Period
to 23 August 2017

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 23 August 2017 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
23 Aug 2017
Same period 2016 Same period 2015
Rank 392 352 492
Rank change year-on-year -40 +140 +98
Permanent jobs citing Penetration Testing 1403 1720 1191
As % of all permanent IT jobs advertised in the UK 0.80% 0.87% 0.55%
As % of the Processes & Methodologies category 0.89% 0.98% 0.62%
Number of salaries quoted 1169 1339 939
UK median annual salary £55,000 £55,000 £52,500
Median salary % change year-on-year - +4.76% +3.96%
10th Percentile £35,000 £34,938 £33,650
90th Percentile £83,750 £82,500 £81,250
UK excluding London median annual salary £50,000 £50,000 £45,000
% change year-on-year - +11.11% -

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 158285 175244 190972
As % of all permanent IT jobs advertised in the UK 89.94% 89.07% 88.17%
Number of salaries quoted 125396 146177 155973
UK median annual salary £50,000 £49,000 £47,500
Median salary % change year-on-year +2.04% +3.16% +5.56%
10th Percentile £28,723 £27,500 £27,500
90th Percentile £80,000 £77,500 £76,250
UK excluding London median annual salary £42,500 £42,500 £42,500

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 23 August 2017.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 23 August 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -18 1343 £55,000 - 64
UK excluding London -10 739 £50,000 - 32
London -19 633 £60,000 -7.69% 33
South East +43 336 £52,500 - 16
North of England -37 178 £50,000 - 6
North West -34 115 £55,000 +10.00% 4
Midlands +48 104 £42,500 -15.00% 2
West Midlands +37 94 £42,500 -10.53% 2
Yorkshire -14 61 £45,000 - 2
East of England -4 44 £55,000 +15.79% 3
South West -89 41 £45,000 -10.00% 4
Scotland +7 24 £37,500 -28.57% 1
Wales +8 12 £47,500 -17.39%
East Midlands +15 9 £45,000 -18.18%
Isle of Man - 3 - -
North East +15 2 £59,500 +32.22%

For the 6 months to 23 August 2017, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for Penetration Testing.

1 754 (53.74%) Information Security
2 553 (39.42%) Cybersecurity
3 420 (29.94%) Firewall
4 380 (27.08%) ISO/IEC 27001
5 378 (26.94%) CISSP
6 320 (22.81%) Windows
7 274 (19.53%) Network Security
8 258 (18.39%) SIEM
9 236 (16.82%) CISM
10 218 (15.54%) Finance
11 216 (15.40%) Security Cleared
12 213 (15.18%) Linux
13 206 (14.68%) ITIL
14 204 (14.54%) PCI DSS
15 200 (14.26%) Vulnerability Scanning
16 196 (13.97%) Security Architecture
17 193 (13.76%) Degree
18 186 (13.26%) Vulnerability Assessment
19 176 (12.54%) Risk Management
20 174 (12.40%) Active Directory
20 174 (12.40%) CREST Certified
21 173 (12.33%) TCP/IP
22 172 (12.26%) Agile Software Development
23 170 (12.12%) Cisco
23 170 (12.12%) Vulnerability Management
24 155 (11.05%) Python
25 154 (10.98%) Java
25 154 (10.98%) Data Protection
26 144 (10.26%) Security Operations
27 142 (10.12%) Ethical Hacking

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 40 (2.85%) IIS
2 34 (2.42%) MS Exchange
3 22 (1.57%) Exchange Server 2010
4 15 (1.07%) Exchange Server 2013
5 14 (1.00%) SharePoint
6 13 (0.93%) Apache
7 12 (0.86%) Skype for Business
8 11 (0.78%) CMS
9 8 (0.57%) OpenStack
10 4 (0.29%) JBoss
10 4 (0.29%) nginx
11 1 (0.071%) Apache Pig
11 1 (0.071%) BizTalk Server
11 1 (0.071%) Elasticsearch
11 1 (0.071%) Tornado
11 1 (0.071%) WordPress
Applications
1 10 (0.71%) Microsoft Office
2 5 (0.36%) Spreadsheet
3 3 (0.21%) Microsoft Excel
3 3 (0.21%) Microsoft PowerPoint
3 3 (0.21%) MS Visio
Business Applications
1 5 (0.36%) Payment Gateway
2 2 (0.14%) Dynamics CRM
3 1 (0.071%) Salesforce.com CRM
Cloud Services
1 95 (6.77%) Amazon AWS
2 61 (4.35%) SaaS
3 43 (3.06%) IaaS
4 41 (2.92%) Microsoft Azure
5 18 (1.28%) Office 365
6 15 (1.07%) PaaS
7 12 (0.86%) Mimecast
8 6 (0.43%) AWS CloudFormation
8 6 (0.43%) Cloud Computing
9 4 (0.29%) Amazon S3
9 4 (0.29%) Google Cloud Platform
10 3 (0.21%) Amazon ELB
10 3 (0.21%) Amazon SQS
10 3 (0.21%) Google Compute Engine
10 3 (0.21%) OpenShift
11 2 (0.14%) AWS Lambda
11 2 (0.14%) GitHub
12 1 (0.071%) AWS OpsWorks
12 1 (0.071%) Route 53
Communications & Networking
1 420 (29.94%) Firewall
2 274 (19.53%) Network Security
3 173 (12.33%) TCP/IP
4 89 (6.34%) DNS
5 77 (5.49%) Wireless
6 74 (5.27%) WAN
7 72 (5.13%) LAN
8 69 (4.92%) VPN
9 68 (4.85%) Internet
10 64 (4.56%) DHCP
11 50 (3.56%) VLAN
12 48 (3.42%) Cisco ASA
13 47 (3.35%) MPLS
14 43 (3.06%) SAN
15 40 (2.85%) VoIP
16 39 (2.78%) SS7
17 34 (2.42%) Intrusion Detection
18 32 (2.28%) Junos
19 29 (2.07%) HTTP
20 24 (1.71%) Ethernet
Database & Business Intelligence
1 52 (3.71%) SQL Server
2 16 (1.14%) MySQL
3 12 (0.86%) SQL Server 2008
3 12 (0.86%) SQL Server 2012
3 12 (0.86%) SQL Server 2014
4 10 (0.71%) Big Data
4 10 (0.71%) MongoDB
5 8 (0.57%) NoSQL
6 6 (0.43%) Microsoft Analysis Services
6 6 (0.43%) SQL Server Analysis Services
6 6 (0.43%) SQL Server Integration Services
7 4 (0.29%) Hadoop
7 4 (0.29%) PostgreSQL
7 4 (0.29%) SQL Server 2016
8 3 (0.21%) GIS
8 3 (0.21%) Looker
8 3 (0.21%) Redis
9 1 (0.071%) Apache Hive
9 1 (0.071%) Hazelcast
9 1 (0.071%) Relational Database
Development Applications
1 42 (2.99%) Burp Suite
2 31 (2.21%) Metasploit
3 25 (1.78%) AppScan
4 20 (1.43%) Git (software)
5 18 (1.28%) Paros
6 17 (1.21%) Selenium
7 13 (0.93%) Jenkins
7 13 (0.93%) WebScarab
8 12 (0.86%) Eclipse
8 12 (0.86%) Xcode
9 7 (0.50%) Cucumber
9 7 (0.50%) JUnit
10 6 (0.43%) Appium
10 6 (0.43%) FitNesse
10 6 (0.43%) Hudson
10 6 (0.43%) SoapUI
10 6 (0.43%) WebDriver
11 5 (0.36%) Sonatype Nexus
12 4 (0.29%) IDA Disassembler
12 4 (0.29%) Team Foundation Server
General
1 218 (15.54%) Finance
2 106 (7.56%) Telecoms
3 75 (5.35%) Banking
4 70 (4.99%) Legal
5 35 (2.49%) Law
6 25 (1.78%) Retail
7 19 (1.35%) Marketing
8 15 (1.07%) Automotive
9 14 (1.00%) Aerospace
10 11 (0.78%) Electronics
10 11 (0.78%) Investment Banking
10 11 (0.78%) Publishing
11 9 (0.64%) Financial Institution
11 9 (0.64%) Games
11 9 (0.64%) Military
12 7 (0.50%) Digital Economy
12 7 (0.50%) Manufacturing
12 7 (0.50%) Spanish Language
13 4 (0.29%) Advertising
13 4 (0.29%) Local Government
Job Titles
1 275 (19.60%) Analyst
2 249 (17.75%) Tester
3 226 (16.11%) Penetration Tester
3 226 (16.11%) Security Analyst
4 164 (11.69%) Security Engineer
5 144 (10.26%) Consultant
6 132 (9.41%) Security Consultant
7 116 (8.27%) Security Manager
8 101 (7.20%) Business Manager
9 100 (7.13%) Network Engineer
10 99 (7.06%) Business Development Manager
10 99 (7.06%) Development Manager
11 83 (5.92%) IT Engineer
12 79 (5.63%) IT Analyst
13 73 (5.20%) IT Security Analyst
14 66 (4.70%) IT Security Engineer
15 60 (4.28%) Senior Tester
16 56 (3.99%) Security Specialist
17 55 (3.92%) Senior Penetration Tester
18 53 (3.78%) Team Leader
Libraries, Frameworks & Software Standards
1 62 (4.42%) .NET
2 48 (3.42%) Web Services
3 43 (3.06%) HTML
4 25 (1.78%) Node.js
5 23 (1.64%) XML
6 17 (1.21%) RESTful
7 16 (1.14%) Django
7 16 (1.14%) J2EE
8 15 (1.07%) CSS
9 12 (0.86%) CGI
10 10 (0.71%) ASP.NET
10 10 (0.71%) JSON
10 10 (0.71%) SOAP
11 8 (0.57%) SAML
12 7 (0.50%) OAuth
12 7 (0.50%) Spring
13 6 (0.43%) Ajax
13 6 (0.43%) HTML5
13 6 (0.43%) LAMP
13 6 (0.43%) OAuth2
Miscellaneous
1 116 (8.27%) Management Information System
2 108 (7.70%) Data Protection Act
3 97 (6.91%) Data Centre
4 92 (6.56%) Computer Science
5 52 (3.71%) Analytical Skills
6 50 (3.56%) SCADA
7 47 (3.35%) Cyberthreat
8 46 (3.28%) Mobile App
9 37 (2.64%) Smartphone
10 34 (2.42%) Distributed Denial-of-Service
11 31 (2.21%) Cyber Attack
12 27 (1.92%) iPad
13 24 (1.71%) Field-Programmable Gate Array
13 24 (1.71%) PKI
14 22 (1.57%) Cyber Defence
15 19 (1.35%) CESG
16 16 (1.14%) Security Operations Centre
17 15 (1.07%) Cybercrime
17 15 (1.07%) Greenfield Project
18 14 (1.00%) Client/Server
Operating Systems
1 320 (22.81%) Windows
2 213 (15.18%) Linux
3 139 (9.91%) Windows Server
4 105 (7.48%) Unix
5 91 (6.49%) Android
6 86 (6.13%) Apple iOS
7 41 (2.92%) Mac OS X
8 40 (2.85%) Windows Server 2008
9 35 (2.49%) Windows Server 2012
10 26 (1.85%) VxWorks
11 22 (1.57%) Kali Linux
12 14 (1.00%) Solaris
13 10 (0.71%) Windows 7
14 6 (0.43%) Windows Server 2003
15 5 (0.36%) CentOS
15 5 (0.36%) Ubuntu
16 4 (0.29%) KNOPPIX
17 2 (0.14%) FreeBSD
17 2 (0.14%) HPUX
17 2 (0.14%) Windows 10
Processes & Methodologies
1 754 (53.74%) Information Security
2 553 (39.42%) Cybersecurity
3 258 (18.39%) SIEM
4 206 (14.68%) ITIL
5 200 (14.26%) Vulnerability Scanning
6 196 (13.97%) Security Architecture
7 186 (13.26%) Vulnerability Assessment
8 176 (12.54%) Risk Management
9 172 (12.26%) Agile Software Development
10 170 (12.12%) Vulnerability Management
11 154 (10.98%) Data Protection
12 144 (10.26%) Security Operations
13 142 (10.12%) Ethical Hacking
14 126 (8.98%) Security Testing
15 117 (8.34%) Business Development
16 112 (7.98%) OWASP
17 110 (7.84%) Network Design
18 92 (6.56%) Risk Assessment
19 90 (6.41%) Incident Management
20 88 (6.27%) Data Loss Prevention
Programming Languages
1 155 (11.05%) Python
2 154 (10.98%) Java
3 132 (9.41%) C
4 90 (6.41%) C++
5 74 (5.27%) SQL
6 67 (4.78%) Perl
7 62 (4.42%) Ruby
8 54 (3.85%) C#
9 49 (3.49%) JavaScript
10 39 (2.78%) PHP
11 35 (2.49%) PowerShell
12 27 (1.92%) Bash Shell
13 17 (1.21%) VB
14 13 (0.93%) VB.NET
15 10 (0.71%) Groovy
16 7 (0.50%) VBScript
17 6 (0.43%) Ada
17 6 (0.43%) Scala
18 5 (0.36%) Objective-C
19 4 (0.29%) Go
Qualifications
1 378 (26.94%) CISSP
2 236 (16.82%) CISM
3 216 (15.40%) Security Cleared
4 193 (13.76%) Degree
5 174 (12.40%) CREST Certified
6 137 (9.76%) CEH
7 103 (7.34%) OSCP
8 94 (6.70%) DV Cleared
9 85 (6.06%) Cisco Certification
10 68 (4.85%) CCNP
11 64 (4.56%) CISA
12 61 (4.35%) CHECK Team Member
13 59 (4.21%) CCNA
14 58 (4.13%) CHECK Team Leader
14 58 (4.13%) SC Cleared
15 52 (3.71%) GIAC
16 38 (2.71%) GCIH
17 37 (2.64%) SANS
18 36 (2.57%) Computer Science Degree
19 34 (2.42%) GPEN
Quality Assurance & Compliance
1 380 (27.08%) ISO/IEC 27001
2 204 (14.54%) PCI DSS
3 120 (8.55%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
4 60 (4.28%) Cyber Essentials
5 57 (4.06%) GDPR
6 31 (2.21%) COBIT
7 30 (2.14%) Sarbanes-Oxley
8 24 (1.71%) Cyber Essentials PLUS
9 23 (1.64%) QA
10 21 (1.50%) ISO/IEC 27005
11 13 (0.93%) ISO 22301
11 13 (0.93%) SLA
12 9 (0.64%) NIST 800
13 8 (0.57%) ISO 9001
14 6 (0.43%) HMG Security Policy Framework
14 6 (0.43%) ISO 31000
14 6 (0.43%) MISRA
15 5 (0.36%) HIPAA
16 3 (0.21%) JSP 440
16 3 (0.21%) PA-DSS
System Software
1 174 (12.40%) Active Directory
2 50 (3.56%) ProxySG
3 30 (2.14%) Hyper-V
4 18 (1.28%) VMware Infrastructure
5 13 (0.93%) Docker
6 10 (0.71%) Firmware
7 8 (0.57%) Virtual Machines
7 8 (0.57%) VMware ESXi
8 6 (0.43%) vSphere
9 5 (0.36%) Snort
10 2 (0.14%) VirtualBox
11 1 (0.071%) KVM
11 1 (0.071%) LXC
11 1 (0.071%) VMware NSX
11 1 (0.071%) Xen
11 1 (0.071%) XenApp
Systems Management
1 61 (4.35%) Nessus
2 20 (1.43%) Nmap
3 17 (1.21%) Computer Emergency Response Teams
4 13 (0.93%) EnCase
5 12 (0.86%) SCCM
6 11 (0.78%) FTK
6 11 (0.78%) Microsoft Clustering
7 10 (0.71%) Puppet
8 9 (0.64%) Ansible
8 9 (0.64%) HP Fortify
8 9 (0.64%) SCOM
9 8 (0.57%) Cisco CUCM
9 8 (0.57%) McAfee ePO
10 7 (0.50%) Opscode Chef
11 6 (0.43%) CSIRT
11 6 (0.43%) Network Intrusion Detection System
11 6 (0.43%) OpenVAS
12 5 (0.36%) WebInspect
13 4 (0.29%) QRadar
13 4 (0.29%) RSA enVision
Vendors
1 170 (12.12%) Cisco
2 114 (8.13%) CheckPoint
3 88 (6.27%) Microsoft
4 68 (4.85%) Palo Alto
5 58 (4.13%) Juniper
6 54 (3.85%) VMware
7 53 (3.78%) Blue Coat
8 43 (3.06%) Apple
9 42 (2.99%) HP
10 40 (2.85%) Qualys
11 34 (2.42%) Splunk
12 31 (2.21%) ArcSight
13 23 (1.64%) Citrix
14 19 (1.35%) Avaya
15 18 (1.28%) IBM
15 18 (1.28%) SolarWinds
16 17 (1.21%) Forcepoint
16 17 (1.21%) Oracle
17 16 (1.14%) F5
18 14 (1.00%) Red Hat