Period
to 20 September 2018

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 20 September 2018 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
20 Sep 2018
Same period 2017 Same period 2016
Rank 410 392 352
Rank change year-on-year -18 -40 +143
Permanent jobs citing Penetration Testing 1,276 1,402 1,787
As % of all permanent IT jobs advertised in the UK 0.76% 0.79% 0.92%
As % of the Processes & Methodologies category 0.84% 0.87% 1.01%
Number of salaries quoted 987 1,177 1,410
UK median annual salary £60,000 £55,000 £57,500
Median salary % change year-on-year +9.09% -4.35% +9.52%
10th Percentile £37,500 £35,000 £35,000
90th Percentile £85,000 £85,000 £83,750
UK excluding London median annual salary £52,500 £50,000 £50,000
% change year-on-year +5.00% - +8.70%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 152,266 161,948 177,345
As % of all permanent IT jobs advertised in the UK 91.04% 91.54% 90.88%
Number of salaries quoted 121,191 127,863 147,982
UK median annual salary £50,000 £50,000 £48,000
Median salary % change year-on-year - +4.17% +1.05%
10th Percentile £29,000 £28,000 £27,500
90th Percentile £82,500 £80,000 £78,750
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 20 September 2018.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 September 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -10 1,204 £60,000 +9.09% 128
UK excluding London -2 664 £52,500 +5.00% 87
London +7 570 £65,000 +8.33% 52
North of England +84 257 £50,000 - 18
North West +76 192 £50,000 -9.09% 10
South East -172 121 £55,000 +10.00% 22
East of England +72 106 £65,000 +18.18% 8
Midlands -12 71 £52,500 +23.53% 13
South West +28 67 £50,000 +25.00% 15
Yorkshire +27 51 £45,000 - 6
West Midlands -15 45 £42,000 -1.18% 9
East Midlands +24 25 £57,500 +27.78% 4
Wales +12 16 £38,000 -20.00% 4
Scotland -16 15 £65,000 +73.33% 7
North East -10 14 £67,000 +12.61% 2
Northern Ireland - 11 £62,500 -

For the 6 months to 20 September 2018, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 588 (46.08%) CISSP
1 588 (46.08%) Information Security
2 532 (41.69%) Cybersecurity
3 378 (29.62%) Windows
3 378 (29.62%) Linux
4 343 (26.88%) SIEM
5 320 (25.08%) ISO/IEC 27001
6 305 (23.90%) Firewall
7 266 (20.85%) Microsoft
8 251 (19.67%) CISM
9 211 (16.54%) Degree
10 207 (16.22%) Finance
11 205 (16.07%) GDPR
12 204 (15.99%) Vulnerability Assessment
13 203 (15.91%) SANS
14 197 (15.44%) CREST Certified
14 197 (15.44%) Ethical Hacking
15 190 (14.89%) Vulnerability Management
15 190 (14.89%) Security Testing
16 187 (14.66%) Network Security
17 183 (14.34%) Risk Management
18 178 (13.95%) TCP/IP
19 177 (13.87%) Agile Software Development
20 176 (13.79%) OWASP
21 172 (13.48%) Vulnerability Scanning
22 169 (13.24%) PCI DSS
23 167 (13.09%) Cisco Certification
24 164 (12.85%) Python
25 163 (12.77%) Security Cleared
26 161 (12.62%) Java

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 42 (3.29%) Apache Pig
2 29 (2.27%) SharePoint
3 24 (1.88%) Confluence
4 19 (1.49%) IIS
5 9 (0.71%) Apache
6 8 (0.63%) MS Exchange
7 7 (0.55%) Skype for Business
8 6 (0.47%) CMS
8 6 (0.47%) Elasticsearch
9 4 (0.31%) Apache Spark
9 4 (0.31%) nginx
9 4 (0.31%) WebSphere
10 3 (0.24%) Drupal
10 3 (0.24%) Exchange Server 2013
10 3 (0.24%) JBoss
10 3 (0.24%) Sitecore CMS
10 3 (0.24%) Tomcat
10 3 (0.24%) WordPress
11 2 (0.16%) DNN
11 2 (0.16%) Exchange Server 2010
Applications
1 58 (4.55%) Microsoft PowerPoint
2 34 (2.66%) Microsoft Office
3 13 (1.02%) MS Visio
4 7 (0.55%) Microsoft Excel
5 4 (0.31%) Microsoft Project
Business Applications
1 3 (0.24%) Magento
2 2 (0.16%) Dynamics CRM
2 2 (0.16%) Dynamics NAV
3 1 (0.078%) Remedy ITSM
3 1 (0.078%) SAP ERP
3 1 (0.078%) SAP IS-U
3 1 (0.078%) SunGard APT
Cloud Services
1 132 (10.34%) Amazon AWS
2 129 (10.11%) Microsoft Azure
3 39 (3.06%) Google Cloud Platform
4 34 (2.66%) SaaS
5 27 (2.12%) Office 365
6 16 (1.25%) IaaS
7 14 (1.10%) Virtual Private Cloud
8 13 (1.02%) Cloud Computing
8 13 (1.02%) Serverless
9 10 (0.78%) PaaS
10 7 (0.55%) AWS CloudFormation
11 6 (0.47%) GitHub
12 3 (0.24%) Amazon EC2
12 3 (0.24%) Amazon S3
12 3 (0.24%) Mimecast
13 2 (0.16%) Amazon CloudWatch
13 2 (0.16%) AWS Lambda
13 2 (0.16%) Google Drive
14 1 (0.078%) Datadog
14 1 (0.078%) Sumo Logic
Communications & Networking
1 305 (23.90%) Firewall
2 187 (14.66%) Network Security
3 178 (13.95%) TCP/IP
4 85 (6.66%) Intrusion Detection
5 77 (6.03%) SSL
6 66 (5.17%) HTTP
7 61 (4.78%) Internet
8 59 (4.62%) Wireless
9 51 (4.00%) Wi-Fi
10 48 (3.76%) WAN
11 45 (3.53%) LAN
11 45 (3.53%) VPN
12 44 (3.45%) DNS
13 34 (2.66%) Cisco ASA
14 33 (2.59%) IPsec
15 22 (1.72%) Cisco IOS
16 19 (1.49%) VoIP
17 18 (1.41%) Cisco Nexus
18 16 (1.25%) MPLS
19 14 (1.10%) SMTP
Database & Business Intelligence
1 56 (4.39%) Big Data
1 56 (4.39%) MySQL
1 56 (4.39%) SQL Server
2 47 (3.68%) Hadoop
3 42 (3.29%) Apache Hive
4 12 (0.94%) Blockchain
5 11 (0.86%) Data Warehouse
6 7 (0.55%) NoSQL
7 6 (0.47%) NonStop SQL
8 5 (0.39%) Redis
9 4 (0.31%) MongoDB
9 4 (0.31%) Relational Database
9 4 (0.31%) SQL Server 2014
10 3 (0.24%) Amazon RDS
10 3 (0.24%) HBase
10 3 (0.24%) Impala
10 3 (0.24%) Parquet
10 3 (0.24%) PostgreSQL
10 3 (0.24%) RDBMS
10 3 (0.24%) Sqoop
Development Applications
1 92 (7.21%) JIRA
2 66 (5.17%) Selenium
3 64 (5.02%) Git (software)
4 53 (4.15%) Metasploit
5 43 (3.37%) git-flow
6 41 (3.21%) Atlassian Bamboo
6 41 (3.21%) Bitbucket
6 41 (3.21%) CodeSonar
6 41 (3.21%) Robot Framework
7 24 (1.88%) Burp Suite
8 18 (1.41%) Jenkins
9 13 (1.02%) Cucumber
10 12 (0.94%) Android Studio
10 12 (0.94%) Xcode
11 10 (0.78%) Visual Studio
12 9 (0.71%) Subversion
13 7 (0.55%) webpack
14 6 (0.47%) Grunt
14 6 (0.47%) gulp
14 6 (0.47%) Mocha
General
1 207 (16.22%) Finance
2 97 (7.60%) Legal
3 88 (6.90%) Retail
4 54 (4.23%) Banking
5 28 (2.19%) Telecoms
6 21 (1.65%) Law
7 20 (1.57%) Advertising
8 19 (1.49%) Investment Banking
9 15 (1.18%) Publishing
10 12 (0.94%) Billing
11 10 (0.78%) Games
11 10 (0.78%) Marketing
12 9 (0.71%) Financial Institution
13 4 (0.31%) Automotive
13 4 (0.31%) Back Office
14 3 (0.24%) Brand Awareness
14 3 (0.24%) Pharmaceutical
15 2 (0.16%) Electronics
15 2 (0.16%) Manufacturing
15 2 (0.16%) Spanish Language
Job Titles
1 234 (18.34%) Analyst
2 192 (15.05%) Security Analyst
3 190 (14.89%) Tester
4 183 (14.34%) Security Engineer
5 169 (13.24%) Penetration Tester
6 168 (13.17%) Security Manager
7 112 (8.78%) Information Manager
7 112 (8.78%) Information Security Manager
8 109 (8.54%) Consultant
9 80 (6.27%) Security Consultant
10 73 (5.72%) Security Specialist
11 72 (5.64%) IT Analyst
12 71 (5.56%) IT Security Analyst
13 63 (4.94%) Cybersecurity Analyst
14 61 (4.78%) Senior Analyst
15 58 (4.55%) Architect
16 50 (3.92%) Security Architect
17 45 (3.53%) Senior Security Analyst
17 45 (3.53%) Software Engineer
18 43 (3.37%) Senior IT Security Analyst
Libraries, Frameworks & Software Standards
1 71 (5.56%) .NET
2 67 (5.25%) Node.js
3 55 (4.31%) REST
4 49 (3.84%) ASP.NET
5 48 (3.76%) SOAP
6 47 (3.68%) Java EE
7 46 (3.61%) .NET Framework
7 46 (3.61%) Django
8 45 (3.53%) RabbitMQ
8 45 (3.53%) STL
9 41 (3.21%) LAMP
9 41 (3.21%) Spring MVC
10 33 (2.59%) HTML
11 28 (2.19%) CSS
12 26 (2.04%) Web Services
13 24 (1.88%) Elastic Stack
14 18 (1.41%) JSON
14 18 (1.41%) RESTful
15 12 (0.94%) Ajax
15 12 (0.94%) Laravel
Miscellaneous
1 132 (10.34%) Management Information System
2 75 (5.88%) Analytical Skills
3 71 (5.56%) Mobile App
4 67 (5.25%) Computer Science
5 61 (4.78%) Cyber Kill Chain
5 61 (4.78%) Security Operations Centre
6 60 (4.70%) Data Centre
7 52 (4.08%) Data Protection Act
8 46 (3.61%) Fintech
9 41 (3.21%) Cyberthreat
10 37 (2.90%) Self-Motivation
11 31 (2.43%) Cyberattack
12 22 (1.72%) Public Cloud
13 20 (1.57%) PKI
14 19 (1.49%) Cyber Defence
15 17 (1.33%) Distributed Denial-of-Service
16 15 (1.18%) Greenfield Project
16 15 (1.18%) NHS
17 14 (1.10%) Enterprise Software
18 10 (0.78%) BYOD
Operating Systems
1 378 (29.62%) Linux
1 378 (29.62%) Windows
2 71 (5.56%) Android
2 71 (5.56%) Apple iOS
3 62 (4.86%) Windows Server
4 55 (4.31%) Mac OS X
5 50 (3.92%) Unix
6 31 (2.43%) Kali Linux
7 19 (1.49%) Windows Server 2008
8 13 (1.02%) Solaris
9 7 (0.55%) Windows 7
10 3 (0.24%) Red Hat Enterprise Linux
11 2 (0.16%) Ubuntu
11 2 (0.16%) Windows 10
11 2 (0.16%) Windows 8
12 1 (0.078%) DC/OS
12 1 (0.078%) Mac OS
12 1 (0.078%) VMS
12 1 (0.078%) Windows Server 2012
12 1 (0.078%) zOS
Processes & Methodologies
1 588 (46.08%) Information Security
2 532 (41.69%) Cybersecurity
3 343 (26.88%) SIEM
4 204 (15.99%) Vulnerability Assessment
5 197 (15.44%) Ethical Hacking
6 190 (14.89%) Security Testing
6 190 (14.89%) Vulnerability Management
7 183 (14.34%) Risk Management
8 177 (13.87%) Agile Software Development
9 176 (13.79%) OWASP
10 172 (13.48%) Vulnerability Scanning
11 160 (12.54%) Data Protection
12 153 (11.99%) Security Operations
13 137 (10.74%) Security Management
14 135 (10.58%) Security Architecture
15 124 (9.72%) Data Loss Prevention
16 119 (9.33%) ITIL
17 101 (7.92%) Business Continuity
18 96 (7.52%) Test Automation
19 94 (7.37%) Problem-Solving
Programming Languages
1 164 (12.85%) Python
2 161 (12.62%) Java
3 103 (8.07%) PowerShell
4 98 (7.68%) C#
4 98 (7.68%) SQL
5 95 (7.45%) PHP
6 90 (7.05%) C++
7 88 (6.90%) C
8 78 (6.11%) Bash Shell
9 74 (5.80%) JavaScript
10 57 (4.47%) Perl
11 52 (4.08%) Objective-C
11 52 (4.08%) Ruby
12 25 (1.96%) Go
13 10 (0.78%) Shell Script
14 5 (0.39%) Assembly Language
14 5 (0.39%) VB
15 4 (0.31%) T-SQL
16 1 (0.078%) VB.NET
16 1 (0.078%) VBScript
Qualifications
1 588 (46.08%) CISSP
2 251 (19.67%) CISM
3 211 (16.54%) Degree
4 203 (15.91%) SANS
5 197 (15.44%) CREST Certified
6 167 (13.09%) Cisco Certification
7 163 (12.77%) Security Cleared
8 148 (11.60%) CEH
9 130 (10.19%) OSCP
10 124 (9.72%) CISA
11 107 (8.39%) GIAC
12 82 (6.43%) SSCP
13 81 (6.35%) DV Cleared
14 77 (6.03%) Microsoft Certification
15 75 (5.88%) (ISC)2 CCSP
16 73 (5.72%) MCSE
17 70 (5.49%) CCNA
18 59 (4.62%) CompTIA Security+
19 52 (4.08%) SC Cleared
20 49 (3.84%) Network+ Certification
Quality Assurance & Compliance
1 320 (25.08%) ISO/IEC 27001
2 205 (16.07%) GDPR
3 169 (13.24%) PCI DSS
4 65 (5.09%) Cyber Essentials
5 58 (4.55%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 37 (2.90%) COBIT
7 32 (2.51%) QA
8 31 (2.43%) GCP
9 24 (1.88%) HIPAA
10 19 (1.49%) MiFID
11 17 (1.33%) Sarbanes-Oxley
12 16 (1.25%) ISO 22301
13 13 (1.02%) Cyber Essentials PLUS
14 9 (0.71%) SLA
15 7 (0.55%) ISO 9001
16 5 (0.39%) GPG13
16 5 (0.39%) PMO
17 2 (0.16%) ISO/IEC 27005
17 2 (0.16%) RMADS
17 2 (0.16%) Web Application Security Consortium
System Software
1 89 (6.97%) Active Directory
2 79 (6.19%) VMware Infrastructure
3 62 (4.86%) Docker
4 43 (3.37%) vSphere
5 22 (1.72%) Snort
6 21 (1.65%) Firmware
7 15 (1.18%) Hyper-V
8 6 (0.47%) ProxySG
9 4 (0.31%) KVM
10 3 (0.24%) Apache Flume
10 3 (0.24%) HDFS
10 3 (0.24%) Virtual Servers
11 2 (0.16%) iptables
11 2 (0.16%) Samba
11 2 (0.16%) Virtual Machines
11 2 (0.16%) VMware ESXi
11 2 (0.16%) VMware Server
Systems Management
1 67 (5.25%) Nessus
2 57 (4.47%) Puppet
3 42 (3.29%) Salt
4 25 (1.96%) Nmap
5 19 (1.49%) Opscode Chef
5 19 (1.49%) OSSEC
6 14 (1.10%) Ansible
6 14 (1.10%) Network Intrusion Detection System
6 14 (1.10%) SCCM
7 13 (1.02%) Kubernetes
8 11 (0.86%) Cisco CUCM
8 11 (0.86%) Cisco UCCX
8 11 (0.86%) TrustSec
9 10 (0.78%) QRadar
10 8 (0.63%) Terraform
11 7 (0.55%) Single Sign-On
12 6 (0.47%) HP ALM
12 6 (0.47%) WSUS
13 5 (0.39%) AirWatch
13 5 (0.39%) Foglight
Vendors
1 266 (20.85%) Microsoft
2 150 (11.76%) Cisco
3 91 (7.13%) VMware
4 46 (3.61%) Qualys
5 38 (2.98%) Splunk
6 28 (2.19%) CheckPoint
7 27 (2.12%) HP
8 26 (2.04%) Juniper
8 26 (2.04%) LogRhythm
9 20 (1.57%) Capita
9 20 (1.57%) Red Hat
9 20 (1.57%) SolarWinds
10 19 (1.49%) F5
10 19 (1.49%) Google
11 18 (1.41%) Palo Alto
12 17 (1.33%) ArcSight
12 17 (1.33%) Blue Coat
13 16 (1.25%) Sophos
14 14 (1.10%) AlienVault
14 14 (1.10%) Veracode