Period
to 14 November 2018

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 14 November 2018 with a comparison to the same period in the previous 2 years.

Open Web Application Security Project (OWASP)
UK
6 months to
14 Nov 2018
Same period 2017 Same period 2016
Rank 566 761 733
Rank change year-on-year +195 -28 +236
Permanent jobs citing OWASP 712 464 530
As % of all permanent IT jobs advertised in the UK 0.44% 0.26% 0.28%
As % of the Processes & Methodologies category 0.48% 0.28% 0.31%
Number of salaries quoted 554 374 488
UK median annual salary £60,000 £60,000 £55,000
Median salary % change year-on-year - +9.09% +4.76%
10th Percentile £40,000 £38,750 £36,250
90th Percentile £80,000 £100,000 £77,875
UK excluding London median annual salary £57,500 £52,500 £50,000
% change year-on-year +9.52% +5.00% +5.26%

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 149,014 165,379 172,621
As % of all permanent IT jobs advertised in the UK 91.10% 91.49% 90.94%
Number of salaries quoted 118,546 130,794 143,596
UK median annual salary £50,000 £50,000 £48,000
Median salary % change year-on-year - +4.17% +1.05%
10th Percentile £29,000 £28,250 £27,500
90th Percentile £84,000 £80,000 £78,750
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - -

OWASP
Job Vacancy Trend

Job postings citing OWASP as a percentage of all IT jobs advertised.

Job vacancy trend for OWASP in the UK

OWASP
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing OWASP.

Salary trend for OWASP in the UK

OWASP
Salary Histogram

The salary distribution of IT jobs citing OWASP over the 6 months to 14 November 2018.

Salary histogram for OWASP in the UK

OWASP
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 14 November 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +196 696 £60,000 - 78
UK excluding London +229 499 £57,500 +9.52% 58
London +28 202 £65,000 -10.34% 32
South East +80 192 £55,000 +10.00% 21
North of England +136 180 £60,000 +26.32% 18
North West +121 137 £60,000 -4.00% 9
East of England +98 73 £55,000 -38.89% 2
Yorkshire +22 35 £52,500 +16.67% 5
Midlands +23 26 £54,500 -9.17% 2
West Midlands +33 21 £54,000 -12.90% 2
South West +8 21 £50,500 +1.00% 3
North East - 8 £52,500 - 4
East Midlands +7 5 £55,000 -4.35%
Scotland -7 4 £70,000 +7.69% 9
Wales -1 2 £37,500 -31.82% 3
Northern Ireland +3 1 £70,000 +36.59%

For the 6 months to 14 November 2018, IT jobs citing OWASP also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1 315 (44.24%) Information Security
2 242 (33.99%) Agile Software Development
3 241 (33.85%) Microsoft Azure
4 226 (31.74%) ISO/IEC 27001
5 225 (31.60%) Penetration Testing
5 225 (31.60%) CISSP
6 197 (27.67%) Windows
7 179 (25.14%) Amazon AWS
8 172 (24.16%) Linux
9 169 (23.74%) Cybersecurity
10 152 (21.35%) SQL
11 150 (21.07%) Degree
12 143 (20.08%) Microsoft
13 139 (19.52%) JavaScript
14 138 (19.38%) SIEM
15 137 (19.24%) .NET
16 124 (17.42%) Risk Management
17 123 (17.28%) Finance
18 121 (16.99%) Incident Management
19 117 (16.43%) CSS
20 115 (16.15%) SANS
21 114 (16.01%) Web Services
22 113 (15.87%) Java
23 110 (15.45%) Vulnerability Assessment
24 107 (15.03%) C#
25 106 (14.89%) HTML
26 104 (14.61%) MVC
27 101 (14.19%) Cisco Certification
28 99 (13.90%) Test Automation
29 97 (13.62%) CISM

OWASP
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 47 (6.60%) Confluence
2 34 (4.78%) IIS
3 25 (3.51%) OpenStack
4 22 (3.09%) WordPress
5 19 (2.67%) SharePoint
6 17 (2.39%) WebLogic
7 15 (2.11%) Drupal
7 15 (2.11%) WebSphere
8 14 (1.97%) Apache Spark
9 12 (1.69%) JBoss
9 12 (1.69%) Tomcat
10 10 (1.40%) Apache
11 8 (1.12%) ExpressionEngine
12 7 (0.98%) CMS
13 6 (0.84%) Apache Solr
13 6 (0.84%) Traefik
14 4 (0.56%) nginx
14 4 (0.56%) Skype for Business
14 4 (0.56%) Umbraco
15 3 (0.42%) CloudStack
Applications
1 4 (0.56%) Microsoft Office
2 2 (0.28%) Adobe Illustrator
2 2 (0.28%) Photoshop
Business Applications
1 3 (0.42%) RiskWrite
Cloud Services
1 241 (33.85%) Microsoft Azure
2 179 (25.14%) Amazon AWS
3 37 (5.20%) SaaS
4 22 (3.09%) IaaS
4 22 (3.09%) OpenShift
5 21 (2.95%) Google Cloud Platform
6 17 (2.39%) Serverless
7 15 (2.11%) PaaS
8 14 (1.97%) Office 365
9 10 (1.40%) npm
10 8 (1.12%) Slack
11 4 (0.56%) Azure Machine Learning
11 4 (0.56%) BlazeMeter
11 4 (0.56%) Cloud Computing
12 3 (0.42%) Amazon ElastiCache
12 3 (0.42%) AWS Lambda
13 2 (0.28%) Google Drive
14 1 (0.14%) Amazon S3
14 1 (0.14%) Apigee
14 1 (0.14%) Apple Pay
Communications & Networking
1 80 (11.24%) Firewall
2 47 (6.60%) Network Security
3 42 (5.90%) HTTP
4 36 (5.06%) Internet
5 26 (3.65%) SSL
6 22 (3.09%) TCP/IP
7 15 (2.11%) DNS
8 11 (1.54%) Intrusion Detection
8 11 (1.54%) Reverse Proxy
8 11 (1.54%) Wi-Fi
9 10 (1.40%) VLAN
10 9 (1.26%) BGP
10 9 (1.26%) BIG-IP
10 9 (1.26%) Cisco IOS
10 9 (1.26%) DMVPN
10 9 (1.26%) LAN
10 9 (1.26%) NX-OS
10 9 (1.26%) OSPF
10 9 (1.26%) Wireless
11 7 (0.98%) AMQP
Database & Business Intelligence
1 86 (12.08%) NoSQL
2 52 (7.30%) MongoDB
3 45 (6.32%) SQL Server
4 25 (3.51%) MySQL
5 24 (3.37%) SQL Server Integration Services
6 10 (1.40%) Data Warehouse
6 10 (1.40%) PostgreSQL
7 8 (1.12%) Big Data
8 7 (0.98%) Relational Database
9 6 (0.84%) Blockchain
10 5 (0.70%) MariaDB
10 5 (0.70%) Redis
10 5 (0.70%) SQL Server Reporting Services
11 3 (0.42%) Cosmos DB
12 2 (0.28%) Azure SQL Database
12 2 (0.28%) OLTP
12 2 (0.28%) SQL Server Analysis Services
13 1 (0.14%) Apache Hive
13 1 (0.14%) Hadoop
13 1 (0.14%) RDBMS
Development Applications
1 66 (9.27%) Git (software)
2 63 (8.85%) JIRA
3 36 (5.06%) Selenium
4 33 (4.63%) Jenkins
5 31 (4.35%) JMeter
6 29 (4.07%) Burp Suite
7 23 (3.23%) NUnit
8 22 (3.09%) Vagrant
9 19 (2.67%) Jasmine
10 18 (2.53%) Visual Studio
11 15 (2.11%) gulp
11 15 (2.11%) Metasploit
12 14 (1.97%) Bitbucket
12 14 (1.97%) git-flow
12 14 (1.97%) Log4Net
12 14 (1.97%) Subversion
13 11 (1.54%) Grunt
13 11 (1.54%) Protractor
14 10 (1.40%) TeamCity
15 9 (1.26%) Maven
General
1 123 (17.28%) Finance
2 64 (8.99%) Retail
3 36 (5.06%) Banking
4 24 (3.37%) Telecoms
5 18 (2.53%) Retail Finance
6 16 (2.25%) Games
7 15 (2.11%) Law
8 9 (1.26%) Marketing
9 8 (1.12%) Legal
10 7 (0.98%) Publishing
11 3 (0.42%) Electronics
11 3 (0.42%) Local Government
11 3 (0.42%) Manufacturing
12 2 (0.28%) Automotive
13 1 (0.14%) Advertising
13 1 (0.14%) Financial Institution
13 1 (0.14%) Hungarian Language
13 1 (0.14%) Investment Banking
13 1 (0.14%) Pharmaceutical
13 1 (0.14%) Retail Banking
Job Titles
1 152 (21.35%) Developer
2 122 (17.13%) Analyst
3 112 (15.73%) Security Manager
4 83 (11.66%) Information Manager
4 83 (11.66%) Information Security Manager
5 69 (9.69%) Security Engineer
6 62 (8.71%) Architect
7 51 (7.16%) Tester
8 50 (7.02%) Security Analyst
9 44 (6.18%) .NET Developer
10 41 (5.76%) Security Architect
11 36 (5.06%) SOC Analyst
11 36 (5.06%) Software Developer
12 35 (4.92%) Penetration Tester
13 32 (4.49%) Senior Analyst
14 29 (4.07%) C# Developer
14 29 (4.07%) Software Engineer
15 28 (3.93%) PHP Developer
16 26 (3.65%) .NET Software Developer
17 24 (3.37%) Senior Developer
Libraries, Frameworks & Software Standards
1 137 (19.24%) .NET
2 117 (16.43%) CSS
3 114 (16.01%) Web Services
4 106 (14.89%) HTML
5 70 (9.83%) RESTful
6 69 (9.69%) JSON
7 59 (8.29%) REST
8 56 (7.87%) AngularJS
9 48 (6.74%) HTML5
10 46 (6.46%) ASP.NET
11 40 (5.62%) ASP.NET MVC
12 38 (5.34%) .NET Core
12 38 (5.34%) ASP.NET Web API
12 38 (5.34%) OAuth
13 37 (5.20%) jQuery
14 35 (4.92%) Ajax
14 35 (4.92%) Node.js
15 33 (4.63%) Spring
16 32 (4.49%) .NET Framework
17 30 (4.21%) SOAP
Miscellaneous
1 71 (9.97%) Analytical Skills
2 56 (7.87%) Management Information System
3 55 (7.72%) Mobile App
4 48 (6.74%) Security Operations Centre
5 45 (6.32%) Fintech
6 39 (5.48%) Computer Science
7 36 (5.06%) User Experience
8 22 (3.09%) Driving Licence
9 17 (2.39%) CESG
9 17 (2.39%) Cloud Native
9 17 (2.39%) Enterprise Software
9 17 (2.39%) Public Cloud
10 15 (2.11%) Cyberattack
11 12 (1.69%) Cyber Defence
12 11 (1.54%) Data Centre
12 11 (1.54%) Embedded Systems
12 11 (1.54%) Hybrid Cloud
12 11 (1.54%) Mainframe
12 11 (1.54%) PKI
12 11 (1.54%) Self-Motivation
Operating Systems
1 197 (27.67%) Windows
2 172 (24.16%) Linux
3 33 (4.63%) Unix
4 23 (3.23%) Android
4 23 (3.23%) Apple iOS
5 10 (1.40%) Kali Linux
6 9 (1.26%) AIX
7 7 (0.98%) CentOS
8 6 (0.84%) Red Hat Enterprise Linux
9 5 (0.70%) Windows Server
10 4 (0.56%) Mac OS
10 4 (0.56%) Windows Server 2012
11 2 (0.28%) Ubuntu
12 1 (0.14%) Debian
12 1 (0.14%) HPUX
12 1 (0.14%) Solaris
12 1 (0.14%) VMS
Processes & Methodologies
1 315 (44.24%) Information Security
2 242 (33.99%) Agile Software Development
3 225 (31.60%) Penetration Testing
4 169 (23.74%) Cybersecurity
5 138 (19.38%) SIEM
6 124 (17.42%) Risk Management
7 121 (16.99%) Incident Management
8 110 (15.45%) Vulnerability Assessment
9 104 (14.61%) MVC
10 99 (13.90%) Test Automation
11 90 (12.64%) Security Operations
12 89 (12.50%) Problem-Solving
13 87 (12.22%) Security Management
14 86 (12.08%) DevOps
14 86 (12.08%) Scrum
15 80 (11.24%) Microservices
16 77 (10.81%) Data Loss Prevention
17 72 (10.11%) Software Engineering
17 72 (10.11%) TDD
18 68 (9.55%) Continuous Integration
Programming Languages
1 152 (21.35%) SQL
2 139 (19.52%) JavaScript
3 113 (15.87%) Java
4 107 (15.03%) C#
5 62 (8.71%) Python
6 45 (6.32%) PHP
7 40 (5.62%) Ruby
8 32 (4.49%) Perl
9 28 (3.93%) Bash Shell
10 26 (3.65%) T-SQL
11 23 (3.23%) VB.NET
12 21 (2.95%) C
12 21 (2.95%) C++
13 19 (2.67%) PowerShell
14 17 (2.39%) TypeScript
15 12 (1.69%) Java 8
16 9 (1.26%) Shell Script
17 6 (0.84%) Go
18 5 (0.70%) Scala
19 4 (0.56%) Groovy
Qualifications
1 225 (31.60%) CISSP
2 150 (21.07%) Degree
3 115 (16.15%) SANS
4 101 (14.19%) Cisco Certification
5 97 (13.62%) CISM
6 94 (13.20%) (ISC)2 CCSP
7 74 (10.39%) CEH
8 47 (6.60%) CISA
9 41 (5.76%) OSCP
10 36 (5.06%) CREST Certified
11 35 (4.92%) Security Cleared
12 26 (3.65%) Computer Science Degree
13 22 (3.09%) GIAC
14 16 (2.25%) GWAPT
15 14 (1.97%) CSSLP
15 14 (1.97%) OSCE
16 13 (1.83%) GPEN
17 12 (1.69%) CRISC
17 12 (1.69%) GCIH
17 12 (1.69%) SSCP
Quality Assurance & Compliance
1 226 (31.74%) ISO/IEC 27001
2 84 (11.80%) PCI DSS
3 62 (8.71%) QA
4 56 (7.87%) GDPR
5 30 (4.21%) Sarbanes-Oxley
6 27 (3.79%) HIPAA
7 23 (3.23%) ISO 9001
8 18 (2.53%) Cyber Essentials
9 16 (2.25%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
10 11 (1.54%) ISO 14001
11 7 (0.98%) COBIT
11 7 (0.98%) WCAG
12 6 (0.84%) PMO
13 4 (0.56%) PSD2
13 4 (0.56%) Web Application Security Consortium
14 2 (0.28%) COSO
15 1 (0.14%) HMG Security Policy Framework
15 1 (0.14%) NIST 800
15 1 (0.14%) WAI
System Software
1 84 (11.80%) Active Directory
2 51 (7.16%) Docker
3 31 (4.35%) VMware Infrastructure
4 6 (0.84%) Snort
5 4 (0.56%) ProxySG
5 4 (0.56%) Virtual Machines
6 3 (0.42%) vSphere
6 3 (0.42%) Xen
6 3 (0.42%) XenServer
7 2 (0.28%) LXC
7 2 (0.28%) Oracle RAC
8 1 (0.14%) Apache ZooKeeper
Systems Management
1 45 (6.32%) Nessus
2 31 (4.35%) Kubernetes
3 19 (2.67%) Opscode Chef
4 14 (1.97%) Nmap
5 10 (1.40%) Puppet
6 9 (1.26%) OpenVAS
6 9 (1.26%) Packer
7 7 (0.98%) Nexpose
8 5 (0.70%) CSIRT
8 5 (0.70%) Defensics
9 4 (0.56%) Single Sign-On
10 3 (0.42%) Ansible
10 3 (0.42%) Cobbler
10 3 (0.42%) WebInspect
11 2 (0.28%) HP Fortify
11 2 (0.28%) Oracle Enterprise Manager
12 1 (0.14%) Computer Emergency Response Teams
12 1 (0.14%) QRadar
12 1 (0.14%) Systems Management Server (SMS)
12 1 (0.14%) Tivoli
Vendors
1 143 (20.08%) Microsoft
2 36 (5.06%) VMware
3 30 (4.21%) Cisco
4 23 (3.23%) Google
4 23 (3.23%) Qualys
5 19 (2.67%) New Relic
5 19 (2.67%) Oracle
5 19 (2.67%) Splunk
6 14 (1.97%) Rapid7
7 12 (1.69%) Red Hat
8 11 (1.54%) Meraki
9 10 (1.40%) CheckPoint
9 10 (1.40%) F5
10 9 (1.26%) Aquila
10 9 (1.26%) Juniper
11 8 (1.12%) Palo Alto
11 8 (1.12%) TOWER Software
12 7 (0.98%) Atlassian
12 7 (0.98%) WorldPay
13 5 (0.70%) Fortinet