Period
to 14 November 2018

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 14 November 2018 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
14 Nov 2018
Same period 2017 Same period 2016
Rank 367 389 330
Rank change year-on-year +22 -59 +164
Permanent jobs citing Penetration Testing 1,361 1,467 1,805
As % of all permanent IT jobs advertised in the UK 0.83% 0.81% 0.95%
As % of the Processes & Methodologies category 0.91% 0.89% 1.05%
Number of salaries quoted 1,069 1,189 1,444
UK median annual salary £60,000 £55,000 £57,500
Median salary % change year-on-year +9.09% -4.35% +7.71%
10th Percentile £37,500 £35,000 £35,073
90th Percentile £85,000 £85,000 £83,750
UK excluding London median annual salary £52,500 £50,000 £50,000
% change year-on-year +5.00% - +5.26%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 149,014 165,379 172,621
As % of all permanent IT jobs advertised in the UK 91.10% 91.49% 90.94%
Number of salaries quoted 118,546 130,794 143,596
UK median annual salary £50,000 £50,000 £48,000
Median salary % change year-on-year - +4.17% +1.05%
10th Percentile £29,000 £28,250 £27,500
90th Percentile £84,000 £80,000 £78,750
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 14 November 2018.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 14 November 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +11 1,281 £60,000 +9.09% 170
UK excluding London +10 719 £52,500 +5.00% 102
London +18 584 £65,000 +8.33% 75
North of England +130 312 £50,000 - 28
North West +110 242 £50,000 -4.76% 15
South East -161 123 £60,000 +14.29% 24
East of England +76 112 £65,000 +13.04% 13
Midlands -9 71 £45,000 - 16
South West +7 66 £50,000 +11.11% 14
Yorkshire +40 59 £46,000 -3.16% 12
West Midlands -14 44 £42,000 -9.19% 12
East Midlands +23 27 £55,000 +46.67% 4
Wales +6 14 £43,000 -9.47% 1
Scotland -12 13 £46,750 +24.67% 5
North East +4 11 £65,750 +10.50% 1
Northern Ireland +11 8 £62,500 +4.17% 1

For the 6 months to 14 November 2018, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 682 (50.11%) Information Security
2 613 (45.04%) CISSP
3 564 (41.44%) Cybersecurity
4 452 (33.21%) Linux
5 451 (33.14%) Windows
6 413 (30.35%) SIEM
7 401 (29.46%) ISO/IEC 27001
8 338 (24.83%) Microsoft
9 299 (21.97%) Firewall
10 254 (18.66%) Vulnerability Assessment
11 250 (18.37%) Finance
12 249 (18.30%) Vulnerability Management
13 234 (17.19%) CREST Certified
13 234 (17.19%) SANS
14 232 (17.05%) GDPR
15 225 (16.53%) OWASP
16 224 (16.46%) CISM
17 222 (16.31%) Network Security
18 218 (16.02%) Degree
18 218 (16.02%) PCI DSS
19 207 (15.21%) Risk Management
20 197 (14.47%) Security Testing
21 184 (13.52%) Data Protection
22 183 (13.45%) Cisco
22 183 (13.45%) Cisco Certification
23 178 (13.08%) Ethical Hacking
24 176 (12.93%) Management Information System
25 170 (12.49%) Data Loss Prevention
26 168 (12.34%) TCP/IP
26 168 (12.34%) Python

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 39 (2.87%) Apache Pig
2 33 (2.42%) SharePoint
3 27 (1.98%) Confluence
4 16 (1.18%) IIS
5 10 (0.73%) MS Exchange
6 7 (0.51%) Skype for Business
7 6 (0.44%) Apache
8 4 (0.29%) nginx
8 4 (0.29%) SharePoint Server
9 3 (0.22%) Apache Spark
9 3 (0.22%) CMS
9 3 (0.22%) Elasticsearch
9 3 (0.22%) Umbraco
9 3 (0.22%) WebSphere
10 2 (0.15%) DNN
10 2 (0.15%) Exchange Server 2013
10 2 (0.15%) WebSphere Application Server
11 1 (0.073%) BizTalk Server
11 1 (0.073%) IBM Domino
11 1 (0.073%) IBM Notes
Applications
1 88 (6.47%) Microsoft PowerPoint
2 29 (2.13%) Microsoft Office
3 7 (0.51%) Microsoft Excel
4 6 (0.44%) MS Visio
5 3 (0.22%) Microsoft Project
Business Applications
1 3 (0.22%) RiskWrite
2 2 (0.15%) Dynamics CRM
2 2 (0.15%) Dynamics NAV
2 2 (0.15%) SAP ERP
3 1 (0.073%) SAP IS-U
Cloud Services
1 167 (12.27%) Microsoft Azure
2 160 (11.76%) Amazon AWS
3 43 (3.16%) SaaS
4 31 (2.28%) Google Cloud Platform
5 30 (2.20%) Office 365
6 16 (1.18%) IaaS
7 14 (1.03%) Cloud Computing
7 14 (1.03%) Virtual Private Cloud
8 12 (0.88%) Serverless
9 10 (0.73%) PaaS
10 8 (0.59%) AWS CloudFormation
11 5 (0.37%) Mimecast
12 4 (0.29%) Amazon EC2
12 4 (0.29%) Amazon S3
13 3 (0.22%) Amazon CloudWatch
13 3 (0.22%) IBM Cloud
14 2 (0.15%) AWS CloudTrail
14 2 (0.15%) AWS Lambda
14 2 (0.15%) CloudFront
14 2 (0.15%) Google Drive
Communications & Networking
1 299 (21.97%) Firewall
2 222 (16.31%) Network Security
3 168 (12.34%) TCP/IP
4 90 (6.61%) Wi-Fi
5 76 (5.58%) Intrusion Detection
6 63 (4.63%) Internet
7 59 (4.34%) HTTP
7 59 (4.34%) SSL
8 54 (3.97%) Wireless
9 43 (3.16%) LAN
10 38 (2.79%) VPN
11 37 (2.72%) DNS
11 37 (2.72%) WAN
12 18 (1.32%) Cisco ASA
12 18 (1.32%) IPsec
13 14 (1.03%) Cisco IOS
14 13 (0.96%) SAN
15 11 (0.81%) BGP
15 11 (0.81%) F5 BIG-IP LTM
15 11 (0.81%) Wireless Security
Database & Business Intelligence
1 68 (5.00%) Big Data
2 52 (3.82%) MySQL
3 50 (3.67%) SQL Server
4 45 (3.31%) Hadoop
5 39 (2.87%) Apache Hive
6 12 (0.88%) Blockchain
6 12 (0.88%) Data Warehouse
7 9 (0.66%) NoSQL
8 6 (0.44%) NonStop SQL
8 6 (0.44%) Redis
9 4 (0.29%) Amazon RDS
9 4 (0.29%) DB2
10 3 (0.22%) MongoDB
10 3 (0.22%) Power BI
10 3 (0.22%) Relational Database
11 2 (0.15%) Amazon Aurora
11 2 (0.15%) Impala
11 2 (0.15%) Oracle Database
11 2 (0.15%) Parquet
11 2 (0.15%) SQL Server 2014
Development Applications
1 91 (6.69%) JIRA
2 68 (5.00%) Selenium
3 62 (4.56%) Metasploit
4 55 (4.04%) Git (software)
5 42 (3.09%) Atlassian Bamboo
6 40 (2.94%) Bitbucket
6 40 (2.94%) CodeSonar
6 40 (2.94%) git-flow
6 40 (2.94%) Robot Framework
7 37 (2.72%) Burp Suite
8 15 (1.10%) Android Studio
8 15 (1.10%) Xcode
9 13 (0.96%) Cucumber
10 9 (0.66%) Jenkins
10 9 (0.66%) LoadRunner
11 7 (0.51%) AppScan
11 7 (0.51%) Subversion
11 7 (0.51%) Visual Studio
12 5 (0.37%) SoapUI
12 5 (0.37%) webpack
General
1 250 (18.37%) Finance
2 125 (9.18%) Legal
3 85 (6.25%) Retail
4 45 (3.31%) Banking
5 33 (2.42%) Telecoms
6 25 (1.84%) Law
7 17 (1.25%) Investment Banking
8 16 (1.18%) Advertising
9 15 (1.10%) Publishing
10 10 (0.73%) Billing
10 10 (0.73%) Electronics
11 9 (0.66%) Marketing
12 6 (0.44%) Financial Institution
13 5 (0.37%) Games
13 5 (0.37%) Military
14 4 (0.29%) Automotive
15 3 (0.22%) Brand Awareness
15 3 (0.22%) Manufacturing
15 3 (0.22%) Pharmaceutical
16 2 (0.15%) Back Office
Job Titles
1 278 (20.43%) Analyst
2 238 (17.49%) Security Analyst
3 208 (15.28%) Security Manager
4 202 (14.84%) Tester
5 194 (14.25%) Security Engineer
6 177 (13.01%) Penetration Tester
7 126 (9.26%) Information Security Manager
8 125 (9.18%) Information Manager
9 120 (8.82%) Consultant
10 106 (7.79%) IT Analyst
11 105 (7.71%) IT Security Analyst
12 92 (6.76%) Senior Analyst
13 87 (6.39%) Security Consultant
14 83 (6.10%) Senior Security Analyst
15 80 (5.88%) Senior IT Security Analyst
16 66 (4.85%) Security Specialist
17 64 (4.70%) Cybersecurity Analyst
18 60 (4.41%) Architect
19 50 (3.67%) Security Architect
20 44 (3.23%) Senior Security Engineer
Libraries, Frameworks & Software Standards
1 75 (5.51%) .NET
2 63 (4.63%) Node.js
3 52 (3.82%) REST
4 50 (3.67%) ASP.NET
5 48 (3.53%) SOAP
6 47 (3.45%) Java EE
7 46 (3.38%) Django
8 44 (3.23%) RabbitMQ
9 43 (3.16%) .NET Framework
9 43 (3.16%) STL
10 40 (2.94%) LAMP
10 40 (2.94%) Spring MVC
11 35 (2.57%) HTML
12 29 (2.13%) Elastic Stack
12 29 (2.13%) Web Services
13 25 (1.84%) CSS
14 17 (1.25%) RESTful
15 15 (1.10%) Dagger
15 15 (1.10%) JSON
16 9 (0.66%) JDBC
Miscellaneous
1 176 (12.93%) Management Information System
2 95 (6.98%) Cyber Kill Chain
3 78 (5.73%) Mobile App
4 75 (5.51%) Analytical Skills
5 68 (5.00%) Computer Science
6 65 (4.78%) Security Operations Centre
7 51 (3.75%) Data Centre
8 47 (3.45%) Cyberthreat
9 44 (3.23%) Data Protection Act
9 44 (3.23%) Fintech
10 43 (3.16%) Self-Motivation
11 39 (2.87%) Cyberattack
12 22 (1.62%) Distributed Denial-of-Service
13 19 (1.40%) PKI
14 15 (1.10%) Enterprise Software
14 15 (1.10%) Public Cloud
15 14 (1.03%) Cyber Defence
16 13 (0.96%) Cybercrime
17 12 (0.88%) Embedded Systems
17 12 (0.88%) Virtual Team
Operating Systems
1 452 (33.21%) Linux
2 451 (33.14%) Windows
3 76 (5.58%) Android
3 76 (5.58%) Apple iOS
4 60 (4.41%) Windows Server
5 50 (3.67%) Unix
6 44 (3.23%) Mac OS X
7 40 (2.94%) Kali Linux
8 17 (1.25%) Windows Server 2008
9 8 (0.59%) Solaris
10 7 (0.51%) Windows 7
11 3 (0.22%) Red Hat Enterprise Linux
12 2 (0.15%) CentOS
12 2 (0.15%) Ubuntu
12 2 (0.15%) Windows 10
12 2 (0.15%) Windows 8
12 2 (0.15%) Windows Server 2012
13 1 (0.073%) DC/OS
13 1 (0.073%) Windows Phone
13 1 (0.073%) zOS
Processes & Methodologies
1 682 (50.11%) Information Security
2 564 (41.44%) Cybersecurity
3 413 (30.35%) SIEM
4 254 (18.66%) Vulnerability Assessment
5 249 (18.30%) Vulnerability Management
6 225 (16.53%) OWASP
7 207 (15.21%) Risk Management
8 197 (14.47%) Security Testing
9 184 (13.52%) Data Protection
10 178 (13.08%) Ethical Hacking
11 170 (12.49%) Data Loss Prevention
12 161 (11.83%) Agile Software Development
12 161 (11.83%) Security Operations
13 160 (11.76%) Security Management
14 159 (11.68%) Vulnerability Scanning
15 148 (10.87%) Security Architecture
16 127 (9.33%) Incident Management
17 123 (9.04%) Mentoring
18 120 (8.82%) ITIL
19 119 (8.74%) Disaster Recovery
Programming Languages
1 168 (12.34%) Python
2 154 (11.32%) Java
3 142 (10.43%) SQL
4 106 (7.79%) PowerShell
5 105 (7.71%) C#
6 100 (7.35%) C++
7 95 (6.98%) C
8 83 (6.10%) PHP
9 75 (5.51%) Bash Shell
10 74 (5.44%) JavaScript
11 58 (4.26%) Ruby
12 57 (4.19%) Perl
13 45 (3.31%) Objective-C
14 23 (1.69%) Go
15 12 (0.88%) Shell Script
16 11 (0.81%) VB
17 4 (0.29%) Assembly Language
17 4 (0.29%) T-SQL
18 2 (0.15%) Lua
18 2 (0.15%) VB.NET
Qualifications
1 613 (45.04%) CISSP
2 234 (17.19%) CREST Certified
2 234 (17.19%) SANS
3 224 (16.46%) CISM
4 218 (16.02%) Degree
5 183 (13.45%) Cisco Certification
6 160 (11.76%) Security Cleared
7 143 (10.51%) CEH
8 129 (9.48%) OSCP
9 108 (7.94%) CISA
10 107 (7.86%) (ISC)2 CCSP
11 106 (7.79%) GIAC
12 85 (6.25%) DV Cleared
13 79 (5.80%) SSCP
14 72 (5.29%) Microsoft Certification
15 69 (5.07%) CCNA
16 67 (4.92%) MCSE
17 61 (4.48%) CompTIA Security+
18 54 (3.97%) SC Cleared
19 46 (3.38%) Network+ Certification
Quality Assurance & Compliance
1 401 (29.46%) ISO/IEC 27001
2 232 (17.05%) GDPR
3 218 (16.02%) PCI DSS
4 72 (5.29%) Cyber Essentials
5 63 (4.63%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 36 (2.65%) COBIT
7 34 (2.50%) QA
8 23 (1.69%) MiFID
9 17 (1.25%) Sarbanes-Oxley
10 16 (1.18%) HIPAA
11 15 (1.10%) Cyber Essentials PLUS
12 13 (0.96%) ISO 22301
13 8 (0.59%) SLA
14 5 (0.37%) PMO
15 3 (0.22%) Data Quality
15 3 (0.22%) RMADS
16 2 (0.15%) ISO 9001
16 2 (0.15%) Web Application Security Consortium
17 1 (0.073%) FINRA
17 1 (0.073%) GPG13
System Software
1 114 (8.38%) Active Directory
2 111 (8.16%) VMware Infrastructure
3 56 (4.11%) Docker
4 41 (3.01%) vSphere
5 32 (2.35%) Snort
6 12 (0.88%) Firmware
7 9 (0.66%) Hyper-V
8 7 (0.51%) ProxySG
9 5 (0.37%) KVM
10 3 (0.22%) Virtual Machines
10 3 (0.22%) Virtual Servers
11 2 (0.15%) Apache Flume
11 2 (0.15%) HDFS
11 2 (0.15%) Squid
12 1 (0.073%) VMware ESXi
12 1 (0.073%) VMware Server
Systems Management
1 76 (5.58%) Nessus
2 53 (3.89%) Puppet
3 41 (3.01%) Salt
4 36 (2.65%) Nmap
5 23 (1.69%) OSSEC
6 19 (1.40%) Nexpose
7 17 (1.25%) QRadar
8 15 (1.10%) Opscode Chef
9 13 (0.96%) SCCM
10 12 (0.88%) Ansible
11 11 (0.81%) EnCase
11 11 (0.81%) OpenVAS
12 9 (0.66%) Kubernetes
12 9 (0.66%) Network Intrusion Detection System
12 9 (0.66%) Suricata
13 8 (0.59%) Terraform
14 7 (0.51%) FTK
14 7 (0.51%) McAfee ePO
15 6 (0.44%) AirWatch
15 6 (0.44%) WSUS
Vendors
1 338 (24.83%) Microsoft
2 183 (13.45%) Cisco
3 122 (8.96%) VMware
4 55 (4.04%) Qualys
5 46 (3.38%) Splunk
6 33 (2.42%) CheckPoint
6 33 (2.42%) LogRhythm
7 32 (2.35%) Palo Alto
8 22 (1.62%) Blue Coat
9 21 (1.54%) HP
9 21 (1.54%) Juniper
10 20 (1.47%) F5
10 20 (1.47%) Google
10 20 (1.47%) IBM
10 20 (1.47%) Symantec
11 19 (1.40%) ArcSight
11 19 (1.40%) McAfee
12 18 (1.32%) Red Hat
13 17 (1.25%) AlienVault
13 17 (1.25%) Sophos