
3 30 (6.28%) nginx
4 28 (5.86%) OpenStack
5 23 (4.81%) WebLogic
6 20 (4.18%) Cloud Foundry
7 18 (3.77%) JBoss
8 17 (3.56%) Apache
9 15 (3.14%) CloudStack
10 12 (2.51%) Elasticsearch
11 11 (2.30%) IIS
12 7 (1.46%) WebSphere Application Server
13 6 (1.26%) Umbraco
14 5 (1.05%) CMS
14 5 (1.05%) Confluence
14 5 (1.05%) SharePoint
15 3 (0.63%) Oracle SOA Suite
16 1 (0.21%) Apache Solr
16 1 (0.21%) Ethereum
16 1 (0.21%) Hyperledger
Applications
1 3 (0.63%) Microsoft Excel
2 2 (0.42%) Microsoft Office
2 2 (0.42%) Microsoft PowerPoint
2 2 (0.42%) Microsoft Project
2 2 (0.42%) MS Visio
Business Applications
1 6 (1.26%) Payment Gateway
2 1 (0.21%) Salesforce.com CRM
Cloud Services
1 100 (20.92%) Amazon AWS
2 38 (7.95%) Microsoft Azure
3 29 (6.07%) SaaS
4 27 (5.65%) npm
5 22 (4.60%) PaaS
6 10 (2.09%) GitHub
7 7 (1.46%) Cloud Computing
8 5 (1.05%) Amazon ElastiCache
8 5 (1.05%) Amazon S3
8 5 (1.05%) Google Cloud Platform
8 5 (1.05%) Office 365
9 4 (0.84%) Azure Active Directory
10 3 (0.63%) Amazon SQS
10 3 (0.63%) IaaS
10 3 (0.63%) Serverless
11 2 (0.42%) Heroku
12 1 (0.21%) AWS CloudFormation
12 1 (0.21%) AWS Lambda
12 1 (0.21%) Boomi
12 1 (0.21%) OpenShift
Communications & Networking
1 92 (19.25%) Firewall
2 66 (13.81%) Network Security
3 44 (9.21%) TCP/IP
4 21 (4.39%) Internet
5 20 (4.18%) Wireless
6 19 (3.97%) DNS
7 15 (3.14%) HTTP
8 13 (2.72%) LDAP
9 12 (2.51%) DHCP
9 12 (2.51%) Intrusion Detection
9 12 (2.51%) Wireshark
10 9 (1.88%) Multicast
10 9 (1.88%) WAN
11 8 (1.67%) LAN
11 8 (1.67%) NAS
11 8 (1.67%) SAN
12 7 (1.46%) SSL
13 5 (1.05%) tcpdump
13 5 (1.05%) VoIP
14 4 (0.84%) CTI
Database & Business Intelligence
1 56 (11.72%) SQL Server
2 52 (10.88%) MySQL
3 34 (7.11%) NoSQL
4 20 (4.18%) SQL Server Integration Services
5 16 (3.35%) MongoDB
6 13 (2.72%) MariaDB
7 9 (1.88%) Data Warehouse
7 9 (1.88%) Relational Database
8 7 (1.46%) Hadoop
8 7 (1.46%) Looker
8 7 (1.46%) Redis
9 5 (1.05%) PostgreSQL
10 4 (0.84%) Azure SQL Database
11 3 (0.63%) Big Data
11 3 (0.63%) Blockchain
11 3 (0.63%) Neo4j
11 3 (0.63%) Oracle Database
11 3 (0.63%) SQL Server 2008
11 3 (0.63%) SQL Server Reporting Services
12 2 (0.42%) Apache Hive
Development Applications
1 69 (14.44%) Jenkins
2 64 (13.39%) Git (software)
3 32 (6.69%) JUnit
4 30 (6.28%) gulp
5 29 (6.07%) TeamCity
6 27 (5.65%) Burp Suite
6 27 (5.65%) Gradle
6 27 (5.65%) Maven
6 27 (5.65%) Metasploit
7 24 (5.02%) Subversion
8 21 (4.39%) Jasmine
9 20 (4.18%) AppScan
9 20 (4.18%) CircleCI
9 20 (4.18%) IBM UrbanCode
9 20 (4.18%) Travis CI
10 18 (3.77%) Visual Studio
11 12 (2.51%) Paros
11 12 (2.51%) Team Foundation Server
12 11 (2.30%) Cucumber
13 10 (2.09%) JIRA
General
1 131 (27.41%) Finance
2 31 (6.49%) Retail
3 20 (4.18%) Legal
4 15 (3.14%) Telecoms
5 13 (2.72%) Banking
6 8 (1.67%) Automotive
7 7 (1.46%) Manufacturing
8 6 (1.26%) Billing
8 6 (1.26%) Games
9 5 (1.05%) Aerospace
10 4 (0.84%) Advertising
10 4 (0.84%) Back Office
11 3 (0.63%) Electronics
11 3 (0.63%) Financial Institution
12 2 (0.42%) Law
13 1 (0.21%) Marketing
13 1 (0.21%) Pharmaceutical
13 1 (0.21%) Publishing
13 1 (0.21%) Retail Banking
Job Titles
1 92 (19.25%) Developer
2 66 (13.81%) Consultant
3 60 (12.55%) Security Consultant
4 54 (11.30%) Tester
5 53 (11.09%) Penetration Tester
6 40 (8.37%) DevOps Engineer
7 38 (7.95%) Architect
8 34 (7.11%) Security Manager
9 33 (6.90%) Analyst
10 29 (6.07%) Information Security Consultant
10 29 (6.07%) Security Analyst
11 27 (5.65%) Senior Developer
12 26 (5.44%) Security Specialist
13 24 (5.02%) Security Engineer
14 22 (4.60%) Applications Engineer
14 22 (4.60%) Security Architect
15 19 (3.97%) .NET Developer
15 19 (3.97%) Applications Specialist
15 19 (3.97%) Information Analyst
15 19 (3.97%) Information Security Analyst
Libraries, Frameworks & Software Standards
1 117 (24.48%) HTML
2 114 (23.85%) .NET
3 91 (19.04%) CSS
4 51 (10.67%) HTML5
5 45 (9.41%) Web Services
6 42 (8.79%) REST
7 41 (8.58%) XML
8 35 (7.32%) AngularJS
9 29 (6.07%) RESTful
10 28 (5.86%) JSON
11 27 (5.65%) CSS3
12 26 (5.44%) ASP.NET
12 26 (5.44%) jQuery
13 22 (4.60%) Ajax
14 21 (4.39%) Spring
15 19 (3.97%) J2EE
16 18 (3.77%) Node.js
17 17 (3.56%) ASP.NET Web API
18 16 (3.35%) ASP.NET MVC
19 15 (3.14%) OAuth
Miscellaneous
1 51 (10.67%) Mobile App
2 41 (8.58%) Management Information System
3 39 (8.16%) Computer Science
4 20 (4.18%) Driving Licence
5 17 (3.56%) User Experience
6 15 (3.14%) Public Cloud
7 13 (2.72%) Analytical Skills
7 13 (2.72%) Cyberthreat
8 12 (2.51%) Cyber Attack
9 11 (2.30%) BYOD
9 11 (2.30%) Clustering
9 11 (2.30%) Cyber Defence
10 9 (1.88%) Enterprise Software
10 9 (1.88%) Fintech
11 8 (1.67%) FMCG
11 8 (1.67%) iPad
12 7 (1.46%) Data Centre
13 6 (1.26%) CESG
13 6 (1.26%) Distributed Denial-of-Service
14 4 (0.84%) Algorithms
Operating Systems
1 107 (22.38%) Linux
2 90 (18.83%) Windows
3 68 (14.23%) Unix
4 40 (8.37%) Android
4 40 (8.37%) Apple iOS
5 20 (4.18%) Red Hat Enterprise Linux
6 18 (3.77%) Kali Linux
7 11 (2.30%) Solaris
7 11 (2.30%) Windows Server
8 10 (2.09%) CentOS
9 8 (1.67%) Oracle Linux
10 5 (1.05%) Windows Server 2008
11 3 (0.63%) AIX
11 3 (0.63%) HPUX
11 3 (0.63%) Ubuntu
11 3 (0.63%) Windows Server 2012
12 2 (0.42%) KNOPPIX
12 2 (0.42%) Mac OS
13 1 (0.21%) Debian
13 1 (0.21%) VMS
Processes & Methodologies
1 222 (46.44%) Agile Software Development
2 156 (32.64%) Information Security
3 144 (30.13%) Penetration Testing
4 97 (20.29%) Security Testing
5 95 (19.87%) Continuous Integration
6 83 (17.36%) DevOps
7 78 (16.32%) Scrum
8 74 (15.48%) Open Source
9 73 (15.27%) Security Architecture
10 69 (14.44%) Cybersecurity
11 61 (12.76%) Test Automation
12 58 (12.13%) BDD
13 53 (11.09%) Vulnerability Assessment
14 52 (10.88%) Risk Management
14 52 (10.88%) Web Development
15 48 (10.04%) Ethical Hacking
15 48 (10.04%) Risk Assessment
16 47 (9.83%) TDD
17 41 (8.58%) Stakeholder Management
18 36 (7.53%) Front End Development
Programming Languages
1 166 (34.73%) Java
2 156 (32.64%) JavaScript
3 144 (30.13%) Python
4 122 (25.52%) SQL
5 90 (18.83%) Ruby
6 87 (18.20%) C#
7 55 (11.51%) Shell Script
8 46 (9.62%) C++
8 46 (9.62%) PHP
9 32 (6.69%) Perl
10 29 (6.07%) Groovy
11 28 (5.86%) C
12 24 (5.02%) Bash Shell
13 18 (3.77%) VB.NET
14 17 (3.56%) Scala
15 13 (2.72%) T-SQL
16 9 (1.88%) PowerShell
17 6 (1.26%) Objective-C
18 5 (1.05%) Go
19 4 (0.84%) VB
Qualifications
1 122 (25.52%) CISSP
2 74 (15.48%) CISM
3 70 (14.64%) CEH
4 63 (13.18%) Degree
5 44 (9.21%) SANS
6 42 (8.79%) CREST Certified
7 40 (8.37%) OSCP
8 28 (5.86%) Computer Science Degree
9 21 (4.39%) CISA
10 19 (3.97%) Cisco Certification
11 17 (3.56%) OSCE
12 14 (2.93%) Security Cleared
13 13 (2.72%) CCNP
14 12 (2.51%) GIAC
14 12 (2.51%) GPEN
15 11 (2.30%) Tigerscheme
16 10 (2.09%) CHECK Team Leader
17 9 (1.88%) GWAPT
17 9 (1.88%) Master's Degree
17 9 (1.88%) SC Cleared
Quality Assurance & Compliance
1 118 (24.69%) ISO/IEC 27001
2 56 (11.72%) PCI DSS
3 33 (6.90%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
4 23 (4.81%) GDPR
4 23 (4.81%) ISO/IEC 27005
5 21 (4.39%) ISO 9001
6 13 (2.72%) QA
7 9 (1.88%) Cyber Essentials
7 9 (1.88%) SAS 70
8 8 (1.67%) COBIT
8 8 (1.67%) Web Application Security Consortium
9 7 (1.46%) NIST 800
10 5 (1.05%) Cyber Essentials PLUS
11 4 (0.84%) RMADS
12 3 (0.63%) BS25999
12 3 (0.63%) GPG13
12 3 (0.63%) Sarbanes-Oxley
13 2 (0.42%) WAI
13 2 (0.42%) WCAG
14 1 (0.21%) HIPAA
System Software
1 27 (5.65%) Virtual Machines
2 25 (5.23%) Active Directory
3 19 (3.97%) vSphere
4 18 (3.77%) VMware Infrastructure
5 15 (3.14%) Xen
5 15 (3.14%) XenServer
6 13 (2.72%) Docker
7 5 (1.05%) VMware ESXi
8 3 (0.63%) Firmware
9 1 (0.21%) OpenAM
Systems Management
1 59 (12.34%) Puppet
2 55 (11.51%) Opscode Chef
3 52 (10.88%) Ansible
4 42 (8.79%) Nessus
5 26 (5.44%) Kubernetes
6 25 (5.23%) Cobbler
7 24 (5.02%) Terraform
8 23 (4.81%) Tivoli
9 20 (4.18%) Nmap
10 14 (2.93%) WebInspect
11 10 (2.09%) HP Fortify
12 6 (1.26%) Salt
13 4 (0.84%) Core Impact
13 4 (0.84%) FortiGate
13 4 (0.84%) logstash
13 4 (0.84%) McAfee ePO
13 4 (0.84%) Nagios
13 4 (0.84%) ZABBIX
14 3 (0.63%) Kibana
15 1 (0.21%) Cuckoo Sandbox
Vendors
1 66 (13.81%) Microsoft
2 44 (9.21%) Oracle
3 26 (5.44%) Red Hat
4 21 (4.39%) VMware
5 18 (3.77%) IBM
6 16 (3.35%) HP
7 15 (3.14%) Cisco
8 14 (2.93%) EnterpriseDB
9 11 (2.30%) Qualys
10 10 (2.09%) Google
11 9 (1.88%) Apple
11 9 (1.88%) Xamarin
12 8 (1.67%) Juniper
12 8 (1.67%) Sun
13 6 (1.26%) McAfee
13 6 (1.26%) Symantec
14 5 (1.05%) NetApp
14 5 (1.05%) Veracode
15 4 (0.84%) Palo Alto
15 4 (0.84%) SolarWinds