Period
to 25 March 2019

The median annual salary for a Penetration Tester was £65,000 in advertised job vacancies during the 6 months to 25 March 2019.

The first table below provides salary benchmarking and summary statistics including a comparison to same period in the previous 2 years.

Penetration Tester
UK
6 months to
25 Mar 2019
Same period 2018 Same period 2017
Rank 843 912 999
Rank change year-on-year +69 +87 +27
Permanent jobs requiring a Penetration Tester 261 266 185
As % of all permanent IT jobs advertised in the UK 0.18% 0.15% 0.11%
As % of the Job Titles category 0.18% 0.16% 0.11%
Number of salaries quoted 176 206 122
UK median annual salary £65,000 £66,750 £57,500
Median salary % change year-on-year -2.62% +16.09% -
10th Percentile £36,250 £44,750 £33,000
90th Percentile £85,000 £100,000 £89,750
UK excluding London median annual salary £60,000 £60,000 £50,000
% change year-on-year - +20.00% -13.04%

The following table is for comparison with the above and includes summary statistics for all permanent IT job vacancies. Most job vacancies include a discernible job title that can be normalized. As such, the figures in the second row provide an indication of the number of permanent jobs in our overall sample.

All Permanent IT Job Vacancies
UK
Permanent vacancies in the UK with a recognized job title 142,276 168,952 167,225
% of permanent IT jobs with a recognized job title 95.92% 96.44% 96.58%
Number of salaries quoted 113,685 138,806 138,775
UK median annual salary £50,000 £50,000 £47,500
Median salary % change year-on-year - +5.26% -
10th Percentile £28,500 £27,500 £27,000
90th Percentile £83,750 £80,000 £77,500
UK excluding London median annual salary £45,000 £43,000 £42,500
% change year-on-year +4.65% +1.18% -

Penetration Tester
Job Vacancy Trend

Job postings that featured Penetration Tester in the job title as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Tester in the UK

Penetration Tester
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Tester.

Salary trend for Penetration Tester in the UK

Penetration Tester
Salary Histogram

The salary distribution of IT jobs citing Penetration Tester over the 6 months to 25 March 2019.

Salary histogram for Penetration Tester in the UK

Penetration Tester
Top 12 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Tester within the UK over the 6 months to 25 March 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +85 213 £62,500 -7.41% 54
UK excluding London +93 111 £60,000 - 34
London +22 91 £62,500 -10.71% 21
East of England +119 47 £75,000 +42.86% 4
Midlands +45 23 £66,250 -1.85% 11
South East +21 19 £60,000 - 7
North of England +38 16 £55,000 -12.00% 5
West Midlands +30 13 £72,500 +3.57% 10
North West +20 11 £66,250 +0.38% 5
East Midlands - 7 £80,000 - 1
South West +28 6 £65,750 +14.35% 6
Yorkshire +38 5 £55,000 +15.79%

Penetration Tester Skill Set
Top 30 Co-occurring IT Skills

For the 6 months to 25 March 2019, Penetration Tester job roles required the following IT skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads featuring Penetration Tester in the job title.

1 243 (93.10%) Penetration Testing
2 187 (71.65%) CREST Certified
3 124 (47.51%) Cybersecurity
4 110 (42.15%) OSCP
5 92 (35.25%) Security Cleared
6 82 (31.42%) Ethical Hacking
7 75 (28.74%) Information Security
8 74 (28.35%) Security Testing
9 62 (23.75%) Vulnerability Assessment
10 61 (23.37%) Mobile App
11 52 (19.92%) OWASP
12 51 (19.54%) Tigerscheme
13 47 (18.01%) CHECK Team Leader
13 47 (18.01%) PCI DSS
13 47 (18.01%) Python
14 46 (17.62%) Finance
14 46 (17.62%) SC Cleared
15 41 (15.71%) CHECK Team Member
16 39 (14.94%) Risk Management
17 37 (14.18%) Wireless
18 35 (13.41%) Service Delivery
18 35 (13.41%) Security Architecture
19 34 (13.03%) API Testing
19 34 (13.03%) Cyber Resilience
20 33 (12.64%) C++
20 33 (12.64%) IT Governance
20 33 (12.64%) Business Development
21 31 (11.88%) Java
21 31 (11.88%) Analytical Skills
22 27 (10.34%) Burp Suite

Penetration Tester Skill Set
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 2 (0.77%) Apache
1 2 (0.77%) IIS
Applications
1 5 (1.92%) Microsoft Office
Cloud Services
1 11 (4.21%) Amazon AWS
1 11 (4.21%) Microsoft Azure
2 10 (3.83%) Google Cloud Platform
Communications & Networking
1 37 (14.18%) Wireless
2 24 (9.20%) Firewall
3 12 (4.60%) Network Security
4 8 (3.07%) Wireless Security
5 6 (2.30%) TCP/IP
6 5 (1.92%) DHCP
6 5 (1.92%) DNS
7 3 (1.15%) FTP
7 3 (1.15%) HTTP
7 3 (1.15%) SSL
8 2 (0.77%) Multicast
8 2 (0.77%) Wireshark
9 1 (0.38%) Internet
9 1 (0.38%) Intrusion Detection
9 1 (0.38%) VoIP
9 1 (0.38%) Wi-Fi
Database & Business Intelligence
1 1 (0.38%) Big Data
Development Applications
1 27 (10.34%) Burp Suite
2 18 (6.90%) Metasploit
3 2 (0.77%) AppScan
3 2 (0.77%) Paros
4 1 (0.38%) SoapUI
4 1 (0.38%) WebScarab
General
1 46 (17.62%) Finance
2 18 (6.90%) Telecoms
3 10 (3.83%) Retail
4 4 (1.53%) Law
4 4 (1.53%) Legal
5 3 (1.15%) Financial Institution
6 2 (0.77%) Manufacturing
6 2 (0.77%) Pharmaceutical
7 1 (0.38%) Banking
7 1 (0.38%) Games
Libraries, Frameworks & Software Standards
1 16 (6.13%) .NET
2 13 (4.98%) ASP.NET
3 3 (1.15%) Spring
3 3 (1.15%) Web Services
4 2 (0.77%) CGI
4 2 (0.77%) HTML
4 2 (0.77%) J2EE
4 2 (0.77%) Ruby on Rails
4 2 (0.77%) Spring Boot
4 2 (0.77%) XML
Miscellaneous
1 61 (23.37%) Mobile App
2 31 (11.88%) Analytical Skills
3 27 (10.34%) Cyberattack
4 23 (8.81%) Self-Motivation
5 22 (8.43%) Virtual Team
6 15 (5.75%) Enterprise Software
7 12 (4.60%) Management Information System
8 5 (1.92%) Linux Command Line
9 4 (1.53%) CESG
9 4 (1.53%) Driving Licence
9 4 (1.53%) Embedded Systems
9 4 (1.53%) Fat Client
9 4 (1.53%) Thin Client
Operating Systems
1 21 (8.05%) Windows
2 20 (7.66%) Linux
3 6 (2.30%) Kali Linux
4 4 (1.53%) Unix
5 3 (1.15%) Android
5 3 (1.15%) Apple iOS
6 1 (0.38%) Windows Phone
Processes & Methodologies
1 243 (93.10%) Penetration Testing
2 124 (47.51%) Cybersecurity
3 82 (31.42%) Ethical Hacking
4 75 (28.74%) Information Security
5 74 (28.35%) Security Testing
6 62 (23.75%) Vulnerability Assessment
7 52 (19.92%) OWASP
8 39 (14.94%) Risk Management
9 35 (13.41%) Security Architecture
9 35 (13.41%) Service Delivery
10 34 (13.03%) API Testing
10 34 (13.03%) Cyber Resilience
11 33 (12.64%) Business Development
11 33 (12.64%) IT Governance
12 24 (9.20%) Social Engineering
13 23 (8.81%) Cyber Threat Intelligence
13 23 (8.81%) Digital Forensics
13 23 (8.81%) Threat Intelligence
14 20 (7.66%) Computer Science
15 18 (6.90%) Test Automation
Programming Languages
1 47 (18.01%) Python
2 33 (12.64%) C++
3 31 (11.88%) Java
4 24 (9.20%) Ruby
5 22 (8.43%) C
6 15 (5.75%) Perl
7 14 (5.36%) PHP
8 12 (4.60%) C#
9 11 (4.21%) Shell Script
10 10 (3.83%) Bash Shell
11 8 (3.07%) PowerShell
12 4 (1.53%) JavaScript
13 3 (1.15%) Lua
13 3 (1.15%) SQL
13 3 (1.15%) VB
14 1 (0.38%) VB.NET
Qualifications
1 187 (71.65%) CREST Certified
2 110 (42.15%) OSCP
3 92 (35.25%) Security Cleared
4 51 (19.54%) Tigerscheme
5 47 (18.01%) CHECK Team Leader
6 46 (17.62%) SC Cleared
7 41 (15.71%) CHECK Team Member
8 27 (10.34%) SANS
9 26 (9.96%) GPEN
10 22 (8.43%) CESG Certified Professional
10 22 (8.43%) OSCE
11 20 (7.66%) CISSP
12 18 (6.90%) CEH
13 17 (6.51%) Degree
14 16 (6.13%) GIAC
15 14 (5.36%) Cyber Scheme
16 11 (4.21%) CCNA
16 11 (4.21%) Cisco Certification
17 10 (3.83%) CCNP
18 8 (3.07%) Microsoft Certification
Quality Assurance & Compliance
1 47 (18.01%) PCI DSS
2 11 (4.21%) Cyber Essentials
3 10 (3.83%) ISO/IEC 27001
4 5 (1.92%) QA
5 3 (1.15%) HIPAA
5 3 (1.15%) Sarbanes-Oxley
6 1 (0.38%) Cyber Essentials PLUS
6 1 (0.38%) GDPR
6 1 (0.38%) ISO 9001
6 1 (0.38%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
System Software
1 3 (1.15%) Active Directory
2 1 (0.38%) VMware Infrastructure
Systems Management
1 8 (3.07%) Nessus
1 8 (3.07%) Nexpose
2 7 (2.68%) Nmap
3 1 (0.38%) HP Fortify
3 1 (0.38%) WebInspect
Vendors
1 15 (5.75%) Microsoft
2 10 (3.83%) Google
3 4 (1.53%) WorldPay
4 2 (0.77%) IBM
5 1 (0.38%) Qualys
5 1 (0.38%) VMware