Period
to 18 July 2018

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 18 July 2018 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
18 Jul 2018
Same period 2017 Same period 2016
Rank 653 829 781
Rank change year-on-year +176 -48 +229
Permanent jobs citing OWASP 621 391 553
As % of all permanent IT jobs advertised in the UK 0.36% 0.22% 0.27%
As % of the Processes & Methodologies category 0.39% 0.24% 0.30%
Number of salaries quoted 473 313 517
UK median annual salary £57,000 £55,000 £52,500
Median salary % change year-on-year +3.64% +4.76% -4.55%
10th Percentile £40,000 £35,000 £36,250
90th Percentile £80,000 £88,750 £80,000
UK excluding London median annual salary £55,000 £50,000 £50,000
% change year-on-year +10.00% - -4.76%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 158,353 161,102 183,079
As % of all permanent IT jobs advertised in the UK 90.68% 90.72% 90.01%
Number of salaries quoted 126,551 129,797 152,245
UK median annual salary £50,000 £49,039 £47,500
Median salary % change year-on-year +1.96% +3.24% -
10th Percentile £29,000 £28,000 £27,500
90th Percentile £82,500 £80,000 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +1.19%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 18 July 2018.

Salary histogram for OWASP in the UK

OWASP
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 18 July 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +156 585 £57,000 +3.64% 74
UK excluding London +135 370 £55,000 +10.00% 44
London +51 232 £70,000 - 31
South East +60 162 £52,500 +5.00% 16
North of England +70 101 £60,000 +29.73% 9
North West +78 84 £60,000 +33.33% 5
Midlands +16 40 £60,000 +33.33% 8
West Midlands +39 34 £60,000 +33.33% 6
East of England +26 29 £55,000 +15.79% 4
South West -6 17 £46,750 -22.08% 6
Yorkshire +10 16 £47,500 - 4
Scotland -15 10 £60,000 +20.00% 1
Wales - 8 £67,500 -
East Midlands -4 6 £62,500 +86.57% 2
Northern Ireland - 3 £62,500 -
North East - 1 £30,000 -

For the 6 months to 18 July 2018, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1 232 (37.36%) CISSP
2 231 (37.20%) Information Security
3 207 (33.33%) Agile Software Development
4 170 (27.38%) CISM
5 168 (27.05%) SANS
6 165 (26.57%) Penetration Testing
7 156 (25.12%) ISO/IEC 27001
8 147 (23.67%) Cybersecurity
9 135 (21.74%) Java
10 132 (21.26%) Finance
11 119 (19.16%) JavaScript
12 111 (17.87%) Scrum
13 109 (17.55%) Windows
14 106 (17.07%) SQL
15 104 (16.75%) HTML
15 104 (16.75%) SDLC
16 103 (16.59%) .NET
17 102 (16.43%) Linux
18 101 (16.26%) Amazon AWS
19 99 (15.94%) Microsoft Azure
20 96 (15.46%) Firewall
21 95 (15.30%) Degree
22 94 (15.14%) Security Architecture
23 93 (14.98%) Web Services
24 92 (14.81%) Continuous Integration
25 90 (14.49%) MVC
26 89 (14.33%) C#
27 88 (14.17%) CSS
27 88 (14.17%) Security Testing
28 86 (13.85%) PCI DSS

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 32 (5.15%) Confluence
2 25 (4.03%) Apache Solr
2 25 (4.03%) OpenStack
3 16 (2.58%) Tomcat
4 14 (2.25%) Apache
5 11 (1.77%) Apache Spark
5 11 (1.77%) WebSphere
6 10 (1.61%) nginx
7 9 (1.45%) JBoss
8 8 (1.29%) IIS
9 6 (0.97%) CMS
9 6 (0.97%) Elasticsearch
9 6 (0.97%) WebLogic
10 5 (0.81%) CloudStack
11 4 (0.64%) Oracle SOA Suite
11 4 (0.64%) SAS
12 3 (0.48%) Umbraco
13 2 (0.32%) Alfresco
13 2 (0.32%) Cloud Foundry
14 1 (0.16%) DNN
Applications
1 5 (0.81%) Microsoft PowerPoint
2 1 (0.16%) Microsoft Excel
Business Applications
1 4 (0.64%) Sentinel
Cloud Services
1 101 (16.26%) Amazon AWS
2 99 (15.94%) Microsoft Azure
3 36 (5.80%) Google Cloud Platform
4 21 (3.38%) SaaS
5 15 (2.42%) OpenShift
6 12 (1.93%) npm
6 12 (1.93%) Serverless
7 10 (1.61%) Cloud Computing
7 10 (1.61%) PaaS
8 9 (1.45%) Amazon ElastiCache
9 8 (1.29%) IaaS
9 8 (1.29%) Office 365
9 8 (1.29%) Sauce Labs
10 7 (1.13%) NuGet
11 5 (0.81%) GitHub
12 4 (0.64%) BlazeMeter
13 3 (0.48%) Amazon S3
13 3 (0.48%) Amazon SQS
14 2 (0.32%) BrowserStack
14 2 (0.32%) Firebase
Communications & Networking
1 96 (15.46%) Firewall
2 43 (6.92%) HTTP
2 43 (6.92%) Network Security
3 13 (2.09%) Internet
4 10 (1.61%) AMQP
4 10 (1.61%) DNS
4 10 (1.61%) SSL
4 10 (1.61%) TCP/IP
4 10 (1.61%) WAN
5 8 (1.29%) LAN
5 8 (1.29%) SAN
5 8 (1.29%) Wireless
6 6 (0.97%) Intrusion Detection
7 5 (0.81%) FTP
7 5 (0.81%) NAS
7 5 (0.81%) SSH
8 4 (0.64%) VPN
9 3 (0.48%) Broadband
9 3 (0.48%) IPsec
9 3 (0.48%) OpenVPN
Database & Business Intelligence
1 67 (10.79%) MySQL
2 57 (9.18%) NoSQL
3 45 (7.25%) SQL Server
4 37 (5.96%) MongoDB
5 26 (4.19%) PostgreSQL
6 15 (2.42%) Data Warehouse
7 14 (2.25%) SQL Server Integration Services
8 13 (2.09%) Big Data
9 11 (1.77%) MariaDB
10 9 (1.45%) Redis
10 9 (1.45%) Relational Database
11 7 (1.13%) DB2
12 6 (0.97%) BusinessObjects
12 6 (0.97%) SQL Server 2016
13 5 (0.81%) Hadoop
14 4 (0.64%) Cosmos DB
14 4 (0.64%) SSDT
15 3 (0.48%) Blockchain
15 3 (0.48%) SQL Server Analysis Services
15 3 (0.48%) SQLPlus
Development Applications
1 68 (10.95%) Git (software)
2 36 (5.80%) JIRA
3 33 (5.31%) Selenium
4 25 (4.03%) Jenkins
5 23 (3.70%) Maven
6 22 (3.54%) Burp Suite
7 21 (3.38%) JMeter
8 19 (3.06%) Visual Studio
8 19 (3.06%) WebDriver
9 18 (2.90%) TeamCity
10 17 (2.74%) NUnit
10 17 (2.74%) Team Foundation Server
11 16 (2.58%) Fiddler
12 15 (2.42%) Vagrant
13 13 (2.09%) Jasmine
13 13 (2.09%) SoapUI
13 13 (2.09%) Subversion
14 12 (1.93%) Cucumber
14 12 (1.93%) gulp
15 11 (1.77%) Log4Net
General
1 132 (21.26%) Finance
2 25 (4.03%) Games
3 22 (3.54%) Banking
4 20 (3.22%) Legal
4 20 (3.22%) Retail
5 13 (2.09%) Marketing
6 12 (1.93%) Telecoms
7 11 (1.77%) Investment Banking
8 8 (1.29%) Back Office
9 4 (0.64%) Financial Institution
10 3 (0.48%) Local Government
10 3 (0.48%) Publishing
11 1 (0.16%) Advertising
11 1 (0.16%) Automotive
11 1 (0.16%) French Language
11 1 (0.16%) Law
11 1 (0.16%) Manufacturing
11 1 (0.16%) Pharmaceutical
Job Titles
1 124 (19.97%) Developer
2 118 (19.00%) Analyst
3 74 (11.92%) Security Engineer
4 67 (10.79%) Architect
4 67 (10.79%) Security Analyst
5 51 (8.21%) Tester
6 50 (8.05%) Security Manager
7 44 (7.09%) Security Architect
8 40 (6.44%) Senior Developer
9 37 (5.96%) Java Developer
10 35 (5.64%) Penetration Tester
11 30 (4.83%) Senior Analyst
12 28 (4.51%) Information Analyst
12 28 (4.51%) Information Security Analyst
13 26 (4.19%) .NET Developer
13 26 (4.19%) Applications Engineer
14 25 (4.03%) Security Specialist
15 24 (3.86%) Consultant
16 23 (3.70%) Security Consultant
17 21 (3.38%) Software Engineer
Libraries, Frameworks & Software Standards
1 104 (16.75%) HTML
2 103 (16.59%) .NET
3 93 (14.98%) Web Services
4 88 (14.17%) CSS
5 65 (10.47%) REST
6 62 (9.98%) JSON
7 51 (8.21%) HTML5
8 49 (7.89%) ASP.NET
8 49 (7.89%) RESTful
8 49 (7.89%) Spring
9 46 (7.41%) .NET Framework
10 42 (6.76%) AngularJS
10 42 (6.76%) XML
11 31 (4.99%) ASP.NET MVC
11 31 (4.99%) jQuery
12 26 (4.19%) Spring Boot
13 25 (4.03%) ASP.NET Web API
13 25 (4.03%) CSS3
14 24 (3.86%) SOAP
15 22 (3.54%) Hibernate
Miscellaneous
1 55 (8.86%) Management Information System
2 53 (8.53%) Analytical Skills
3 46 (7.41%) Mobile App
4 34 (5.48%) Computer Science
5 24 (3.86%) Fintech
6 23 (3.70%) Cyber Defence
7 22 (3.54%) Public Cloud
8 17 (2.74%) Data Centre
9 16 (2.58%) BYOD
10 15 (2.42%) Enterprise Software
11 14 (2.25%) CESG
12 12 (1.93%) Linux Command Line
12 12 (1.93%) User Experience
13 9 (1.45%) PKI
13 9 (1.45%) Security Operations Centre
14 8 (1.29%) Mainframe
15 7 (1.13%) Cyberthreat
15 7 (1.13%) Social Media
16 6 (0.97%) Cyberattack
17 5 (0.81%) Algorithms
Operating Systems
1 109 (17.55%) Windows
2 102 (16.43%) Linux
3 25 (4.03%) Unix
4 22 (3.54%) Windows Server
5 21 (3.38%) Apple iOS
6 19 (3.06%) Android
7 12 (1.93%) Red Hat Enterprise Linux
8 10 (1.61%) Windows Server 2012
9 9 (1.45%) AIX
10 6 (0.97%) Windows 10
11 5 (0.81%) Debian
11 5 (0.81%) HPUX
11 5 (0.81%) Solaris
12 4 (0.64%) Mac OS X
12 4 (0.64%) Windows Mobile
13 3 (0.48%) CentOS
13 3 (0.48%) Kali Linux
13 3 (0.48%) Ubuntu
14 1 (0.16%) Windows Server 2008
14 1 (0.16%) zOS
Processes & Methodologies
1 231 (37.20%) Information Security
2 207 (33.33%) Agile Software Development
3 165 (26.57%) Penetration Testing
4 147 (23.67%) Cybersecurity
5 111 (17.87%) Scrum
6 104 (16.75%) SDLC
7 94 (15.14%) Security Architecture
8 92 (14.81%) Continuous Integration
9 90 (14.49%) MVC
10 88 (14.17%) Security Testing
11 79 (12.72%) Test Automation
12 75 (12.08%) Problem-Solving
13 72 (11.59%) DevOps
14 69 (11.11%) TDD
15 68 (10.95%) Microservices
16 67 (10.79%) Software Engineering
17 64 (10.31%) SIEM
18 59 (9.50%) SOA
19 57 (9.18%) Security Operations
20 53 (8.53%) OO
Programming Languages
1 135 (21.74%) Java
2 119 (19.16%) JavaScript
3 106 (17.07%) SQL
4 89 (14.33%) C#
5 70 (11.27%) Python
6 45 (7.25%) Ruby
7 34 (5.48%) PHP
8 30 (4.83%) C
9 25 (4.03%) T-SQL
10 24 (3.86%) C++
11 22 (3.54%) PowerShell
12 19 (3.06%) Shell Script
12 19 (3.06%) TypeScript
13 17 (2.74%) Bash Shell
13 17 (2.74%) Perl
14 16 (2.58%) Java 8
15 10 (1.61%) Go
16 5 (0.81%) Objective-C
17 4 (0.64%) ES6
17 4 (0.64%) VB.NET
Qualifications
1 232 (37.36%) CISSP
2 170 (27.38%) CISM
3 168 (27.05%) SANS
4 95 (15.30%) Degree
5 86 (13.85%) CEH
6 48 (7.73%) CISA
7 47 (7.57%) CSSLP
8 43 (6.92%) Cisco Certification
9 33 (5.31%) OSCP
10 27 (4.35%) CREST Certified
11 23 (3.70%) CCNA
12 22 (3.54%) Security Cleared
13 19 (3.06%) GIAC
14 18 (2.90%) (ISC)2 CCSP
15 17 (2.74%) Computer Science Degree
16 14 (2.25%) CRISC
17 13 (2.09%) Master's Degree
18 12 (1.93%) OSCE
19 10 (1.61%) CCSP
19 10 (1.61%) CESG Certified Professional
Quality Assurance & Compliance
1 156 (25.12%) ISO/IEC 27001
2 86 (13.85%) PCI DSS
3 61 (9.82%) QA
4 47 (7.57%) HIPAA
5 39 (6.28%) GDPR
6 28 (4.51%) GCP
7 18 (2.90%) Sarbanes-Oxley
8 9 (1.45%) Web Application Security Consortium
9 7 (1.13%) PSD2
10 6 (0.97%) Cyber Essentials
11 5 (0.81%) HMG Security Policy Framework
11 5 (0.81%) ISO 9001
11 5 (0.81%) WCAG
12 3 (0.48%) COBIT
12 3 (0.48%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
13 1 (0.16%) ISO 14001
13 1 (0.16%) ISO 22301
13 1 (0.16%) ISO 8583
13 1 (0.16%) NIST 800
13 1 (0.16%) SLA
System Software
1 24 (3.86%) Docker
2 18 (2.90%) Active Directory
2 18 (2.90%) VMware Infrastructure
3 9 (1.45%) Apache ZooKeeper
4 8 (1.29%) vSphere
5 5 (0.81%) Xen
5 5 (0.81%) XenServer
6 3 (0.48%) Oracle RAC
7 2 (0.32%) Virtual Machines
8 1 (0.16%) VirtualBox
Systems Management
1 23 (3.70%) Kubernetes
2 21 (3.38%) Nessus
3 18 (2.90%) Single Sign-On
4 14 (2.25%) WebInspect
5 12 (1.93%) Puppet
6 10 (1.61%) Opscode Chef
7 8 (1.29%) Nmap
8 7 (1.13%) Ansible
8 7 (1.13%) HP Fortify
9 6 (0.97%) CASB
9 6 (0.97%) Cobbler
10 3 (0.48%) Kibana
10 3 (0.48%) logstash
10 3 (0.48%) Oracle Enterprise Manager
11 2 (0.32%) CSIRT
12 1 (0.16%) FortiGate
12 1 (0.16%) Nexpose
12 1 (0.16%) OpenVAS
12 1 (0.16%) vCenter Server
12 1 (0.16%) vMotion
Vendors
1 73 (11.76%) Microsoft
2 32 (5.15%) Veracode
3 23 (3.70%) Oracle
3 23 (3.70%) Qualys
4 21 (3.38%) Rapid7
5 20 (3.22%) VMware
6 19 (3.06%) New Relic
7 11 (1.77%) Capita
8 9 (1.45%) Google
9 8 (1.29%) Cisco
9 8 (1.29%) Red Hat
9 8 (1.29%) Splunk
10 7 (1.13%) HP
10 7 (1.13%) RedGate
10 7 (1.13%) Sun
11 6 (0.97%) IBM
12 5 (0.81%) WorldPay
13 4 (0.64%) Acunetix
13 4 (0.64%) CA
13 4 (0.64%) TIBCO