Period
to 10 December 2018

The median annual salary for a Penetration Tester was £60,000 in advertised job vacancies during the 6 months to 10 December 2018.

The first table below provides salary benchmarking and summary statistics including a comparison to same period in the previous 2 years.

Penetration Tester
UK
6 months to
10 Dec 2018
Same period 2017 Same period 2016
Rank 909 939 919
Rank change year-on-year +30 -20 +194
Permanent jobs requiring a Penetration Tester 224 255 318
As % of all permanent IT jobs advertised in the UK 0.14% 0.14% 0.17%
As % of the Job Titles category 0.15% 0.15% 0.18%
Number of salaries quoted 155 204 252
UK median annual salary £60,000 £67,500 £55,000
Median salary % change year-on-year -11.11% +22.73% -4.35%
10th Percentile £36,250 £41,250 £37,750
90th Percentile £80,000 £96,250 £87,375
UK excluding London median annual salary £57,500 £55,000 £52,500
% change year-on-year +4.55% +4.76% -

The following table is for comparison with the above and includes summary statistics for all permanent IT job vacancies. Most job vacancies include a discernible job title that can be normalized. As such, the figures in the second row provide an indication of the number of permanent jobs in our overall sample.

All Permanent IT Job Vacancies
UK
Permanent vacancies in the UK with a recognized job title 153,459 171,422 178,550
% of permanent IT jobs with a recognized job title 95.85% 96.03% 96.58%
Number of salaries quoted 123,266 137,855 149,075
UK median annual salary £50,000 £48,500 £47,500
Median salary % change year-on-year +3.09% +2.11% +5.56%
10th Percentile £27,500 £27,500 £27,000
90th Percentile £82,500 £78,750 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +3.66%

Penetration Tester
Job Vacancy Trend

Job postings that featured Penetration Tester in the job title as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Tester in the UK

Penetration Tester
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Tester.

Salary trend for Penetration Tester in the UK

Penetration Tester
Salary Histogram

The salary distribution of IT jobs citing Penetration Tester over the 6 months to 10 December 2018.

Salary histogram for Penetration Tester in the UK

Penetration Tester
Top 13 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Tester within the UK over the 6 months to 10 December 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +20 194 £60,000 -9.09% 37
London +71 103 £65,000 -18.75% 13
UK excluding London +31 81 £57,500 +4.55% 24
South East +9 32 £57,500 +24.32% 8
East of England +44 26 £37,500 -23.08% 4
North of England +4 10 £70,000 +30.84% 2
Midlands +16 8 £46,250 -28.85% 8
North West +13 7 £70,000 +23.35% 1
South West +5 5 £60,000 - 2
West Midlands +15 4 £35,000 -46.15% 8
East Midlands - 4 £80,000 -
Yorkshire +19 2 £80,000 +68.42% 1
North East - 1 £60,000 -

Penetration Tester Skill Set
Top 30 Co-occurring IT Skills

For the 6 months to 10 December 2018, Penetration Tester job roles required the following IT skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads featuring Penetration Tester in the job title.

1 183 (81.70%) Penetration Testing
2 141 (62.95%) CREST Certified
3 131 (58.48%) Cybersecurity
4 85 (37.95%) OSCP
5 73 (32.59%) Ethical Hacking
5 73 (32.59%) Information Security
6 59 (26.34%) Security Cleared
7 56 (25.00%) Vulnerability Assessment
8 47 (20.98%) Security Testing
9 44 (19.64%) CISSP
10 38 (16.96%) Degree
11 36 (16.07%) OWASP
12 33 (14.73%) Mobile App
13 31 (13.84%) Python
14 28 (12.50%) SC Cleared
15 27 (12.05%) CEH
15 27 (12.05%) Java
15 27 (12.05%) GPEN
16 26 (11.61%) Windows
16 26 (11.61%) Retail
16 26 (11.61%) Ruby
17 24 (10.71%) Problem-Solving
18 23 (10.27%) Tigerscheme
18 23 (10.27%) Analytical Skills
18 23 (10.27%) Linux
18 23 (10.27%) C
19 22 (9.82%) C++
20 21 (9.38%) Risk Management
20 21 (9.38%) Finance
20 21 (9.38%) Cyberattack

Penetration Tester Skill Set
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 1 (0.45%) Confluence
1 1 (0.45%) Ethereum
Applications
1 6 (2.68%) Microsoft Office
Cloud Services
1 1 (0.45%) Mimecast
1 1 (0.45%) Office 365
Communications & Networking
1 20 (8.93%) Wireless
2 19 (8.48%) Firewall
3 11 (4.91%) TCP/IP
4 10 (4.46%) Network Security
5 5 (2.23%) Internet
6 3 (1.34%) DHCP
6 3 (1.34%) DNS
6 3 (1.34%) FTP
6 3 (1.34%) HTTP
6 3 (1.34%) LAN
6 3 (1.34%) SSL
6 3 (1.34%) WAN
6 3 (1.34%) Wireless Security
7 2 (0.89%) Wireshark
8 1 (0.45%) DKIM
8 1 (0.45%) DMARC
8 1 (0.45%) Intrusion Detection
8 1 (0.45%) VoIP
Database & Business Intelligence
1 7 (3.13%) NonStop SQL
2 2 (0.89%) Big Data
3 1 (0.45%) Blockchain
Development Applications
1 16 (7.14%) Burp Suite
1 16 (7.14%) Metasploit
2 1 (0.45%) AppScan
2 1 (0.45%) IDA Disassembler
2 1 (0.45%) JIRA
2 1 (0.45%) Paros
2 1 (0.45%) SoapUI
2 1 (0.45%) sqlmap
General
1 26 (11.61%) Retail
2 21 (9.38%) Finance
3 7 (3.13%) Telecoms
4 3 (1.34%) Financial Institution
5 2 (0.89%) Legal
5 2 (0.89%) Manufacturing
6 1 (0.45%) Automotive
6 1 (0.45%) Banking
6 1 (0.45%) Czech Language
Libraries, Frameworks & Software Standards
1 11 (4.91%) .NET
2 7 (3.13%) ASP.NET
3 6 (2.68%) Web Services
4 2 (0.89%) HTML
4 2 (0.89%) J2EE
4 2 (0.89%) RESTful
4 2 (0.89%) Ruby on Rails
4 2 (0.89%) Spring Boot
5 1 (0.45%) CSS
5 1 (0.45%) HTML5
5 1 (0.45%) Java EE
5 1 (0.45%) JSON
5 1 (0.45%) SOAP
5 1 (0.45%) Spring
Miscellaneous
1 33 (14.73%) Mobile App
2 23 (10.27%) Analytical Skills
3 21 (9.38%) Cyberattack
4 17 (7.59%) Self-Motivation
5 15 (6.70%) Virtual Team
6 14 (6.25%) Management Information System
7 11 (4.91%) Cyber Defence
8 8 (3.57%) Fintech
9 7 (3.13%) CESG
10 6 (2.68%) Embedded Systems
11 5 (2.23%) Linux Command Line
12 4 (1.79%) Cyberthreat
13 1 (0.45%) Bitcoin
13 1 (0.45%) Cyber Kill Chain
13 1 (0.45%) Cybercrime
13 1 (0.45%) PKI
13 1 (0.45%) Wiki
Operating Systems
1 26 (11.61%) Windows
2 23 (10.27%) Linux
3 10 (4.46%) Kali Linux
4 9 (4.02%) Android
4 9 (4.02%) Apple iOS
5 6 (2.68%) Unix
6 2 (0.89%) Windows Server
7 1 (0.45%) Solaris
7 1 (0.45%) Windows Phone
Processes & Methodologies
1 183 (81.70%) Penetration Testing
2 131 (58.48%) Cybersecurity
3 73 (32.59%) Ethical Hacking
3 73 (32.59%) Information Security
4 56 (25.00%) Vulnerability Assessment
5 47 (20.98%) Security Testing
6 36 (16.07%) OWASP
7 24 (10.71%) Problem-Solving
8 21 (9.38%) Risk Management
9 20 (8.93%) Security Architecture
10 19 (8.48%) Stakeholder Engagement
11 18 (8.04%) Computer Forensics
12 16 (7.14%) Cyber Threat Intelligence
12 16 (7.14%) Digital Forensics
12 16 (7.14%) Threat Intelligence
13 15 (6.70%) Reverse Engineering
14 13 (5.80%) Vulnerability Scanning
15 12 (5.36%) Stakeholder Management
16 11 (4.91%) Open Source
16 11 (4.91%) Social Engineering
Programming Languages
1 31 (13.84%) Python
2 27 (12.05%) Java
3 26 (11.61%) Ruby
4 23 (10.27%) C
5 22 (9.82%) C++
6 17 (7.59%) Perl
7 11 (4.91%) Shell Script
8 9 (4.02%) PHP
9 7 (3.13%) Bash Shell
10 6 (2.68%) C#
10 6 (2.68%) PowerShell
10 6 (2.68%) SQL
11 2 (0.89%) JavaScript
11 2 (0.89%) Lua
11 2 (0.89%) VB.NET
12 1 (0.45%) Assembly Language
12 1 (0.45%) Go
12 1 (0.45%) VB
Qualifications
1 141 (62.95%) CREST Certified
2 85 (37.95%) OSCP
3 59 (26.34%) Security Cleared
4 44 (19.64%) CISSP
5 38 (16.96%) Degree
6 28 (12.50%) SC Cleared
7 27 (12.05%) CEH
7 27 (12.05%) GPEN
8 23 (10.27%) Tigerscheme
9 20 (8.93%) OSCE
10 19 (8.48%) CHECK Team Leader
11 18 (8.04%) CHECK Team Member
12 15 (6.70%) CESG Certified Professional
12 15 (6.70%) SANS
13 14 (6.25%) GIAC
14 13 (5.80%) CISM
15 9 (4.02%) Cyber Scheme
16 8 (3.57%) DV Cleared
16 8 (3.57%) GXPN
17 6 (2.68%) Computer Science Degree
Quality Assurance & Compliance
1 8 (3.57%) PCI DSS
2 6 (2.68%) QA
3 3 (1.34%) HIPAA
3 3 (1.34%) Sarbanes-Oxley
4 2 (0.89%) Cyber Essentials
4 2 (0.89%) Cyber Essentials PLUS
4 2 (0.89%) ISO/IEC 27001
System Software
1 1 (0.45%) Active Directory
1 1 (0.45%) Docker
1 1 (0.45%) VMware Infrastructure
Systems Management
1 5 (2.23%) Nessus
2 3 (1.34%) Nexpose
2 3 (1.34%) Nmap
3 1 (0.45%) CASB
3 1 (0.45%) HP Fortify
3 1 (0.45%) Kubernetes
3 1 (0.45%) Norton AntiVirus
3 1 (0.45%) WebInspect
Vendors
1 7 (3.13%) Microsoft
2 1 (0.45%) Forcepoint
2 1 (0.45%) Sophos
2 1 (0.45%) Symantec
2 1 (0.45%) VMware