Period
to 18 September 2018

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 18 September 2018 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
18 Sep 2018
Same period 2017 Same period 2016
Rank 633 808 754
Rank change year-on-year +175 -54 +241
Permanent jobs citing OWASP 615 415 554
As % of all permanent IT jobs advertised in the UK 0.37% 0.24% 0.29%
As % of the Processes & Methodologies category 0.40% 0.26% 0.32%
Number of salaries quoted 481 333 505
UK median annual salary £57,500 £57,500 £55,000
Median salary % change year-on-year - +4.55% -
10th Percentile £40,000 £36,500 £36,250
90th Percentile £80,000 £100,000 £80,000
UK excluding London median annual salary £55,000 £50,000 £50,000
% change year-on-year +10.00% - -4.76%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 152,730 161,474 175,002
As % of all permanent IT jobs advertised in the UK 91.05% 91.55% 90.89%
Number of salaries quoted 121,581 127,491 146,021
UK median annual salary £50,000 £50,000 £48,500
Median salary % change year-on-year - +3.09% +2.11%
10th Percentile £29,000 £28,000 £27,500
90th Percentile £82,500 £80,000 £78,750
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - -

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 18 September 2018.

Salary histogram for OWASP in the UK

OWASP
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 18 September 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +168 598 £57,500 - 81
UK excluding London +189 411 £55,000 +10.00% 55
London +17 195 £65,000 -10.34% 29
South East +71 170 £55,000 +10.00% 20
North of England +87 128 £60,000 +29.73% 15
North West +109 109 £60,000 -4.00% 8
East of England +55 46 £55,000 +15.79% 5
Midlands +33 37 £58,500 -2.50% 8
West Midlands +44 31 £57,000 -5.00% 4
South West +2 20 £47,500 -17.39% 4
Yorkshire +8 19 £47,500 +11.76% 4
East Midlands +4 6 £62,500 +33.69% 4
Scotland 0 6 £65,000 +23.81% 3
Northern Ireland 0 2 £66,250 +55.88%
Wales - 2 £67,500 -

For the 6 months to 18 September 2018, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1 249 (40.49%) Information Security
2 225 (36.59%) CISSP
3 201 (32.68%) ISO/IEC 27001
4 195 (31.71%) Agile Software Development
5 174 (28.29%) Penetration Testing
6 153 (24.88%) Microsoft Azure
6 153 (24.88%) Windows
7 139 (22.60%) CISM
8 137 (22.28%) Amazon AWS
9 134 (21.79%) Cybersecurity
10 132 (21.46%) SQL
11 131 (21.30%) SANS
12 130 (21.14%) Linux
13 119 (19.35%) JavaScript
14 112 (18.21%) .NET
15 107 (17.40%) Java
15 107 (17.40%) Web Services
15 107 (17.40%) Finance
16 104 (16.91%) Degree
17 103 (16.75%) MVC
18 101 (16.42%) Microsoft
19 99 (16.10%) HTML
19 99 (16.10%) SIEM
20 90 (14.63%) Scrum
21 85 (13.82%) CSS
22 82 (13.33%) C#
22 82 (13.33%) Incident Management
23 81 (13.17%) Risk Management
24 76 (12.36%) Continuous Integration
24 76 (12.36%) DevOps

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 32 (5.20%) Confluence
2 28 (4.55%) OpenStack
3 19 (3.09%) IIS
3 19 (3.09%) WebSphere
4 17 (2.76%) WebLogic
5 16 (2.60%) Apache Solr
5 16 (2.60%) Apache Spark
6 15 (2.44%) JBoss
7 12 (1.95%) Tomcat
8 9 (1.46%) Drupal
9 8 (1.30%) Apache
9 8 (1.30%) nginx
9 8 (1.30%) SharePoint
9 8 (1.30%) WordPress
10 6 (0.98%) CloudStack
11 5 (0.81%) CMS
12 4 (0.65%) Skype for Business
13 3 (0.49%) Cloud Foundry
13 3 (0.49%) Traefik
14 2 (0.33%) Elasticsearch
Applications
1 1 (0.16%) Adobe Illustrator
1 1 (0.16%) Microsoft Excel
1 1 (0.16%) Microsoft Office
1 1 (0.16%) Microsoft PowerPoint
1 1 (0.16%) Photoshop
Cloud Services
1 153 (24.88%) Microsoft Azure
2 137 (22.28%) Amazon AWS
3 27 (4.39%) Google Cloud Platform
4 24 (3.90%) SaaS
5 21 (3.41%) OpenShift
6 17 (2.76%) PaaS
6 17 (2.76%) Serverless
7 13 (2.11%) IaaS
8 12 (1.95%) npm
9 8 (1.30%) Sauce Labs
10 6 (0.98%) Amazon ElastiCache
10 6 (0.98%) Cloud Computing
11 4 (0.65%) BlazeMeter
11 4 (0.65%) Office 365
12 3 (0.49%) NuGet
13 2 (0.33%) Google Drive
14 1 (0.16%) AWS Lambda
14 1 (0.16%) Azure Machine Learning
14 1 (0.16%) IBM Cloud
14 1 (0.16%) Slack
Communications & Networking
1 74 (12.03%) Firewall
2 46 (7.48%) Network Security
3 41 (6.67%) HTTP
4 18 (2.93%) SSL
5 16 (2.60%) Internet
6 14 (2.28%) TCP/IP
7 12 (1.95%) DNS
8 11 (1.79%) WAN
9 9 (1.46%) LAN
10 8 (1.30%) AMQP
11 7 (1.14%) Wi-Fi
12 6 (0.98%) Intrusion Detection
12 6 (0.98%) Reverse Proxy
12 6 (0.98%) SAN
12 6 (0.98%) VLAN
13 5 (0.81%) BGP
13 5 (0.81%) BIG-IP
13 5 (0.81%) Cisco IOS
13 5 (0.81%) OSPF
13 5 (0.81%) Wireless
Database & Business Intelligence
1 66 (10.73%) NoSQL
2 49 (7.97%) SQL Server
3 45 (7.32%) MySQL
4 38 (6.18%) MongoDB
5 22 (3.58%) PostgreSQL
6 16 (2.60%) SQL Server Integration Services
7 15 (2.44%) Data Warehouse
8 8 (1.30%) MariaDB
9 6 (0.98%) Big Data
9 6 (0.98%) Blockchain
9 6 (0.98%) Redis
9 6 (0.98%) Relational Database
10 5 (0.81%) SQL Server Reporting Services
11 4 (0.65%) Cosmos DB
12 3 (0.49%) OLTP
12 3 (0.49%) SQL Server Analysis Services
12 3 (0.49%) SQLPlus
13 2 (0.33%) Azure SQL Database
13 2 (0.33%) BusinessObjects
13 2 (0.33%) SQL Server 2008
Development Applications
1 61 (9.92%) Git (software)
2 38 (6.18%) JIRA
3 28 (4.55%) Jenkins
3 28 (4.55%) Selenium
4 21 (3.41%) NUnit
4 21 (3.41%) Vagrant
5 19 (3.09%) Burp Suite
5 19 (3.09%) Jasmine
6 18 (2.93%) Visual Studio
7 16 (2.60%) Log4Net
7 16 (2.60%) Maven
8 15 (2.44%) Bitbucket
8 15 (2.44%) JMeter
9 14 (2.28%) Cucumber
9 14 (2.28%) gulp
10 13 (2.11%) TeamCity
11 12 (1.95%) Subversion
12 11 (1.79%) Octopus Deploy
12 11 (1.79%) Team Foundation Server
13 9 (1.46%) ReSharper
General
1 107 (17.40%) Finance
2 37 (6.02%) Retail
3 24 (3.90%) Banking
4 19 (3.09%) Games
5 16 (2.60%) Legal
5 16 (2.60%) Telecoms
6 12 (1.95%) Marketing
7 6 (0.98%) Investment Banking
7 6 (0.98%) Retail Finance
8 3 (0.49%) Local Government
8 3 (0.49%) Publishing
9 2 (0.33%) Financial Institution
10 1 (0.16%) Advertising
10 1 (0.16%) Automotive
10 1 (0.16%) Hungarian Language
10 1 (0.16%) Law
10 1 (0.16%) Manufacturing
10 1 (0.16%) Pharmaceutical
Job Titles
1 127 (20.65%) Developer
2 124 (20.16%) Analyst
3 77 (12.52%) Security Manager
4 61 (9.92%) Security Engineer
5 57 (9.27%) Security Analyst
6 53 (8.62%) Architect
7 49 (7.97%) Information Manager
7 49 (7.97%) Information Security Manager
8 36 (5.85%) Security Architect
9 34 (5.53%) Senior Developer
9 34 (5.53%) Tester
10 30 (4.88%) .NET Developer
11 28 (4.55%) Software Developer
12 27 (4.39%) Senior Analyst
13 25 (4.07%) Java Developer
14 23 (3.74%) SOC Analyst
15 22 (3.58%) Penetration Tester
16 20 (3.25%) Applications Engineer
16 20 (3.25%) Vulnerability Analyst
17 19 (3.09%) Security Consultant
Libraries, Frameworks & Software Standards
1 112 (18.21%) .NET
2 107 (17.40%) Web Services
3 99 (16.10%) HTML
4 85 (13.82%) CSS
5 69 (11.22%) JSON
6 61 (9.92%) REST
7 59 (9.59%) RESTful
8 57 (9.27%) HTML5
9 54 (8.78%) ASP.NET
10 52 (8.46%) AngularJS
11 44 (7.15%) .NET Framework
12 41 (6.67%) Spring
13 39 (6.34%) ASP.NET MVC
14 35 (5.69%) jQuery
15 31 (5.04%) OAuth
16 30 (4.88%) ASP.NET Web API
17 26 (4.23%) XML
18 25 (4.07%) .NET Core
18 25 (4.07%) Node.js
19 23 (3.74%) CSS3
Miscellaneous
1 58 (9.43%) Mobile App
2 53 (8.62%) Analytical Skills
3 50 (8.13%) Management Information System
4 28 (4.55%) Computer Science
5 22 (3.58%) Fintech
5 22 (3.58%) Security Operations Centre
6 20 (3.25%) User Experience
7 19 (3.09%) CESG
7 19 (3.09%) Public Cloud
8 14 (2.28%) Enterprise Software
9 13 (2.11%) Cyber Defence
10 11 (1.79%) Driving Licence
10 11 (1.79%) PKI
11 10 (1.63%) BYOD
12 9 (1.46%) Data Centre
12 9 (1.46%) Linux Command Line
13 7 (1.14%) Cyberattack
13 7 (1.14%) NHS
14 6 (0.98%) Client/Server
14 6 (0.98%) N-Tier
Operating Systems
1 153 (24.88%) Windows
2 130 (21.14%) Linux
3 26 (4.23%) Unix
4 17 (2.76%) Android
4 17 (2.76%) Apple iOS
5 10 (1.63%) Windows Server
6 9 (1.46%) Red Hat Enterprise Linux
7 7 (1.14%) AIX
8 6 (0.98%) Kali Linux
9 5 (0.81%) Windows Server 2012
10 4 (0.65%) CentOS
10 4 (0.65%) Debian
10 4 (0.65%) HPUX
10 4 (0.65%) Solaris
11 2 (0.33%) Mac OS
12 1 (0.16%) VMS
Processes & Methodologies
1 249 (40.49%) Information Security
2 195 (31.71%) Agile Software Development
3 174 (28.29%) Penetration Testing
4 134 (21.79%) Cybersecurity
5 103 (16.75%) MVC
6 99 (16.10%) SIEM
7 90 (14.63%) Scrum
8 82 (13.33%) Incident Management
9 81 (13.17%) Risk Management
10 76 (12.36%) Continuous Integration
10 76 (12.36%) DevOps
11 71 (11.54%) TDD
12 70 (11.38%) SDLC
12 70 (11.38%) Security Operations
13 68 (11.06%) Microservices
13 68 (11.06%) Problem-Solving
13 68 (11.06%) Vulnerability Assessment
14 64 (10.41%) Security Testing
15 63 (10.24%) Security Architecture
16 60 (9.76%) Software Engineering
Programming Languages
1 132 (21.46%) SQL
2 119 (19.35%) JavaScript
3 107 (17.40%) Java
4 82 (13.33%) C#
5 55 (8.94%) Python
6 40 (6.50%) Ruby
7 37 (6.02%) PHP
8 31 (5.04%) T-SQL
9 22 (3.58%) TypeScript
10 20 (3.25%) Perl
11 17 (2.76%) Bash Shell
11 17 (2.76%) C
12 15 (2.44%) PowerShell
12 15 (2.44%) VB.NET
13 12 (1.95%) C++
13 12 (1.95%) Shell Script
14 11 (1.79%) Java 8
15 10 (1.63%) Go
16 4 (0.65%) ES6
16 4 (0.65%) Scala
Qualifications
1 225 (36.59%) CISSP
2 139 (22.60%) CISM
3 131 (21.30%) SANS
4 104 (16.91%) Degree
5 73 (11.87%) CEH
6 62 (10.08%) Cisco Certification
7 49 (7.97%) CISA
8 48 (7.80%) (ISC)2 CCSP
9 33 (5.37%) OSCP
10 31 (5.04%) Security Cleared
11 27 (4.39%) CSSLP
12 25 (4.07%) CREST Certified
13 17 (2.76%) Computer Science Degree
14 16 (2.60%) GIAC
15 14 (2.28%) CCNA
15 14 (2.28%) CESG Certified Professional
16 13 (2.11%) GWAPT
16 13 (2.11%) OSCE
17 11 (1.79%) CRISC
18 9 (1.46%) SC Cleared
Quality Assurance & Compliance
1 201 (32.68%) ISO/IEC 27001
2 74 (12.03%) PCI DSS
3 44 (7.15%) QA
4 42 (6.83%) GDPR
5 33 (5.37%) HIPAA
6 22 (3.58%) Sarbanes-Oxley
7 15 (2.44%) GCP
8 13 (2.11%) ISO 9001
9 10 (1.63%) Cyber Essentials
10 7 (1.14%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
11 6 (0.98%) HMG Security Policy Framework
11 6 (0.98%) PMO
12 5 (0.81%) COBIT
12 5 (0.81%) ISO 14001
12 5 (0.81%) Web Application Security Consortium
13 4 (0.65%) PSD2
14 3 (0.49%) WCAG
15 2 (0.33%) COSO
16 1 (0.16%) ISO 8583
16 1 (0.16%) SLA
System Software
1 51 (8.29%) Active Directory
2 44 (7.15%) Docker
3 31 (5.04%) VMware Infrastructure
4 8 (1.30%) vSphere
5 6 (0.98%) Xen
5 6 (0.98%) XenServer
6 5 (0.81%) Apache ZooKeeper
6 5 (0.81%) Virtual Machines
7 3 (0.49%) Oracle RAC
7 3 (0.49%) ProxySG
Systems Management
1 32 (5.20%) Kubernetes
2 23 (3.74%) Opscode Chef
3 22 (3.58%) Nessus
4 15 (2.44%) Puppet
5 11 (1.79%) Single Sign-On
6 9 (1.46%) Packer
7 7 (1.14%) Ansible
8 6 (0.98%) Cobbler
8 6 (0.98%) Nmap
9 4 (0.65%) OpenVAS
10 3 (0.49%) CASB
10 3 (0.49%) HP Fortify
10 3 (0.49%) Oracle Enterprise Manager
10 3 (0.49%) WebInspect
11 2 (0.33%) CSIRT
12 1 (0.16%) FortiGate
12 1 (0.16%) Nexpose
12 1 (0.16%) Systems Management Server (SMS)
12 1 (0.16%) Tivoli
Vendors
1 101 (16.42%) Microsoft
2 36 (5.85%) VMware
3 25 (4.07%) New Relic
3 25 (4.07%) Qualys
4 22 (3.58%) Rapid7
5 20 (3.25%) Cisco
6 19 (3.09%) Google
7 18 (2.93%) Oracle
8 16 (2.60%) Red Hat
9 13 (2.11%) Veracode
10 10 (1.63%) Splunk
11 9 (1.46%) Aquila
11 9 (1.46%) Capita
12 7 (1.14%) Meraki
13 6 (0.98%) Atlassian
13 6 (0.98%) CheckPoint
13 6 (0.98%) IBM
13 6 (0.98%) Juniper
14 5 (0.81%) F5
14 5 (0.81%) HP