Period
to 21 October 2017

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 21 October 2017 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
21 Oct 2017
Same period 2016 Same period 2015
Rank 372 325 484
Rank change year-on-year -47 +159 +85
Permanent jobs citing Penetration Testing 1432 1844 1258
As % of all permanent IT jobs advertised in the UK 0.82% 0.97% 0.57%
As % of the Processes & Methodologies category 0.91% 1.08% 0.65%
Number of salaries quoted 1185 1471 971
UK median annual salary £55,000 £57,500 £52,500
Median salary % change year-on-year -4.35% +9.52% +3.96%
10th Percentile £35,000 £35,000 £33,000
90th Percentile £85,000 £83,750 £82,500
UK excluding London median annual salary £50,000 £50,000 £47,500
% change year-on-year - +5.26% +5.56%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 156565 170492 194103
As % of all permanent IT jobs advertised in the UK 89.94% 89.23% 88.60%
Number of salaries quoted 123230 141844 159582
UK median annual salary £50,000 £49,500 £47,500
Median salary % change year-on-year +1.01% +4.21% +5.56%
10th Percentile £28,750 £28,000 £27,500
90th Percentile £80,000 £78,750 £76,250
UK excluding London median annual salary £43,500 £42,500 £42,500
% change year-on-year +2.35% - +6.25%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 21 October 2017.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 21 October 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -46 1375 £55,000 -4.35% 40
UK excluding London -33 757 £50,000 - 28
London -47 631 £60,000 -7.69% 12
South East +27 355 £52,500 -4.55% 14
North of England -31 156 £50,000 - 7
North West -9 110 £52,000 +4.00% 5
Midlands +19 101 £45,000 -10.00% 2
West Midlands +8 87 £46,250 -2.63% 2
East of England +14 65 £57,500 +21.05% 3
South West -90 52 £42,500 -15.00% 2
Yorkshire -33 44 £47,500 -5.00% 1
Scotland -18 18 £37,500 -28.57%
East Midlands +32 13 £36,535 -33.57%
Wales +21 8 £47,500 -37.70%
Isle of Man - 3 - -
North East +14 2 £59,500 +32.22% 1
Northern Ireland -27 2 £60,000 +45.45%

For the 6 months to 21 October 2017, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for Penetration Testing.

1 856 (59.78%) Information Security
2 579 (40.43%) Cybersecurity
3 480 (33.52%) ISO/IEC 27001
4 477 (33.31%) CISSP
5 445 (31.08%) Firewall
6 321 (22.42%) CISM
7 317 (22.14%) Windows
8 294 (20.53%) Network Security
9 290 (20.25%) Finance
10 284 (19.83%) SIEM
11 242 (16.90%) PCI DSS
12 241 (16.83%) Linux
13 222 (15.50%) ITIL
14 213 (14.87%) Security Architecture
14 213 (14.87%) Vulnerability Scanning
15 208 (14.53%) Degree
16 204 (14.25%) Risk Management
17 202 (14.11%) Data Protection
18 199 (13.90%) TCP/IP
19 194 (13.55%) Active Directory
19 194 (13.55%) Vulnerability Management
20 190 (13.27%) CREST Certified
21 184 (12.85%) Vulnerability Assessment
22 181 (12.64%) Security Cleared
23 177 (12.36%) Agile Software Development
24 173 (12.08%) Security Operations
25 169 (11.80%) Cisco
26 151 (10.54%) Management Information System
27 140 (9.78%) CEH
27 140 (9.78%) Security Testing

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 38 (2.65%) IIS
2 36 (2.51%) MS Exchange
3 23 (1.61%) Exchange Server 2010
4 18 (1.26%) Exchange Server 2013
5 15 (1.05%) Apache
6 11 (0.77%) CMS
7 10 (0.70%) OpenStack
7 10 (0.70%) SharePoint
8 8 (0.56%) Skype for Business
9 6 (0.42%) nginx
10 5 (0.35%) JBoss
10 5 (0.35%) WordPress
11 3 (0.21%) Apache Pig
11 3 (0.21%) Elasticsearch
12 1 (0.070%) BizTalk Server
12 1 (0.070%) Tomcat
Applications
1 11 (0.77%) Spreadsheet
2 8 (0.56%) Microsoft Office
3 3 (0.21%) Microsoft Excel
3 3 (0.21%) Microsoft PowerPoint
4 2 (0.14%) MS Visio
Business Applications
1 6 (0.42%) Payment Gateway
2 2 (0.14%) Dynamics CRM
3 1 (0.070%) Salesforce.com CRM
3 1 (0.070%) SunGard APT
Cloud Services
1 103 (7.19%) Amazon AWS
2 60 (4.19%) SaaS
3 42 (2.93%) Microsoft Azure
4 41 (2.86%) IaaS
5 16 (1.12%) Office 365
6 11 (0.77%) Cloudflare
7 9 (0.63%) PaaS
8 7 (0.49%) Mimecast
9 5 (0.35%) AWS CloudFormation
9 5 (0.35%) AWS Lambda
9 5 (0.35%) GitHub
9 5 (0.35%) Serverless
10 4 (0.28%) Amazon S3
10 4 (0.28%) Cloud Computing
11 3 (0.21%) Amazon SQS
11 3 (0.21%) Google Cloud Platform
11 3 (0.21%) Google Compute Engine
11 3 (0.21%) OpenShift
12 1 (0.070%) Amazon ELB
12 1 (0.070%) AWS OpsWorks
Communications & Networking
1 445 (31.08%) Firewall
2 294 (20.53%) Network Security
3 199 (13.90%) TCP/IP
4 91 (6.35%) DNS
5 79 (5.52%) Wireless
6 75 (5.24%) Internet
7 69 (4.82%) WAN
8 64 (4.47%) DHCP
9 63 (4.40%) LAN
10 59 (4.12%) VPN
11 48 (3.35%) Cisco ASA
12 44 (3.07%) Intrusion Detection
13 39 (2.72%) SAN
14 38 (2.65%) VLAN
15 35 (2.44%) VoIP
16 34 (2.37%) MPLS
17 30 (2.09%) HTTP
18 27 (1.89%) SS7
19 26 (1.82%) Ethernet
20 24 (1.68%) Junos
Database & Business Intelligence
1 53 (3.70%) SQL Server
2 19 (1.33%) MySQL
3 14 (0.98%) SQL Server 2008
4 13 (0.91%) SQL Server 2012
4 13 (0.91%) SQL Server 2014
5 10 (0.70%) MongoDB
5 10 (0.70%) NoSQL
6 9 (0.63%) Big Data
7 6 (0.42%) Hadoop
8 5 (0.35%) Amazon RDS
9 4 (0.28%) SQL Server 2016
10 3 (0.21%) Apache Hive
10 3 (0.21%) Blockchain
10 3 (0.21%) GIS
10 3 (0.21%) Looker
10 3 (0.21%) PostgreSQL
10 3 (0.21%) Redis
11 1 (0.070%) Data Mining
11 1 (0.070%) Oracle Database
11 1 (0.070%) Relational Database
Development Applications
1 53 (3.70%) Metasploit
2 45 (3.14%) Burp Suite
3 25 (1.75%) AppScan
4 21 (1.47%) Git (software)
5 10 (0.70%) Paros
6 8 (0.56%) Jenkins
7 7 (0.49%) Selenium
7 7 (0.49%) Xcode
8 6 (0.42%) Eclipse
9 5 (0.35%) WebScarab
10 4 (0.28%) IDA Disassembler
10 4 (0.28%) Team Foundation Server
11 3 (0.21%) Atlassian Bamboo
11 3 (0.21%) Fiddler
11 3 (0.21%) JIRA
11 3 (0.21%) Sonatype Nexus
12 2 (0.14%) Bitbucket
12 2 (0.14%) CodeSonar
12 2 (0.14%) GDB
12 2 (0.14%) Robot Framework
General
1 290 (20.25%) Finance
2 89 (6.22%) Legal
3 87 (6.08%) Banking
3 87 (6.08%) Telecoms
4 39 (2.72%) Retail
5 33 (2.30%) Law
6 17 (1.19%) Financial Institution
7 16 (1.12%) Marketing
8 15 (1.05%) Aerospace
8 15 (1.05%) Automotive
9 9 (0.63%) Digital Economy
9 9 (0.63%) Investment Banking
9 9 (0.63%) Manufacturing
10 7 (0.49%) Electronics
10 7 (0.49%) Games
10 7 (0.49%) Spanish Language
11 5 (0.35%) Publishing
12 3 (0.21%) Advertising
12 3 (0.21%) Corporate Banking
13 2 (0.14%) Military
Job Titles
1 297 (20.74%) Analyst
2 261 (18.23%) Security Analyst
3 228 (15.92%) Tester
4 213 (14.87%) Penetration Tester
5 171 (11.94%) Consultant
6 168 (11.73%) Security Engineer
7 159 (11.10%) Security Consultant
8 139 (9.71%) Security Manager
9 92 (6.42%) Business Manager
10 90 (6.28%) Business Development Manager
10 90 (6.28%) Development Manager
11 88 (6.15%) IT Engineer
12 85 (5.94%) IT Analyst
12 85 (5.94%) IT Security Analyst
13 80 (5.59%) Information Analyst
13 80 (5.59%) Information Security Analyst
14 78 (5.45%) Network Engineer
15 75 (5.24%) IT Security Engineer
16 60 (4.19%) Security Specialist
17 58 (4.05%) Security Officer
Libraries, Frameworks & Software Standards
1 72 (5.03%) .NET
2 46 (3.21%) Web Services
3 34 (2.37%) HTML
4 25 (1.75%) XML
5 23 (1.61%) J2EE
6 20 (1.40%) Node.js
7 16 (1.12%) RESTful
8 15 (1.05%) ASP.NET
8 15 (1.05%) CSS
9 13 (0.91%) JSON
10 11 (0.77%) CGI
10 11 (0.77%) Django
11 10 (0.70%) Ajax
11 10 (0.70%) LAMP
12 9 (0.63%) Middleware
12 9 (0.63%) OAuth
12 9 (0.63%) SAML
12 9 (0.63%) Spring
13 8 (0.56%) OAuth2
14 7 (0.49%) REST
Miscellaneous
1 151 (10.54%) Management Information System
2 132 (9.22%) Data Protection Act
3 99 (6.91%) Data Centre
4 92 (6.42%) Computer Science
5 71 (4.96%) Cyberthreat
6 57 (3.98%) Analytical Skills
7 47 (3.28%) Distributed Denial-of-Service
8 38 (2.65%) Mobile App
9 37 (2.58%) SCADA
10 33 (2.30%) PKI
11 31 (2.16%) Cyber Attack
12 26 (1.82%) Cyber Defence
13 25 (1.75%) iPad
14 21 (1.47%) Smartphone
15 20 (1.40%) Cybercrime
16 18 (1.26%) Public Cloud
17 17 (1.19%) CESG
17 17 (1.19%) Security Operations Centre
18 14 (0.98%) Clustering
18 14 (0.98%) Enterprise Software
Operating Systems
1 317 (22.14%) Windows
2 241 (16.83%) Linux
3 129 (9.01%) Windows Server
4 116 (8.10%) Unix
5 88 (6.15%) Apple iOS
6 74 (5.17%) Android
7 42 (2.93%) Mac OS X
8 30 (2.09%) Kali Linux
8 30 (2.09%) Windows Server 2008
9 17 (1.19%) Solaris
9 17 (1.19%) Windows Server 2012
10 16 (1.12%) VxWorks
11 13 (0.91%) Windows 7
12 6 (0.42%) VMS
13 4 (0.28%) Ubuntu
14 2 (0.14%) CentOS
14 2 (0.14%) Check Point GAiA
14 2 (0.14%) KNOPPIX
14 2 (0.14%) Windows 10
14 2 (0.14%) Windows Server 2003
Processes & Methodologies
1 856 (59.78%) Information Security
2 579 (40.43%) Cybersecurity
3 284 (19.83%) SIEM
4 222 (15.50%) ITIL
5 213 (14.87%) Security Architecture
5 213 (14.87%) Vulnerability Scanning
6 204 (14.25%) Risk Management
7 202 (14.11%) Data Protection
8 194 (13.55%) Vulnerability Management
9 184 (12.85%) Vulnerability Assessment
10 177 (12.36%) Agile Software Development
11 173 (12.08%) Security Operations
12 140 (9.78%) Security Testing
13 135 (9.43%) OWASP
14 134 (9.36%) Ethical Hacking
15 120 (8.38%) Risk Assessment
16 106 (7.40%) Data Loss Prevention
17 103 (7.19%) Business Development
18 86 (6.01%) Incident Management
19 82 (5.73%) Change Management
Programming Languages
1 125 (8.73%) Java
2 119 (8.31%) Python
3 112 (7.82%) C
4 74 (5.17%) C++
5 62 (4.33%) SQL
6 48 (3.35%) C#
6 48 (3.35%) Perl
7 44 (3.07%) Ruby
8 42 (2.93%) JavaScript
9 34 (2.37%) PHP
10 26 (1.82%) Bash Shell
11 25 (1.75%) PowerShell
12 16 (1.12%) VB.NET
13 15 (1.05%) VB
14 10 (0.70%) Objective-C
15 9 (0.63%) VBScript
16 7 (0.49%) Ada
17 6 (0.42%) Scala
17 6 (0.42%) Shell Script
18 4 (0.28%) Groovy
Qualifications
1 477 (33.31%) CISSP
2 321 (22.42%) CISM
3 208 (14.53%) Degree
4 190 (13.27%) CREST Certified
5 181 (12.64%) Security Cleared
6 140 (9.78%) CEH
7 105 (7.33%) OSCP
8 94 (6.56%) Cisco Certification
9 79 (5.52%) CISA
10 75 (5.24%) GIAC
11 69 (4.82%) CCNP
12 67 (4.68%) DV Cleared
13 65 (4.54%) CCNA
14 59 (4.12%) CHECK Team Leader
15 57 (3.98%) SC Cleared
16 51 (3.56%) CHECK Team Member
17 46 (3.21%) SANS
18 45 (3.14%) Computer Science Degree
19 43 (3.00%) CRISC
20 36 (2.51%) SSCP
Quality Assurance & Compliance
1 480 (33.52%) ISO/IEC 27001
2 242 (16.90%) PCI DSS
3 129 (9.01%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
4 100 (6.98%) GDPR
5 67 (4.68%) Cyber Essentials
6 45 (3.14%) COBIT
7 27 (1.89%) Cyber Essentials PLUS
8 23 (1.61%) Sarbanes-Oxley
9 22 (1.54%) ISO/IEC 27005
10 21 (1.47%) ISO 22301
11 16 (1.12%) SLA
12 15 (1.05%) QA
13 8 (0.56%) ISO 9001
13 8 (0.56%) MISRA
13 8 (0.56%) NIST 800
14 6 (0.42%) HMG Security Policy Framework
14 6 (0.42%) ISO 31000
15 5 (0.35%) HIPAA
16 1 (0.070%) ISO 26262
16 1 (0.070%) MISRA C
System Software
1 194 (13.55%) Active Directory
2 35 (2.44%) ProxySG
3 31 (2.16%) Hyper-V
4 28 (1.96%) VMware Infrastructure
5 17 (1.19%) Docker
6 13 (0.91%) VMware ESXi
7 11 (0.77%) Firmware
8 9 (0.63%) vSphere
9 8 (0.56%) Virtual Machines
10 6 (0.42%) Snort
11 4 (0.28%) XenApp
12 2 (0.14%) KVM
12 2 (0.14%) VirtualBox
13 1 (0.070%) LXC
13 1 (0.070%) OpenSIPS
13 1 (0.070%) Virtual Servers
13 1 (0.070%) VMware NSX
13 1 (0.070%) Xen
Systems Management
1 78 (5.45%) Nessus
2 34 (2.37%) Nmap
3 17 (1.19%) Computer Emergency Response Teams
4 12 (0.84%) Microsoft Clustering
4 12 (0.84%) SCOM
5 9 (0.63%) Ansible
5 9 (0.63%) HP Fortify
5 9 (0.63%) Puppet
5 9 (0.63%) SCCM
6 8 (0.56%) Core Impact
6 8 (0.56%) Opscode Chef
6 8 (0.56%) QRadar
7 7 (0.49%) Cisco CUCM
7 7 (0.49%) EnCase
7 7 (0.49%) FTK
8 6 (0.42%) Network Intrusion Detection System
8 6 (0.42%) WebInspect
9 5 (0.35%) FortiGate
10 4 (0.28%) Kibana
10 4 (0.28%) logstash
Vendors
1 169 (11.80%) Cisco
2 105 (7.33%) Microsoft
3 93 (6.49%) CheckPoint
4 60 (4.19%) VMware
5 52 (3.63%) Apple
6 49 (3.42%) Palo Alto
7 46 (3.21%) Splunk
8 41 (2.86%) Blue Coat
8 41 (2.86%) Juniper
9 34 (2.37%) HP
10 31 (2.16%) Qualys
11 28 (1.96%) Citrix
12 21 (1.47%) Oracle
13 20 (1.40%) ArcSight
14 16 (1.12%) SolarWinds
15 15 (1.05%) Darktrace
15 15 (1.05%) IBM
16 14 (0.98%) NetWitness
17 13 (0.91%) Forcepoint
18 10 (0.70%) Red Hat