Period
to 22 April 2021

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 22 April 2021 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
22 Apr 2021
Same period 2020 Same period 2019
Rank 376 352 340
Rank change year-on-year -24 -12 +63
Permanent jobs citing Penetration Testing 629 905 1,398
As % of all permanent jobs advertised in the UK 0.74% 0.84% 0.94%
As % of the Processes & Methodologies category 0.80% 0.91% 1.02%
Number of salaries quoted 441 669 1,048
10th Percentile £40,000 £37,000 £37,500
25th Percentile £45,000 £45,000 £45,000
Median annual salary (50th Percentile) £60,000 £55,000 £60,000
Median % change year-on-year +9.09% -8.33% -
75th Percentile £75,000 £73,750 £76,250
90th Percentile £92,500 £85,000 £92,500
UK excluding London median annual salary £55,000 £52,500 £55,000
% change year-on-year +4.76% -4.55% +4.76%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 78,391 99,556 136,991
As % of all permanent IT jobs advertised in the UK 92.52% 92.22% 92.31%
Number of salaries quoted 59,857 79,992 108,656
10th Percentile £32,500 £31,250 £30,000
25th Percentile £41,250 £40,000 £37,500
Median annual salary (50th Percentile) £55,000 £55,000 £52,500
Median % change year-on-year - +4.76% +5.00%
75th Percentile £75,000 £72,500 £70,000
90th Percentile £90,000 £90,000 £85,000
UK excluding London median annual salary £48,500 £47,500 £45,000
% change year-on-year +2.11% +5.56% -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a proportion of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

3-month moving average salary quoted in jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 22 April 2021.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 22 April 2021. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +4 562 £60,000 +9.09% 90
UK excluding London -54 307 £55,000 +4.76% 59
London +36 256 £67,500 +3.85% 37
Work from Home -155 76 £65,000 +18.18% 18
Midlands -18 72 £70,000 +40.00% 13
North of England +22 71 £47,500 -9.52% 15
South East -34 69 £62,500 +13.64% 18
West Midlands -31 66 £70,000 +33.33% 10
South West -7 42 £44,750 -0.56% 3
North West +41 32 £55,000 +14.58% 5
East of England +53 26 £46,913 -6.18% 4
North East +29 21 £40,000 -20.00% 2
Scotland -16 20 £46,000 -20.00% 3
Yorkshire -22 18 £57,500 -4.17% 8
East Midlands +6 6 £43,500 -3.33% 3
Wales +32 5 £62,750 +19.52% 2
Northern Ireland +3 2 £42,500 -15.00% 1

For the 6 months to 22 April 2021, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 380 (60.41%) Cybersecurity
2 238 (37.84%) Information Security
3 168 (26.71%) Firewall
4 151 (24.01%) AWS
5 134 (21.30%) Linux
6 131 (20.83%) ISO/IEC 27001
7 130 (20.67%) Ethical Hacking
8 126 (20.03%) Problem-Solving
9 125 (19.87%) CISSP
10 123 (19.55%) Azure
11 117 (18.60%) DevOps
12 112 (17.81%) Security Operations
13 108 (17.17%) Vulnerability Management
14 101 (16.06%) Data Security
15 100 (15.90%) Wireless
15 100 (15.90%) SIEM
16 98 (15.58%) Finance
17 97 (15.42%) Python
17 97 (15.42%) CompTIA Security+
18 92 (14.63%) Microsoft
19 85 (13.51%) Network+ Certification
19 85 (13.51%) OWASP
20 84 (13.35%) Windows
21 82 (13.04%) Degree
22 79 (12.56%) A+ Certification
23 78 (12.40%) Agile Software Development
24 73 (11.61%) Security Testing
25 69 (10.97%) DevSecOps
26 68 (10.81%) Management Information System
27 67 (10.65%) Threat Intelligence

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 22 (3.50%) nginx
2 19 (3.02%) Apache
3 14 (2.23%) IIS
3 14 (2.23%) Tomcat
4 13 (2.07%) ejabberd
5 12 (1.91%) Elasticsearch
6 7 (1.11%) Confluence
7 6 (0.95%) Apache Spark
7 6 (0.95%) SharePoint
8 4 (0.64%) Exchange Server 2013
9 1 (0.16%) IBM HTTP Server
9 1 (0.16%) JBoss
9 1 (0.16%) K2 blackpearl
9 1 (0.16%) MS Exchange
9 1 (0.16%) Skype for Business
9 1 (0.16%) WebSphere
9 1 (0.16%) WebSphere Application Server
Applications
1 6 (0.95%) Gephi
2 2 (0.32%) Microsoft Office
2 2 (0.32%) Microsoft Project
Business Applications
1 5 (0.79%) JDE OneWorld
1 5 (0.79%) Sentinel
2 3 (0.48%) Dynamics AX
2 3 (0.48%) Dynamics NAV
2 3 (0.48%) NetSuite
2 3 (0.48%) SAP GRC
3 2 (0.32%) Dynamics CRM
4 1 (0.16%) Temenos T24
Cloud Services
1 151 (24.01%) AWS
2 123 (19.55%) Azure
3 50 (7.95%) SaaS
4 38 (6.04%) Microsoft 365
5 33 (5.25%) GCP
6 23 (3.66%) IaaS
6 23 (3.66%) PaaS
7 20 (3.18%) Serverless
8 17 (2.70%) Virtual Private Cloud
9 15 (2.38%) Amazon EC2
10 14 (2.23%) Amazon S3
10 14 (2.23%) Cloud Computing
11 13 (2.07%) Amazon GuardDuty
12 12 (1.91%) Azure Sentinel
13 11 (1.75%) AWS Lambda
14 9 (1.43%) Amazon EKS
14 9 (1.43%) Mimecast
15 8 (1.27%) Amazon ELB
16 7 (1.11%) Azure Active Directory
17 6 (0.95%) GitHub
Communications & Networking
1 168 (26.71%) Firewall
2 100 (15.90%) Wireless
3 50 (7.95%) Network Security
4 45 (7.15%) VPN
5 44 (7.00%) Intrusion Detection
6 38 (6.04%) Internet
7 29 (4.61%) DNS
8 23 (3.66%) LAN
9 19 (3.02%) SNMP
10 16 (2.54%) TCP/IP
11 14 (2.23%) HTTP
12 13 (2.07%) Asterisk PBX
12 13 (2.07%) BGP
12 13 (2.07%) Diameter Protocol
12 13 (2.07%) PBX
13 11 (1.75%) WAN
14 9 (1.43%) SSL
15 8 (1.27%) Unified Communications
16 7 (1.11%) 5G
17 6 (0.95%) Ethernet
Database & Business Intelligence
1 27 (4.29%) Redis
2 25 (3.97%) SQL Server
3 19 (3.02%) PostgreSQL
4 14 (2.23%) Blockchain
5 11 (1.75%) Amazon RDS
6 6 (0.95%) Apache Hive
6 6 (0.95%) Big Data
6 6 (0.95%) Impala
6 6 (0.95%) Relational Database
7 5 (0.79%) MySQL
8 4 (0.64%) RDBMS
9 2 (0.32%) MongoDB
9 2 (0.32%) NoSQL
9 2 (0.32%) Power BI
9 2 (0.32%) SQL Server Integration Services
10 1 (0.16%) Amazon Aurora
10 1 (0.16%) Amazon DynamoDB
10 1 (0.16%) Azure SQL Database
10 1 (0.16%) GIS
10 1 (0.16%) SQLite
Development Applications
1 32 (5.09%) Burp Suite
1 32 (5.09%) Git (software)
2 27 (4.29%) Metasploit
3 17 (2.70%) JIRA
4 16 (2.54%) Jenkins
4 16 (2.54%) Selenium
5 9 (1.43%) Travis CI
6 8 (1.27%) Bitbucket
6 8 (1.27%) git-flow
6 8 (1.27%) Team Foundation Server
7 7 (1.11%) GitLab
8 6 (0.95%) Bitbucket Server
8 6 (0.95%) eggPlant
8 6 (0.95%) Protractor
9 5 (0.79%) JMeter
10 4 (0.64%) Cucumber
10 4 (0.64%) Postman
10 4 (0.64%) SoapUI
10 4 (0.64%) Visual Studio
11 3 (0.48%) Hudson
General
1 98 (15.58%) Finance
2 41 (6.52%) Manufacturing
3 26 (4.13%) Public Sector
4 24 (3.82%) Legal
5 22 (3.50%) Marketing
5 22 (3.50%) Retail
6 20 (3.18%) Games
7 14 (2.23%) Publishing
8 12 (1.91%) Banking
8 12 (1.91%) Law
9 11 (1.75%) Telecoms
10 10 (1.59%) Electronics
11 7 (1.11%) Aerospace
12 3 (0.48%) German Language
13 2 (0.32%) Automotive
13 2 (0.32%) French Language
14 1 (0.16%) Billing
14 1 (0.16%) Military
Job Titles
1 99 (15.74%) Analyst
2 85 (13.51%) Ethical Hacker
3 79 (12.56%) Trainee
4 78 (12.40%) Security Analyst
5 71 (11.29%) Security Engineer
6 53 (8.43%) Penetration Tester
6 53 (8.43%) Tester
7 45 (7.15%) Consultant
8 41 (6.52%) Security Consultant
9 37 (5.88%) Architect
10 33 (5.25%) Security Architect
11 32 (5.09%) AWS Engineer
11 32 (5.09%) Cloud Engineer
12 31 (4.93%) Security Specialist
13 29 (4.61%) Cybersecurity Analyst
13 29 (4.61%) Security Manager
14 23 (3.66%) Senior Analyst
15 22 (3.50%) Cybersecurity Consultant
16 20 (3.18%) DevSecOps Engineer
17 18 (2.86%) DevOps Engineer
Libraries, Frameworks & Software Standards
1 26 (4.13%) .NET
2 20 (3.18%) React
3 19 (3.02%) Web Services
4 18 (2.86%) AngularJS
4 18 (2.86%) Node.js
5 15 (2.38%) SAML
6 13 (2.07%) Elastic Stack
6 13 (2.07%) XMPP
7 12 (1.91%) HTML
8 11 (1.75%) .NET Core
9 10 (1.59%) Django
9 10 (1.59%) Spring
10 9 (1.43%) CSS
10 9 (1.43%) OpenID
10 9 (1.43%) Vue.js
11 8 (1.27%) OAuth
11 8 (1.27%) REST
11 8 (1.27%) Spring Boot
12 7 (1.11%) Velocity
13 6 (0.95%) HTML5
Miscellaneous
1 68 (10.81%) Management Information System
2 67 (10.65%) Analytical Skills
3 35 (5.56%) Data Centre
4 32 (5.09%) Mobile App
5 28 (4.45%) Public Cloud
6 23 (3.66%) Cyberthreat
7 19 (3.02%) Organisational Skills
8 15 (2.38%) Security Operations Centre
9 13 (2.07%) Distributed Denial-of-Service
10 12 (1.91%) Cyber Kill Chain
10 12 (1.91%) Cybercrime
10 12 (1.91%) Greenfield Project
10 12 (1.91%) Self-Motivation
11 11 (1.75%) Cyberattack
12 10 (1.59%) PKI
13 9 (1.43%) Internet of Things
14 8 (1.27%) Video Conferencing
15 7 (1.11%) Analytical Mindset
16 6 (0.95%) Hybrid Cloud
16 6 (0.95%) Linux Command Line
Operating Systems
1 134 (21.30%) Linux
2 84 (13.35%) Windows
3 24 (3.82%) Unix
4 15 (2.38%) Apple iOS
4 15 (2.38%) Kali Linux
5 13 (2.07%) Android
5 13 (2.07%) Debian
5 13 (2.07%) Mac OS
5 13 (2.07%) Windows Server
6 6 (0.95%) VMS
7 3 (0.48%) Mac OS X
7 3 (0.48%) Ubuntu
8 2 (0.32%) Windows Server 2016
8 2 (0.32%) Windows Server 2019
9 1 (0.16%) CentOS
9 1 (0.16%) Red Hat Enterprise Linux
9 1 (0.16%) VyOS
9 1 (0.16%) Windows 10
Processes & Methodologies
1 380 (60.41%) Cybersecurity
2 238 (37.84%) Information Security
3 130 (20.67%) Ethical Hacking
4 126 (20.03%) Problem-Solving
5 117 (18.60%) DevOps
6 112 (17.81%) Security Operations
7 108 (17.17%) Vulnerability Management
8 101 (16.06%) Data Security
9 100 (15.90%) SIEM
10 85 (13.51%) OWASP
11 78 (12.40%) Agile Software Development
12 73 (11.61%) Security Testing
13 69 (10.97%) DevSecOps
14 67 (10.65%) Threat Intelligence
15 61 (9.70%) Vulnerability Scanning
16 56 (8.90%) Cyber Threat Intelligence
17 53 (8.43%) Risk Management
18 52 (8.27%) Vulnerability Assessment
19 49 (7.79%) Security Architecture
20 45 (7.15%) Computer Science
Programming Languages
1 97 (15.42%) Python
2 51 (8.11%) Java
3 49 (7.79%) C
4 40 (6.36%) Bash Shell
4 40 (6.36%) PowerShell
5 33 (5.25%) Perl
6 29 (4.61%) SQL
7 25 (3.97%) C#
8 24 (3.82%) C++
9 20 (3.18%) JavaScript
10 17 (2.70%) PHP
11 13 (2.07%) Go
12 8 (1.27%) Shell Script
13 7 (1.11%) Jython
14 6 (0.95%) Lua
14 6 (0.95%) R
14 6 (0.95%) Ruby
15 5 (0.79%) TypeScript
15 5 (0.79%) VB
16 1 (0.16%) Groovy
Qualifications
1 125 (19.87%) CISSP
2 97 (15.42%) CompTIA Security+
3 85 (13.51%) Network+ Certification
4 82 (13.04%) Degree
5 79 (12.56%) A+ Certification
6 56 (8.90%) CEH
6 56 (8.90%) OSCP
7 44 (7.00%) CISM
8 41 (6.52%) Security Cleared
9 37 (5.88%) GIAC
10 33 (5.25%) Cisco Certification
11 24 (3.82%) Computer Science Degree
12 23 (3.66%) DV Cleared
13 22 (3.50%) CISA
14 21 (3.34%) (ISC)2 CCSP
14 21 (3.34%) OSCE
14 21 (3.34%) SANS
15 17 (2.70%) CREST Certified
15 17 (2.70%) GPEN
16 16 (2.54%) SSCP
Quality Assurance & Compliance
1 131 (20.83%) ISO/IEC 27001
2 66 (10.49%) PCI DSS
3 60 (9.54%) GDPR
4 55 (8.74%) NIST
5 51 (8.11%) Cyber Essentials
6 27 (4.29%) QA
7 14 (2.23%) NCSC
8 11 (1.75%) Sarbanes-Oxley
9 10 (1.59%) SOC 2
10 9 (1.43%) Cyber Essentials PLUS
11 8 (1.27%) GRC
11 8 (1.27%) SLA
11 8 (1.27%) SOC 1
12 5 (0.79%) HMG Security Policy Framework
12 5 (0.79%) ISO/IEC 20000
13 4 (0.64%) ISO 22301
14 3 (0.48%) Actionable Recommendations
15 2 (0.32%) Government Security Classifications
15 2 (0.32%) JSP 440
15 2 (0.32%) RMADS
System Software
1 52 (8.27%) Docker
2 31 (4.93%) Active Directory
3 13 (2.07%) iptables
3 13 (2.07%) Kamailio
3 13 (2.07%) KVM
3 13 (2.07%) Postfix
3 13 (2.07%) QEMU
4 6 (0.95%) Apache Flume
4 6 (0.95%) VMware Infrastructure
4 6 (0.95%) vSphere
5 5 (0.79%) Firmware
5 5 (0.79%) Snort
5 5 (0.79%) Squid
6 4 (0.64%) BitLocker
7 3 (0.48%) Hyper-V
8 2 (0.32%) Virtual Machines
8 2 (0.32%) VMware NSX
9 1 (0.16%) VMware ESXi
9 1 (0.16%) VMware Workstation
Systems Management
1 53 (8.43%) Kubernetes
2 48 (7.63%) Terraform
3 44 (7.00%) Nessus
4 29 (4.61%) Ansible
5 25 (3.97%) Puppet
6 24 (3.82%) CASB
7 15 (2.38%) Nmap
8 14 (2.23%) Prometheus
9 13 (2.07%) Galera Cluster
9 13 (2.07%) HAProxy
9 13 (2.07%) ZABBIX
10 9 (1.43%) Consul
10 9 (1.43%) QRadar
11 8 (1.27%) Kibana
11 8 (1.27%) linkerd
12 7 (1.11%) Nexpose
13 6 (0.95%) CSIRT
13 6 (0.95%) Grafana
13 6 (0.95%) Oozie
13 6 (0.95%) OpenVAS
Vendors
1 92 (14.63%) Microsoft
2 36 (5.72%) Cisco
2 36 (5.72%) Splunk
3 26 (4.13%) Palo Alto
4 22 (3.50%) Qualys
5 20 (3.18%) Google
5 20 (3.18%) Juniper
5 20 (3.18%) Symantec
6 18 (2.86%) LogRhythm
7 16 (2.54%) SAP
8 14 (2.23%) CrowdStrike
8 14 (2.23%) HP
9 13 (2.07%) AlienVault
9 13 (2.07%) CheckPoint
9 13 (2.07%) Forcepoint
9 13 (2.07%) GENBAND
9 13 (2.07%) Nortel
9 13 (2.07%) Oracle
9 13 (2.07%) Percona
9 13 (2.07%) VMware