Period
to 19 February 2019

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 19 February 2019 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
19 Feb 2019
Same period 2018 Same period 2017
Rank 517 686 747
Rank change year-on-year +169 +61 +201
Permanent jobs citing OWASP 791 568 468
As % of all permanent IT jobs advertised in the UK 0.52% 0.32% 0.27%
As % of the Processes & Methodologies category 0.57% 0.35% 0.30%
Number of salaries quoted 579 459 423
UK median annual salary £60,000 £55,000 £57,500
Median salary % change year-on-year +9.09% -4.35% +15.00%
10th Percentile £38,750 £36,250 £36,250
90th Percentile £82,500 £90,000 £77,500
UK excluding London median annual salary £60,000 £52,500 £55,000
% change year-on-year +14.29% -4.55% +29.41%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 139,013 161,247 158,373
As % of all permanent IT jobs advertised in the UK 91.74% 91.84% 91.31%
Number of salaries quoted 109,707 130,895 130,572
UK median annual salary £52,500 £50,000 £47,500
Median salary % change year-on-year +5.00% +5.26% -
10th Percentile £30,000 £28,750 £27,750
90th Percentile £85,000 £80,000 £78,750
UK excluding London median annual salary £45,000 £45,000 £42,500
% change year-on-year - +5.88% -

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 19 February 2019.

Salary histogram for OWASP in the UK

OWASP
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 19 February 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +182 767 £60,000 +6.19% 86
UK excluding London +210 570 £60,000 +14.29% 73
North of England +156 223 £60,000 +9.09% 27
London +17 205 £65,000 -7.14% 27
South East +84 191 £55,000 +4.76% 18
North West +116 150 £60,000 +4.35% 16
East of England +125 90 £50,000 -33.33% 3
Yorkshire +69 57 £52,133 +22.67% 7
Midlands +47 44 £60,000 +9.09% 6
West Midlands +39 34 £60,000 - 5
South West +20 20 £52,500 +10.53% 5
East Midlands +28 16 £60,000 +34.08% 1
North East - 16 £53,750 - 4
Wales +5 5 £37,500 -31.82% 4
Northern Ireland -18 4 £70,000 +55.56% 1
Scotland +2 3 £52,500 -6.67% 9

For the 6 months to 19 February 2019, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1 339 (42.86%) Information Security
2 295 (37.29%) Microsoft Azure
3 261 (33.00%) CISSP
4 259 (32.74%) Penetration Testing
5 253 (31.98%) ISO/IEC 27001
6 252 (31.86%) Agile Software Development
7 250 (31.61%) Amazon AWS
7 250 (31.61%) Cybersecurity
8 200 (25.28%) Windows
9 198 (25.03%) Linux
10 178 (22.50%) Degree
11 175 (22.12%) SIEM
12 161 (20.35%) Finance
13 154 (19.47%) Microsoft
14 143 (18.08%) Risk Management
15 141 (17.83%) Cisco Certification
16 138 (17.45%) SQL
16 138 (17.45%) Vulnerability Assessment
17 135 (17.07%) SANS
18 132 (16.69%) (ISC)2 CCSP
18 132 (16.69%) .NET
19 129 (16.31%) Security Operations
20 126 (15.93%) JavaScript
20 126 (15.93%) CSS
21 125 (15.80%) Test Automation
22 124 (15.68%) Java
23 118 (14.92%) Incident Management
24 113 (14.29%) CEH
24 113 (14.29%) PCI DSS
25 108 (13.65%) CISM

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 63 (7.96%) Confluence
2 41 (5.18%) WordPress
3 38 (4.80%) IIS
4 28 (3.54%) ExpressionEngine
5 19 (2.40%) OpenStack
6 15 (1.90%) Apache
6 15 (1.90%) SharePoint
7 14 (1.77%) WebLogic
8 13 (1.64%) Drupal
8 13 (1.64%) Tomcat
9 7 (0.88%) CMS
10 6 (0.76%) Elasticsearch
10 6 (0.76%) Traefik
11 5 (0.63%) Apache Spark
11 5 (0.63%) Umbraco
11 5 (0.63%) WebSphere
12 4 (0.51%) JBoss
12 4 (0.51%) Skype for Business
13 3 (0.38%) nginx
14 2 (0.25%) Apache Solr
Applications
1 5 (0.63%) Microsoft Office
2 3 (0.38%) Microsoft Excel
2 3 (0.38%) Microsoft PowerPoint
3 2 (0.25%) Adobe Illustrator
3 2 (0.25%) Photoshop
Business Applications
1 3 (0.38%) RiskWrite
2 1 (0.13%) Distributed Ledger
2 1 (0.13%) MultiChain
Cloud Services
1 295 (37.29%) Microsoft Azure
2 250 (31.61%) Amazon AWS
3 50 (6.32%) SaaS
4 45 (5.69%) IaaS
5 30 (3.79%) Google Cloud Platform
6 21 (2.65%) Slack
7 18 (2.28%) Office 365
7 18 (2.28%) OpenShift
8 15 (1.90%) PaaS
9 10 (1.26%) Serverless
10 8 (1.01%) AWS CloudFormation
11 7 (0.88%) Amazon EC2
11 7 (0.88%) Virtual Private Cloud
12 6 (0.76%) Amazon ELB
12 6 (0.76%) AWS CloudTrail
12 6 (0.76%) npm
13 5 (0.63%) GitHub
14 4 (0.51%) AWS Lambda
14 4 (0.51%) Azure Machine Learning
15 2 (0.25%) Azure Active Directory
Communications & Networking
1 89 (11.25%) Firewall
2 54 (6.83%) Internet
3 49 (6.19%) Network Security
4 42 (5.31%) HTTP
5 27 (3.41%) TCP/IP
6 26 (3.29%) SSL
7 16 (2.02%) DNS
8 15 (1.90%) VLAN
9 14 (1.77%) BGP
9 14 (1.77%) BIG-IP
9 14 (1.77%) Cisco IOS
9 14 (1.77%) DMVPN
9 14 (1.77%) NX-OS
9 14 (1.77%) OSPF
9 14 (1.77%) WAN
9 14 (1.77%) Wi-Fi
10 12 (1.52%) Reverse Proxy
11 11 (1.39%) SMTP
12 10 (1.26%) LAN
13 9 (1.14%) Intrusion Detection
Database & Business Intelligence
1 76 (9.61%) NoSQL
2 66 (8.34%) MongoDB
3 37 (4.68%) SQL Server
4 20 (2.53%) SQL Server Integration Services
5 14 (1.77%) Big Data
5 14 (1.77%) Relational Database
6 13 (1.64%) MySQL
7 8 (1.01%) PostgreSQL
8 6 (0.76%) Data Warehouse
8 6 (0.76%) MariaDB
9 3 (0.38%) Blockchain
10 2 (0.25%) Data Lake
10 2 (0.25%) Neo4j
10 2 (0.25%) Redis
10 2 (0.25%) SQL Server 2008
11 1 (0.13%) Apache Hive
11 1 (0.13%) Azure SQL Database
11 1 (0.13%) Hadoop
11 1 (0.13%) RDBMS
11 1 (0.13%) SQL Server Reporting Services
Development Applications
1 93 (11.76%) JIRA
2 90 (11.38%) Git (software)
3 55 (6.95%) Jenkins
4 45 (5.69%) JMeter
5 36 (4.55%) Burp Suite
6 29 (3.67%) Selenium
7 21 (2.65%) gulp
7 21 (2.65%) HP UFT
7 21 (2.65%) LoadRunner
8 20 (2.53%) Metasploit
9 19 (2.40%) Grunt
9 19 (2.40%) Jasmine
10 17 (2.15%) Vagrant
11 16 (2.02%) git-flow
11 16 (2.02%) Subversion
12 14 (1.77%) Mocha
13 13 (1.64%) Karma Test Runner
14 11 (1.39%) NUnit
14 11 (1.39%) PostCSS
14 11 (1.39%) Visual Studio
General
1 161 (20.35%) Finance
2 76 (9.61%) Retail
3 43 (5.44%) Banking
4 26 (3.29%) Publishing
5 25 (3.16%) Retail Finance
5 25 (3.16%) Telecoms
6 21 (2.65%) Law
6 21 (2.65%) Legal
7 13 (1.64%) Games
8 8 (1.01%) Financial Institution
9 6 (0.76%) Electronics
10 3 (0.38%) Marketing
11 2 (0.25%) Manufacturing
12 1 (0.13%) Advertising
12 1 (0.13%) Automotive
12 1 (0.13%) Investment Banking
12 1 (0.13%) Retail Banking
Job Titles
1 150 (18.96%) Developer
2 142 (17.95%) Security Manager
3 121 (15.30%) Analyst
4 102 (12.90%) Information Manager
4 102 (12.90%) Information Security Manager
5 72 (9.10%) Architect
5 72 (9.10%) Security Engineer
6 58 (7.33%) Security Architect
7 57 (7.21%) Security Analyst
8 56 (7.08%) Tester
9 47 (5.94%) .NET Developer
9 47 (5.94%) Senior Analyst
10 45 (5.69%) Penetration Tester
11 36 (4.55%) Software Engineer
12 34 (4.30%) C# Developer
13 31 (3.92%) Consultant
14 30 (3.79%) Information Analyst
14 30 (3.79%) Information Security Analyst
14 30 (3.79%) Software Developer
15 29 (3.67%) C# .NET Developer
Libraries, Frameworks & Software Standards
1 132 (16.69%) .NET
2 126 (15.93%) CSS
3 106 (13.40%) Web Services
4 103 (13.02%) HTML
5 67 (8.47%) RESTful
6 54 (6.83%) Node.js
7 52 (6.57%) JSON
8 49 (6.19%) AngularJS
9 45 (5.69%) REST
10 43 (5.44%) Spring
11 38 (4.80%) HTML5
12 37 (4.68%) ASP.NET Web API
13 35 (4.42%) OAuth
14 34 (4.30%) ASP.NET
15 33 (4.17%) jQuery
15 33 (4.17%) Sass
16 32 (4.05%) Ajax
17 31 (3.92%) .NET Core
18 28 (3.54%) ASP.NET MVC
18 28 (3.54%) OpenID
Miscellaneous
1 79 (9.99%) Security Operations Centre
2 71 (8.98%) Analytical Skills
3 60 (7.59%) Management Information System
4 53 (6.70%) Fintech
5 29 (3.67%) Enterprise Software
5 29 (3.67%) User Experience
6 27 (3.41%) Mobile App
7 25 (3.16%) Cloud Native
8 23 (2.91%) Driving Licence
9 20 (2.53%) Data Centre
10 18 (2.28%) Self-Motivation
11 16 (2.02%) Cyberattack
11 16 (2.02%) Hybrid Cloud
12 14 (1.77%) PKI
13 12 (1.52%) CESG
14 11 (1.39%) Embedded Systems
14 11 (1.39%) Private Cloud
15 10 (1.26%) Cyber Kill Chain
16 9 (1.14%) Social Media
17 8 (1.01%) Mainframe
Operating Systems
1 200 (25.28%) Windows
2 198 (25.03%) Linux
3 42 (5.31%) Unix
4 25 (3.16%) Apple iOS
5 22 (2.78%) Android
6 11 (1.39%) Kali Linux
7 9 (1.14%) AIX
8 4 (0.51%) Mac OS
8 4 (0.51%) Windows Server
9 3 (0.38%) CentOS
9 3 (0.38%) Red Hat Enterprise Linux
9 3 (0.38%) Ubuntu
10 2 (0.25%) Windows 10
10 2 (0.25%) Windows 7
10 2 (0.25%) Windows Server 2012
11 1 (0.13%) Windows Server 2008
Processes & Methodologies
1 339 (42.86%) Information Security
2 259 (32.74%) Penetration Testing
3 252 (31.86%) Agile Software Development
4 250 (31.61%) Cybersecurity
5 175 (22.12%) SIEM
6 143 (18.08%) Risk Management
7 138 (17.45%) Vulnerability Assessment
8 129 (16.31%) Security Operations
9 125 (15.80%) Test Automation
10 118 (14.92%) Incident Management
11 99 (12.52%) Problem-Solving
12 96 (12.14%) Security Management
13 84 (10.62%) Microservices
13 84 (10.62%) Scrum
14 83 (10.49%) Data Loss Prevention
15 82 (10.37%) Continuous Integration
16 79 (9.99%) DevOps
17 78 (9.86%) Mentoring
18 77 (9.73%) Software Engineering
19 76 (9.61%) MVC
Programming Languages
1 138 (17.45%) SQL
2 126 (15.93%) JavaScript
3 124 (15.68%) Java
4 102 (12.90%) C#
5 52 (6.57%) Python
6 41 (5.18%) PHP
7 34 (4.30%) Bash Shell
8 28 (3.54%) Perl
9 27 (3.41%) Ruby
10 25 (3.16%) PowerShell
11 21 (2.65%) VB.NET
12 15 (1.90%) C++
13 14 (1.77%) C
13 14 (1.77%) T-SQL
14 13 (1.64%) Java 8
15 9 (1.14%) Scala
16 8 (1.01%) TypeScript
17 6 (0.76%) PL/SQL
18 5 (0.63%) Apple Swift
19 4 (0.51%) Shell Script
Qualifications
1 261 (33.00%) CISSP
2 178 (22.50%) Degree
3 141 (17.83%) Cisco Certification
4 135 (17.07%) SANS
5 132 (16.69%) (ISC)2 CCSP
6 113 (14.29%) CEH
7 108 (13.65%) CISM
8 87 (11.00%) OSCP
9 65 (8.22%) CREST Certified
10 41 (5.18%) CISA
11 39 (4.93%) Computer Science Degree
12 32 (4.05%) CCSP
13 29 (3.67%) GWAPT
14 28 (3.54%) Security Cleared
14 28 (3.54%) SSCP
15 22 (2.78%) GPEN
16 20 (2.53%) GIAC
17 18 (2.28%) Tigerscheme
18 17 (2.15%) CRISC
19 15 (1.90%) GXPN
Quality Assurance & Compliance
1 253 (31.98%) ISO/IEC 27001
2 113 (14.29%) PCI DSS
3 92 (11.63%) GDPR
4 49 (6.19%) QA
5 28 (3.54%) ISO 9001
6 27 (3.41%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
7 22 (2.78%) Cyber Essentials
8 21 (2.65%) WCAG
9 17 (2.15%) Sarbanes-Oxley
10 13 (1.64%) ISO 14001
11 11 (1.39%) PSD2
11 11 (1.39%) WAI
12 9 (1.14%) Web Application Security Consortium
13 7 (0.88%) HIPAA
14 5 (0.63%) COBIT
15 4 (0.51%) PMO
16 1 (0.13%) COSO
16 1 (0.13%) HMG Security Policy Framework
16 1 (0.13%) SLA
System Software
1 98 (12.39%) Active Directory
2 36 (4.55%) Docker
3 22 (2.78%) VMware Infrastructure
4 11 (1.39%) Snort
5 4 (0.51%) ProxySG
6 2 (0.25%) LXC
6 2 (0.25%) VMware NSX
7 1 (0.13%) Virtual Machines
7 1 (0.13%) vSphere
7 1 (0.13%) Xen
7 1 (0.13%) XenServer
Systems Management
1 75 (9.48%) Nessus
2 20 (2.53%) Kubernetes
2 20 (2.53%) Nmap
3 10 (1.26%) CSIRT
4 9 (1.14%) Nexpose
5 8 (1.01%) OpenVAS
5 8 (1.01%) Opscode Chef
5 8 (1.01%) Single Sign-On
6 7 (0.88%) Defensics
7 4 (0.51%) Puppet
8 3 (0.38%) Grafana
8 3 (0.38%) HP Fortify
8 3 (0.38%) Packer
8 3 (0.38%) Prometheus
8 3 (0.38%) Terraform
8 3 (0.38%) WebInspect
9 1 (0.13%) Ansible
9 1 (0.13%) Hadoop YARN
9 1 (0.13%) Kibana
9 1 (0.13%) logstash
Vendors
1 154 (19.47%) Microsoft
2 34 (4.30%) Google
3 30 (3.79%) Qualys
4 26 (3.29%) Cisco
4 26 (3.29%) VMware
5 24 (3.03%) Splunk
6 21 (2.65%) Rapid7
7 15 (1.90%) F5
7 15 (1.90%) New Relic
7 15 (1.90%) WorldPay
8 14 (1.77%) CheckPoint
8 14 (1.77%) Meraki
9 10 (1.26%) Symantec
10 9 (1.14%) Palo Alto
11 8 (1.01%) Oracle
12 7 (0.88%) Codenomicon
13 6 (0.76%) Juniper
14 5 (0.63%) Blue Coat
14 5 (0.63%) CyberArk
14 5 (0.63%) IBM