Period
to 21 April 2018

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 21 April 2018 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
21 Apr 2018
Same period 2017 Same period 2016
Rank 398 459 457
Rank change year-on-year +61 -2 +116
Permanent jobs citing Penetration Testing 1,358 1,071 1,411
As % of all permanent IT jobs advertised in the UK 0.76% 0.63% 0.69%
As % of the Processes & Methodologies category 0.84% 0.69% 0.77%
Number of salaries quoted 1,047 865 1,144
UK median annual salary £60,000 £57,500 £55,000
Median salary % change year-on-year +4.35% +4.55% +4.76%
10th Percentile £38,750 £35,073 £35,000
90th Percentile £85,000 £84,000 £89,625
UK excluding London median annual salary £52,500 £50,000 £52,500
% change year-on-year +5.00% -4.76% +10.53%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 161,258 154,906 183,888
As % of all permanent IT jobs advertised in the UK 90.84% 90.43% 89.94%
Number of salaries quoted 130,650 127,515 152,786
UK median annual salary £50,000 £47,500 £47,500
Median salary % change year-on-year +5.26% - +5.56%
10th Percentile £29,127 £27,875 £27,500
90th Percentile £81,250 £78,750 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +5.66%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 21 April 2018.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 21 April 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +61 1,289 £60,000 +4.35% 104
UK excluding London +52 654 £52,500 +5.00% 73
London +35 650 £70,000 +12.00% 35
South East +49 258 £55,000 -8.33% 17
North of England +59 186 £52,500 +7.69% 19
North West +52 105 £55,000 -2.22% 11
Midlands -11 78 £52,500 +23.53% 15
Yorkshire +28 73 £45,000 +12.50% 4
West Midlands -13 67 £52,500 +23.53% 14
South West -20 58 £45,000 -18.18% 11
East of England -1 48 £52,500 -8.70% 7
Scotland -48 15 £65,000 +73.33% 2
Wales +11 11 £36,412 -19.09%
East Midlands +2 10 £57,500 +35.29% 1
North East -17 8 £69,750 +16.25% 4

For the 6 months to 21 April 2018, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 605 (44.55%) Information Security
2 534 (39.32%) Cybersecurity
3 489 (36.01%) CISSP
4 425 (31.30%) Firewall
5 330 (24.30%) ISO/IEC 27001
6 312 (22.97%) Finance
7 290 (21.35%) CISM
8 283 (20.84%) Windows
9 265 (19.51%) SIEM
10 231 (17.01%) Network Security
11 227 (16.72%) Linux
12 209 (15.39%) Security Architecture
13 199 (14.65%) Ethical Hacking
14 196 (14.43%) Vulnerability Scanning
15 188 (13.84%) Agile Software Development
16 186 (13.70%) Vulnerability Management
17 184 (13.55%) CREST Certified
18 178 (13.11%) GDPR
19 173 (12.74%) Security Testing
20 172 (12.67%) TCP/IP
21 170 (12.52%) Management Information System
22 168 (12.37%) OSCP
23 165 (12.15%) Microsoft
24 160 (11.78%) OWASP
25 156 (11.49%) CEH
26 154 (11.34%) Risk Management
26 154 (11.34%) Python
27 151 (11.12%) PCI DSS
28 150 (11.05%) SANS
29 146 (10.75%) Degree

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 24 (1.77%) SharePoint
2 21 (1.55%) MS Exchange
3 18 (1.33%) IIS
4 16 (1.18%) CMS
4 16 (1.18%) Exchange Server 2010
5 14 (1.03%) Confluence
6 13 (0.96%) Exchange Server 2013
6 13 (0.96%) Skype for Business
7 12 (0.88%) WebSphere
8 11 (0.81%) Apache Pig
9 10 (0.74%) Sitecore CMS
10 9 (0.66%) Apache
10 9 (0.66%) Elasticsearch
10 9 (0.66%) Tomcat
10 9 (0.66%) WordPress
11 7 (0.52%) OpenStack
12 6 (0.44%) JBoss
13 3 (0.22%) Drupal
13 3 (0.22%) nginx
14 2 (0.15%) SAS
Applications
1 37 (2.72%) Microsoft Office
2 7 (0.52%) MS Visio
3 5 (0.37%) Microsoft PowerPoint
4 1 (0.074%) Microsoft Excel
Business Applications
1 12 (0.88%) Remedy ITSM
2 4 (0.29%) Sentinel
3 3 (0.22%) Magento
4 2 (0.15%) Payment Gateway
5 1 (0.074%) SunGard APT
Cloud Services
1 137 (10.09%) Amazon AWS
2 125 (9.20%) Microsoft Azure
3 54 (3.98%) SaaS
4 44 (3.24%) Google Cloud Platform
5 32 (2.36%) Cloud Computing
6 29 (2.14%) Office 365
7 25 (1.84%) IaaS
8 20 (1.47%) PaaS
9 6 (0.44%) GitHub
10 4 (0.29%) Amazon S3
10 4 (0.29%) Amazon SQS
11 2 (0.15%) Serverless
12 1 (0.074%) AWS CloudFormation
12 1 (0.074%) AWS Lambda
12 1 (0.074%) Azure Active Directory
12 1 (0.074%) BlazeMeter
12 1 (0.074%) Mimecast
12 1 (0.074%) OneDrive
12 1 (0.074%) OpenDNS
12 1 (0.074%) Virtual Private Cloud
Communications & Networking
1 425 (31.30%) Firewall
2 231 (17.01%) Network Security
3 172 (12.67%) TCP/IP
4 120 (8.84%) VPN
5 119 (8.76%) Wireless
6 101 (7.44%) WAN
7 86 (6.33%) Intrusion Detection
8 81 (5.96%) SSL
9 75 (5.52%) HTTP
10 74 (5.45%) Internet
11 71 (5.23%) DNS
12 69 (5.08%) IPsec
13 56 (4.12%) LAN
14 50 (3.68%) Cisco ASA
15 37 (2.72%) VoIP
16 33 (2.43%) Wireless Security
17 32 (2.36%) VLAN
18 30 (2.21%) Cisco Nexus
19 29 (2.14%) DHCP
20 28 (2.06%) HTTPS
Database & Business Intelligence
1 51 (3.76%) SQL Server
2 30 (2.21%) MySQL
3 20 (1.47%) Big Data
3 20 (1.47%) NoSQL
4 16 (1.18%) MongoDB
5 12 (0.88%) GIS
5 12 (0.88%) Hadoop
6 11 (0.81%) Apache Hive
7 5 (0.37%) Microsoft Analysis Services
7 5 (0.37%) SQL Server Analysis Services
7 5 (0.37%) SQL Server Integration Services
8 4 (0.29%) Blockchain
9 2 (0.15%) Amazon RDS
10 1 (0.074%) Amazon Aurora
10 1 (0.074%) dBASE
10 1 (0.074%) Neo4j
10 1 (0.074%) PostgreSQL
10 1 (0.074%) SQL Server 2012
Development Applications
1 47 (3.46%) Git (software)
2 41 (3.02%) JIRA
2 41 (3.02%) Metasploit
3 39 (2.87%) Burp Suite
4 38 (2.80%) Selenium
5 21 (1.55%) Jenkins
6 18 (1.33%) Visual Studio
7 13 (0.96%) Robot Framework
8 12 (0.88%) git-flow
8 12 (0.88%) NUnit
9 11 (0.81%) Atlassian Bamboo
9 11 (0.81%) Bitbucket
9 11 (0.81%) CodeSonar
10 10 (0.74%) AppScan
11 9 (0.66%) Team Foundation Server
12 8 (0.59%) Appium
13 6 (0.44%) Cucumber
14 5 (0.37%) SpecFlow
15 4 (0.29%) RSpec
15 4 (0.29%) WebDriver
General
1 312 (22.97%) Finance
2 81 (5.96%) Legal
3 59 (4.34%) Banking
4 51 (3.76%) Retail
5 34 (2.50%) Telecoms
6 28 (2.06%) Law
6 28 (2.06%) Publishing
7 26 (1.91%) Games
8 23 (1.69%) Marketing
9 19 (1.40%) Advertising
10 16 (1.18%) Investment Banking
11 13 (0.96%) Financial Institution
12 7 (0.52%) Automotive
12 7 (0.52%) Retail Banking
13 6 (0.44%) Corporate Banking
14 3 (0.22%) Electronics
15 2 (0.15%) Aerospace
15 2 (0.15%) Manufacturing
15 2 (0.15%) Multimedia
15 2 (0.15%) Spanish Language
Job Titles
1 265 (19.51%) Tester
2 241 (17.75%) Penetration Tester
3 192 (14.14%) Analyst
4 178 (13.11%) Consultant
5 176 (12.96%) Security Engineer
6 158 (11.63%) Security Consultant
7 156 (11.49%) Security Analyst
8 137 (10.09%) Security Manager
9 104 (7.66%) Security Specialist
10 84 (6.19%) Architect
11 72 (5.30%) Security Architect
12 65 (4.79%) Senior Tester
13 64 (4.71%) Senior Penetration Tester
14 59 (4.34%) Information Manager
14 59 (4.34%) Information Security Manager
15 58 (4.27%) Security Penetration Tester
15 58 (4.27%) Security Tester
16 55 (4.05%) Network Engineer
17 46 (3.39%) Security Officer
18 43 (3.17%) Network Security Engineer
Libraries, Frameworks & Software Standards
1 58 (4.27%) .NET
2 55 (4.05%) HTML
3 54 (3.98%) Node.js
4 47 (3.46%) CSS
5 32 (2.36%) Web Services
6 31 (2.28%) Django
7 28 (2.06%) REST
8 26 (1.91%) jQuery
9 24 (1.77%) .NET Framework
9 24 (1.77%) ASP.NET
10 23 (1.69%) Ajax
11 22 (1.62%) WCF
12 20 (1.47%) RESTful
13 18 (1.33%) HTML5
14 17 (1.25%) AngularJS
14 17 (1.25%) LAMP
15 16 (1.18%) React
16 15 (1.10%) Pylons
16 15 (1.10%) Pyramid
16 15 (1.10%) web2py
Miscellaneous
1 170 (12.52%) Management Information System
2 97 (7.14%) Mobile App
3 81 (5.96%) Data Protection Act
4 76 (5.60%) Data Centre
5 74 (5.45%) Computer Science
6 62 (4.57%) Analytical Skills
7 56 (4.12%) Cyberattack
8 46 (3.39%) Fintech
8 46 (3.39%) Self-Motivation
9 42 (3.09%) Blog
9 42 (3.09%) Cyber Defence
10 39 (2.87%) Security Operations Centre
11 35 (2.58%) Distributed Denial-of-Service
11 35 (2.58%) Greenfield Project
12 34 (2.50%) Cyberthreat
13 32 (2.36%) PKI
14 24 (1.77%) Mainframe
14 24 (1.77%) Virtual Team
15 23 (1.69%) Clustering
15 23 (1.69%) Public Cloud
Operating Systems
1 283 (20.84%) Windows
2 227 (16.72%) Linux
3 117 (8.62%) Unix
4 94 (6.92%) Apple iOS
5 83 (6.11%) Android
5 83 (6.11%) Windows Server
6 50 (3.68%) Mac OS X
7 37 (2.72%) Kali Linux
8 27 (1.99%) Windows Server 2008
9 23 (1.69%) Windows Server 2012
10 6 (0.44%) Red Hat Enterprise Linux
11 5 (0.37%) CentOS
11 5 (0.37%) Solaris
11 5 (0.37%) Windows 10
11 5 (0.37%) Windows 8
11 5 (0.37%) Windows Mobile
12 4 (0.29%) Ubuntu
12 4 (0.29%) Windows 7
13 3 (0.22%) Check Point GAiA
13 3 (0.22%) VxWorks
Processes & Methodologies
1 605 (44.55%) Information Security
2 534 (39.32%) Cybersecurity
3 265 (19.51%) SIEM
4 209 (15.39%) Security Architecture
5 199 (14.65%) Ethical Hacking
6 196 (14.43%) Vulnerability Scanning
7 188 (13.84%) Agile Software Development
8 186 (13.70%) Vulnerability Management
9 173 (12.74%) Security Testing
10 160 (11.78%) OWASP
11 154 (11.34%) Risk Management
12 142 (10.46%) Data Protection
13 141 (10.38%) ITIL
14 140 (10.31%) Security Operations
15 103 (7.58%) Stakeholder Management
15 103 (7.58%) Vulnerability Assessment
16 99 (7.29%) Incident Management
17 88 (6.48%) Risk Assessment
18 86 (6.33%) Security Management
18 86 (6.33%) Test Automation
Programming Languages
1 154 (11.34%) Python
2 133 (9.79%) Java
3 97 (7.14%) C++
4 95 (7.00%) C#
5 93 (6.85%) C
6 84 (6.19%) PHP
7 80 (5.89%) Ruby
8 69 (5.08%) JavaScript
9 59 (4.34%) SQL
10 57 (4.20%) Bash Shell
11 52 (3.83%) PowerShell
12 41 (3.02%) Perl
13 25 (1.84%) Objective-C
14 20 (1.47%) Shell Script
15 7 (0.52%) Lua
16 6 (0.44%) VB.NET
17 3 (0.22%) Go
18 1 (0.074%) R
18 1 (0.074%) Scala
18 1 (0.074%) VBA
Qualifications
1 489 (36.01%) CISSP
2 290 (21.35%) CISM
3 184 (13.55%) CREST Certified
4 168 (12.37%) OSCP
5 156 (11.49%) CEH
6 150 (11.05%) SANS
7 146 (10.75%) Degree
8 135 (9.94%) CISA
9 121 (8.91%) Cisco Certification
10 101 (7.44%) Security Cleared
11 60 (4.42%) CCNA
12 55 (4.05%) GIAC
13 52 (3.83%) CSSLP
14 50 (3.68%) SC Cleared
15 47 (3.46%) CCNP
16 46 (3.39%) CHECK Team Leader
17 39 (2.87%) CHECK Team Member
18 36 (2.65%) Computer Science Degree
18 36 (2.65%) Microsoft Certification
19 32 (2.36%) MCSE
Quality Assurance & Compliance
1 330 (24.30%) ISO/IEC 27001
2 178 (13.11%) GDPR
3 151 (11.12%) PCI DSS
4 72 (5.30%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
5 53 (3.90%) Cyber Essentials
6 46 (3.39%) QA
7 40 (2.95%) GCP
8 36 (2.65%) COBIT
9 34 (2.50%) HIPAA
10 14 (1.03%) SLA
11 12 (0.88%) ISO 22301
12 11 (0.81%) Sarbanes-Oxley
13 9 (0.66%) GPG13
13 9 (0.66%) ISO 31000
13 9 (0.66%) ISO/IEC 27005
14 7 (0.52%) ISO 9001
15 5 (0.37%) HMG Security Policy Framework
15 5 (0.37%) RMADS
16 4 (0.29%) Web Application Security Consortium
17 3 (0.22%) MiFID
System Software
1 106 (7.81%) Active Directory
2 31 (2.28%) VMware Infrastructure
3 25 (1.84%) Hyper-V
4 24 (1.77%) Docker
5 20 (1.47%) vSphere
6 12 (0.88%) Virtual Machines
6 12 (0.88%) VMware Server
7 9 (0.66%) Firmware
8 6 (0.44%) VirtualBox
9 4 (0.29%) NFS
9 4 (0.29%) ProxySG
10 3 (0.22%) Snort
11 1 (0.074%) OpenAM
11 1 (0.074%) VMware ESXi
11 1 (0.074%) VMware Workstation
11 1 (0.074%) XenApp
Systems Management
1 74 (5.45%) Nessus
2 21 (1.55%) Core Impact
3 20 (1.47%) Single Sign-On
4 17 (1.25%) Puppet
5 16 (1.18%) Nmap
6 14 (1.03%) Host Intrusion Detection System
7 12 (0.88%) QRadar
8 11 (0.81%) Salt
9 7 (0.52%) Cisco CUCM
9 7 (0.52%) Cisco UCCX
9 7 (0.52%) Network Intrusion Detection System
10 6 (0.44%) Kibana
10 6 (0.44%) Kubernetes
10 6 (0.44%) logstash
10 6 (0.44%) Opscode Chef
10 6 (0.44%) WebInspect
11 5 (0.37%) McAfee ePO
11 5 (0.37%) Plesk
11 5 (0.37%) TrustSec
12 4 (0.29%) FortiGate
Vendors
1 165 (12.15%) Microsoft
2 140 (10.31%) Cisco
3 49 (3.61%) CheckPoint
3 49 (3.61%) Qualys
4 41 (3.02%) Juniper
5 40 (2.95%) VMware
6 37 (2.72%) Splunk
7 35 (2.58%) Veracode
8 33 (2.43%) Capita
9 31 (2.28%) F5
10 27 (1.99%) SolarWinds
11 25 (1.84%) Apple
12 21 (1.55%) HP
13 19 (1.40%) Blue Coat
13 19 (1.40%) Salesforce.com
13 19 (1.40%) Sophos
14 16 (1.18%) EMC
14 16 (1.18%) McAfee
15 14 (1.03%) Palo Alto
16 13 (0.96%) Meraki