Period
to 24 November 2017

The median annual salary for a Penetration Tester was £66,000 in advertised job vacancies during the 6 months to 24 November 2017.

The first table below provides salary benchmarking and summary statistics including a comparison to same period in the previous 2 years.

Penetration Tester
UK
6 months to
24 Nov 2017
Same period 2016 Same period 2015
Rank 952 905 1121
Rank change year-on-year -47 +216 -80
Permanent jobs requiring a Penetration Tester 259 322 202
As % of all permanent IT jobs advertised in the UK 0.14% 0.17% 0.092%
As % of the Job Titles category 0.15% 0.18% 0.096%
Number of salaries quoted 216 257 154
UK median annual salary £66,000 £55,000 £55,000
Median salary % change year-on-year +20.00% - -
10th Percentile £40,625 £37,650 £26,250
90th Percentile £96,250 £86,250 £80,875
UK excluding London median annual salary £58,750 £52,500 £50,000
% change year-on-year +11.90% +5.00% -9.09%

The following table is for comparison with the above and includes summary statistics for all permanent IT job vacancies. Most job vacancies include a discernible job title that can be normalized. As such, the figures in the second row provide an indication of the number of permanent jobs in our overall sample.

All Permanent IT Job Vacancies
UK
Permanent vacancies in the UK with a recognized job title 172577 182568 211044
% of permanent IT jobs with a recognized job title 95.80% 96.48% 96.46%
Number of salaries quoted 138473 152713 175380
UK median annual salary £48,500 £47,500 £45,000
Median salary % change year-on-year +2.11% +5.56% -
10th Percentile £27,500 £27,000 £26,250
90th Percentile £78,750 £77,500 £75,000
UK excluding London median annual salary £42,500 £42,500 £41,000
% change year-on-year - +3.66% +2.50%

Penetration Tester
Job Vacancy Trend

Job postings that featured Penetration Tester in the job title as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Tester in the UK

Penetration Tester
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Tester.

Salary trend for Penetration Tester in the UK

Penetration Tester
Salary Histogram

The salary distribution of IT jobs citing Penetration Tester over the 6 months to 24 November 2017.

Salary histogram for Penetration Tester in the UK

Penetration Tester
Top 13 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Tester within the UK over the 6 months to 24 November 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -31 230 £65,000 +18.18% 15
London +10 122 £73,750 +13.46% 7
UK excluding London -31 101 £58,750 +11.90% 8
South East +30 52 £47,500 -5.00% 5
West Midlands +17 20 £65,000 +23.81% 1
Midlands +13 20 £65,000 +23.81% 1
North of England -21 16 £54,250 -1.36%
Yorkshire -9 11 £47,500 -13.64%
East of England +15 6 £48,750 -2.50% 1
South West +12 5 £60,000 +20.00% 1
North West -23 4 £60,000 +20.00%
Wales +21 2 £75,000 +42.86%
North East - 1 £60,000 -

Penetration Tester Skill Set
Top 30 Co-occurring IT Skills

For the 6 months to 24 November 2017, Penetration Tester job roles required the following IT skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads featuring Penetration Tester in the job title.

1 217 (83.78%) Penetration Testing
2 122 (47.10%) CREST Certified
3 110 (42.47%) Information Security
4 70 (27.03%) OSCP
5 64 (24.71%) Cybersecurity
6 63 (24.32%) Windows
7 58 (22.39%) Unix
8 56 (21.62%) Ethical Hacking
8 56 (21.62%) Security Cleared
9 55 (21.24%) CHECK Team Leader
10 52 (20.08%) Linux
11 51 (19.69%) OWASP
12 49 (18.92%) Wireless
13 48 (18.53%) Social Engineering
14 45 (17.37%) CEH
14 45 (17.37%) Java
15 44 (16.99%) Degree
16 42 (16.22%) Security Testing
17 39 (15.06%) CHECK Team Member
18 35 (13.51%) Firewall
19 34 (13.13%) CISSP
19 34 (13.13%) Vulnerability Assessment
20 31 (11.97%) Android
21 30 (11.58%) Finance
22 29 (11.20%) Mentoring
23 28 (10.81%) Apple iOS
24 27 (10.42%) Reverse Engineering
24 27 (10.42%) Burp Suite
25 26 (10.04%) SCADA
26 25 (9.65%) C

Penetration Tester Skill Set
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 5 (1.93%) OpenStack
2 3 (1.16%) IIS
Business Applications
1 6 (2.32%) Payment Gateway
Cloud Services
1 6 (2.32%) Amazon AWS
1 6 (2.32%) Microsoft Azure
2 3 (1.16%) SaaS
Communications & Networking
1 49 (18.92%) Wireless
2 35 (13.51%) Firewall
3 21 (8.11%) TCP/IP
4 20 (7.72%) Network Security
5 12 (4.63%) Internet
6 8 (3.09%) HTTP
7 6 (2.32%) DNS
7 6 (2.32%) Wireshark
8 5 (1.93%) 802.11
8 5 (1.93%) LAN
8 5 (1.93%) SNMP
8 5 (1.93%) VPN
8 5 (1.93%) WAN
9 4 (1.54%) tcpdump
10 3 (1.16%) Cisco ASA
10 3 (1.16%) VoIP
11 2 (0.77%) DHCP
11 2 (0.77%) Wireless Security
12 1 (0.39%) Modbus
12 1 (0.39%) ZigBee
Database & Business Intelligence
1 6 (2.32%) SQL Server
2 4 (1.54%) GIS
Development Applications
1 27 (10.42%) Burp Suite
2 20 (7.72%) Metasploit
3 9 (3.47%) AppScan
4 6 (2.32%) Paros
5 3 (1.16%) WebScarab
6 1 (0.39%) Eclipse
6 1 (0.39%) sqlmap
6 1 (0.39%) Xcode
General
1 30 (11.58%) Finance
2 15 (5.79%) Legal
3 11 (4.25%) Retail
4 8 (3.09%) Banking
4 8 (3.09%) Telecoms
5 4 (1.54%) Aerospace
5 4 (1.54%) Marketing
6 3 (1.16%) Automotive
7 2 (0.77%) Electronics
7 2 (0.77%) Financial Institution
7 2 (0.77%) Manufacturing
7 2 (0.77%) Publishing
8 1 (0.39%) Dutch Language
8 1 (0.39%) Games
8 1 (0.39%) Law
Libraries, Frameworks & Software Standards
1 19 (7.34%) .NET
2 13 (5.02%) HTML
3 8 (3.09%) Node.js
3 8 (3.09%) XML
4 7 (2.70%) JSON
5 6 (2.32%) 802.1X
5 6 (2.32%) ASP.NET Web API
5 6 (2.32%) HTML5
5 6 (2.32%) RESTful
6 5 (1.93%) Web Services
7 3 (1.16%) J2EE
7 3 (1.16%) JNI
7 3 (1.16%) REST
8 1 (0.39%) Ajax
8 1 (0.39%) CGI
8 1 (0.39%) POSIX
8 1 (0.39%) SOAP
Miscellaneous
1 26 (10.04%) SCADA
2 24 (9.27%) Mobile App
3 20 (7.72%) Mainframe
4 14 (5.41%) Management Information System
5 10 (3.86%) Computer Science
6 6 (2.32%) Analytical Skills
7 5 (1.93%) Virtual Team
8 4 (1.54%) Analytical Mindset
9 3 (1.16%) CESG
9 3 (1.16%) Embedded Systems
9 3 (1.16%) iPad
10 2 (0.77%) Data Protection Act
11 1 (0.39%) Blog
11 1 (0.39%) Cyberthreat
11 1 (0.39%) Data Centre
Operating Systems
1 63 (24.32%) Windows
2 58 (22.39%) Unix
3 52 (20.08%) Linux
4 31 (11.97%) Android
5 28 (10.81%) Apple iOS
6 9 (3.47%) Kali Linux
7 2 (0.77%) KNOPPIX
Processes & Methodologies
1 217 (83.78%) Penetration Testing
2 110 (42.47%) Information Security
3 64 (24.71%) Cybersecurity
4 56 (21.62%) Ethical Hacking
5 51 (19.69%) OWASP
6 48 (18.53%) Social Engineering
7 42 (16.22%) Security Testing
8 34 (13.13%) Vulnerability Assessment
9 29 (11.20%) Mentoring
10 27 (10.42%) Reverse Engineering
11 16 (6.18%) Open Source
12 15 (5.79%) Security Architecture
13 13 (5.02%) Stakeholder Management
13 13 (5.02%) Vulnerability Management
14 12 (4.63%) Time Management
15 11 (4.25%) Customer Engagement
16 10 (3.86%) Quality Management
17 9 (3.47%) QMS
17 9 (3.47%) Vulnerability Scanning
18 8 (3.09%) Patch Management
Programming Languages
1 45 (17.37%) Java
2 25 (9.65%) C
3 23 (8.88%) C++
3 23 (8.88%) Python
4 18 (6.95%) Ruby
5 17 (6.56%) SQL
6 15 (5.79%) C#
6 15 (5.79%) Perl
7 13 (5.02%) PHP
8 10 (3.86%) Shell Script
9 8 (3.09%) VB.NET
10 7 (2.70%) Bash Shell
11 6 (2.32%) PowerShell
12 5 (1.93%) Lua
13 4 (1.54%) Objective-C
14 3 (1.16%) JavaScript
Qualifications
1 122 (47.10%) CREST Certified
2 70 (27.03%) OSCP
3 56 (21.62%) Security Cleared
4 55 (21.24%) CHECK Team Leader
5 45 (17.37%) CEH
6 44 (16.99%) Degree
7 39 (15.06%) CHECK Team Member
8 34 (13.13%) CISSP
9 17 (6.56%) Tigerscheme
10 15 (5.79%) CISM
10 15 (5.79%) Cyber Scheme
11 14 (5.41%) OSCE
12 13 (5.02%) SANS
13 12 (4.63%) GPEN
13 12 (4.63%) SC Cleared
14 10 (3.86%) Master's Degree
15 6 (2.32%) CISA
15 6 (2.32%) DV Cleared
15 6 (2.32%) GIAC
15 6 (2.32%) GXPN
Quality Assurance & Compliance
1 5 (1.93%) Cyber Essentials
1 5 (1.93%) ISO/IEC 27001
2 4 (1.54%) Cyber Essentials PLUS
3 3 (1.16%) GDPR
3 3 (1.16%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
3 3 (1.16%) PCI DSS
4 2 (0.77%) QA
5 1 (0.39%) IASME
System Software
1 4 (1.54%) Active Directory
Systems Management
1 24 (9.27%) Nessus
2 18 (6.95%) Nmap
3 5 (1.93%) WebInspect
4 4 (1.54%) Core Impact
5 3 (1.16%) HP Fortify
6 2 (0.77%) Nexpose
Vendors
1 8 (3.09%) Microsoft
1 8 (3.09%) Splunk
2 3 (1.16%) CheckPoint
2 3 (1.16%) Cisco
3 2 (0.77%) Citrix
3 2 (0.77%) SAP
4 1 (0.39%) HP