Period
to 16 July 2019

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 16 July 2019 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
16 Jul 2019
Same period 2018 Same period 2017
Rank 349 431 427
Rank change year-on-year +82 -4 -35
Permanent jobs citing Penetration Testing 1,290 1,265 1,274
As % of all permanent IT jobs advertised in the UK 0.88% 0.72% 0.72%
As % of the Processes & Methodologies category 0.96% 0.78% 0.78%
Number of salaries quoted 979 971 1,060
UK median annual salary £62,500 £60,000 £55,000
Median salary % change year-on-year +4.17% +9.09% -
10th Percentile £36,250 £37,500 £33,750
90th Percentile £95,000 £90,000 £81,250
UK excluding London median annual salary £55,000 £52,500 £50,000
% change year-on-year +4.76% +5.00% -

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 134,174 161,755 163,197
As % of all permanent IT jobs advertised in the UK 92.02% 91.91% 91.92%
Number of salaries quoted 105,637 129,418 131,750
UK median annual salary £52,500 £50,000 £48,500
Median salary % change year-on-year +5.00% +3.09% +2.11%
10th Percentile £30,000 £29,000 £27,790
90th Percentile £86,250 £82,500 £79,750
UK excluding London median annual salary £45,000 £45,000 £42,500
% change year-on-year - +5.88% -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 16 July 2019.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 16 July 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +57 1,196 £62,500 +4.17% 141
UK excluding London +70 649 £55,000 +4.76% 93
London +52 580 £72,500 +11.25% 56
South East +29 156 £55,000 +4.76% 18
East of England +115 115 £60,000 +2.13% 10
North of England -56 113 £52,500 +5.00% 22
Midlands +92 112 £55,000 +4.76% 24
South West +66 107 £51,250 +2.50% 11
West Midlands +63 86 £55,000 +4.76% 20
Yorkshire +2 52 £53,750 +19.44% 6
North West -36 51 £50,000 -9.09% 14
Wales +35 30 £42,000 +15.35% 7
East Midlands +42 23 £53,750 -6.52% 4
Scotland +13 12 £60,000 -7.69%
North East +12 10 £52,101 -23.66% 2
Northern Ireland -19 9 £100,000 +128.57% 1

For the 6 months to 16 July 2019, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 616 (47.75%) Cybersecurity
2 596 (46.20%) Information Security
3 348 (26.98%) CISSP
4 328 (25.43%) Linux
5 316 (24.50%) SIEM
6 310 (24.03%) ISO/IEC 27001
7 302 (23.41%) Windows
8 286 (22.17%) Firewall
9 240 (18.60%) Finance
10 217 (16.82%) Security Testing
11 210 (16.28%) CREST Certified
12 208 (16.12%) Agile Software Development
13 206 (15.97%) Amazon AWS
14 195 (15.12%) Security Operations
15 190 (14.73%) PCI DSS
16 189 (14.65%) Vulnerability Scanning
17 186 (14.42%) Python
18 174 (13.49%) OWASP
19 172 (13.33%) CISM
20 169 (13.10%) Microsoft Azure
21 165 (12.79%) Java
21 165 (12.79%) Microsoft
22 163 (12.64%) Risk Management
23 162 (12.56%) Degree
24 161 (12.48%) Management Information System
24 161 (12.48%) Vulnerability Management
25 159 (12.33%) OSCP
26 154 (11.94%) Security Cleared
27 152 (11.78%) Security Architecture
28 146 (11.32%) Cisco Certification

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 32 (2.48%) Apache Spark
1 32 (2.48%) Elasticsearch
2 30 (2.33%) OpenStack
3 28 (2.17%) IIS
3 28 (2.17%) MS Exchange
4 15 (1.16%) Apache
5 13 (1.01%) Skype for Business
6 10 (0.78%) Exchange Server 2013
6 10 (0.78%) SharePoint
7 9 (0.70%) Confluence
8 4 (0.31%) ColdFusion
8 4 (0.31%) Tomcat
9 2 (0.16%) BizTalk Server
9 2 (0.16%) Cloud Foundry
10 1 (0.078%) Adobe Experience Manager
10 1 (0.078%) CMS
10 1 (0.078%) Exchange Server 2010
10 1 (0.078%) nginx
10 1 (0.078%) SharePoint 2010
Applications
1 27 (2.09%) Microsoft Office
2 4 (0.31%) MS Visio
3 1 (0.078%) Microsoft Excel
3 1 (0.078%) Microsoft PowerPoint
Business Applications
1 2 (0.16%) Dynamics CRM
2 1 (0.078%) Distributed Ledger
2 1 (0.078%) Sage 300 ERP
2 1 (0.078%) Salesforce.com CRM
Cloud Services
1 206 (15.97%) Amazon AWS
2 169 (13.10%) Microsoft Azure
3 107 (8.29%) SaaS
4 73 (5.66%) Google Cloud Platform
5 42 (3.26%) Office 365
6 31 (2.40%) OpenShift
7 27 (2.09%) IaaS
8 19 (1.47%) PaaS
9 11 (0.85%) AWS CloudFormation
10 10 (0.78%) Cloud Computing
11 7 (0.54%) Serverless
12 6 (0.47%) Dynamics 365
13 4 (0.31%) Amazon EC2
13 4 (0.31%) Azure Active Directory
14 3 (0.23%) Amazon S3
14 3 (0.23%) GitHub
14 3 (0.23%) Route 53
14 3 (0.23%) Virtual Private Cloud
15 2 (0.16%) Amazon CloudWatch
15 2 (0.16%) CloudFront
Communications & Networking
1 286 (22.17%) Firewall
2 134 (10.39%) TCP/IP
3 122 (9.46%) Network Security
4 102 (7.91%) Intrusion Detection
5 81 (6.28%) HTTP
6 71 (5.50%) VPN
7 63 (4.88%) Wireless
8 62 (4.81%) Internet
9 58 (4.50%) DNS
10 54 (4.19%) HTTPS
11 49 (3.80%) WAN
12 46 (3.57%) IPsec
13 36 (2.79%) LAN
14 35 (2.71%) DHCP
15 25 (1.94%) SSL
16 22 (1.71%) SAN
17 20 (1.55%) VLAN
18 19 (1.47%) MPLS
19 18 (1.40%) Cisco Firepower
20 16 (1.24%) Cisco ASA
Database & Business Intelligence
1 68 (5.27%) SQL Server
2 59 (4.57%) Big Data
3 41 (3.18%) MySQL
4 8 (0.62%) RDBMS
4 8 (0.62%) Relational Database
5 7 (0.54%) Hadoop
6 6 (0.47%) MongoDB
6 6 (0.47%) SQLite
7 5 (0.39%) Oracle Database
7 5 (0.39%) SQL Server 2012
8 4 (0.31%) PostgreSQL
9 3 (0.23%) Amazon RDS
9 3 (0.23%) Data Warehouse
9 3 (0.23%) NoSQL
9 3 (0.23%) SQL Server 2014
10 2 (0.16%) Azure SQL Data Warehouse
10 2 (0.16%) Cosmos DB
10 2 (0.16%) Neo4j
11 1 (0.078%) Amazon Aurora
11 1 (0.078%) SQL Server 2016
Development Applications
1 69 (5.35%) JIRA
2 49 (3.80%) Git (software)
3 38 (2.95%) Metasploit
4 35 (2.71%) Bitbucket
5 34 (2.64%) Burp Suite
6 32 (2.48%) git-flow
7 28 (2.17%) Selenium
8 24 (1.86%) Jenkins
9 17 (1.32%) SonarQube
10 13 (1.01%) Cucumber
11 11 (0.85%) Snyk
12 10 (0.78%) Android Studio
12 10 (0.78%) IDA Disassembler
12 10 (0.78%) sqlmap
12 10 (0.78%) Team Foundation Server
12 10 (0.78%) Xcode
13 8 (0.62%) Appium
13 8 (0.62%) AppScan
13 8 (0.62%) Atlassian Bamboo
13 8 (0.62%) Subversion
General
1 240 (18.60%) Finance
2 92 (7.13%) Retail
3 42 (3.26%) Banking
3 42 (3.26%) Legal
4 30 (2.33%) Games
4 30 (2.33%) Telecoms
5 16 (1.24%) Electronics
6 15 (1.16%) Marketing
7 14 (1.09%) Aerospace
8 11 (0.85%) Law
9 8 (0.62%) Advertising
9 8 (0.62%) Back Office
10 7 (0.54%) Pharmaceutical
11 6 (0.47%) Publishing
12 5 (0.39%) Financial Institution
12 5 (0.39%) Manufacturing
13 3 (0.23%) Military
14 2 (0.16%) French Language
15 1 (0.078%) Greek Language
15 1 (0.078%) Spanish Language
Job Titles
1 248 (19.22%) Security Engineer
2 211 (16.36%) Tester
3 203 (15.74%) Analyst
4 191 (14.81%) Penetration Tester
5 168 (13.02%) Security Analyst
6 136 (10.54%) Consultant
7 122 (9.46%) Security Manager
8 91 (7.05%) Security Consultant
9 66 (5.12%) Information Analyst
9 66 (5.12%) Information Security Analyst
10 65 (5.04%) Cybersecurity Engineer
11 62 (4.81%) Senior Analyst
12 61 (4.73%) Security Specialist
13 60 (4.65%) Information Manager
13 60 (4.65%) Information Security Manager
14 57 (4.42%) Architect
15 49 (3.80%) Senior Security Analyst
16 48 (3.72%) Head of Security
17 47 (3.64%) IT Analyst
18 44 (3.41%) IT Security Analyst
Libraries, Frameworks & Software Standards
1 64 (4.96%) .NET
2 48 (3.72%) Node.js
3 46 (3.57%) ASP.NET
4 39 (3.02%) AngularJS
4 39 (3.02%) REST
4 39 (3.02%) SailPoint
5 35 (2.71%) Spring
6 34 (2.64%) React
7 33 (2.56%) Kafka
8 32 (2.48%) Spring MVC
9 31 (2.40%) GraphQL
10 30 (2.33%) Vue.js
11 20 (1.55%) HTML
12 18 (1.40%) OAuth
12 18 (1.40%) Web Services
13 16 (1.24%) RESTful
14 15 (1.16%) CSS
14 15 (1.16%) OpenID
14 15 (1.16%) SAML
15 8 (0.62%) Dagger
Miscellaneous
1 161 (12.48%) Management Information System
2 96 (7.44%) Mobile App
3 53 (4.11%) Analytical Skills
4 42 (3.26%) Cyberthreat
5 37 (2.87%) Self-Motivation
6 32 (2.48%) Cyberattack
7 28 (2.17%) BYOD
7 28 (2.17%) Data Centre
8 25 (1.94%) Driving Licence
9 24 (1.86%) Internet of Things
10 23 (1.78%) Enterprise Software
10 23 (1.78%) PKI
11 20 (1.55%) Security Operations Centre
12 17 (1.32%) CMDB
12 17 (1.32%) Cybercrime
13 16 (1.24%) Public Cloud
14 14 (1.09%) Data Protection Act
15 13 (1.01%) Cyber Defence
16 11 (0.85%) Algorithms
17 10 (0.78%) User Experience
Operating Systems
1 328 (25.43%) Linux
2 302 (23.41%) Windows
3 66 (5.12%) Android
4 62 (4.81%) Unix
5 61 (4.73%) Windows Server
6 54 (4.19%) Apple iOS
7 42 (3.26%) Windows Server 2012
8 28 (2.17%) Windows 10
9 26 (2.02%) Windows Server 2008
10 25 (1.94%) Windows 8
11 23 (1.78%) Kali Linux
12 12 (0.93%) CentOS
12 12 (0.93%) Red Hat Enterprise Linux
12 12 (0.93%) Windows 7
12 12 (0.93%) Windows Server 2003
13 10 (0.78%) Embedded Linux
13 10 (0.78%) Mac OS
14 8 (0.62%) Ubuntu
15 6 (0.47%) Solaris
16 4 (0.31%) AIX
Processes & Methodologies
1 616 (47.75%) Cybersecurity
2 596 (46.20%) Information Security
3 316 (24.50%) SIEM
4 217 (16.82%) Security Testing
5 208 (16.12%) Agile Software Development
6 195 (15.12%) Security Operations
7 189 (14.65%) Vulnerability Scanning
8 174 (13.49%) OWASP
9 163 (12.64%) Risk Management
10 161 (12.48%) Vulnerability Management
11 152 (11.78%) Security Architecture
12 142 (11.01%) Ethical Hacking
13 126 (9.77%) ITIL
14 108 (8.37%) Identity Access Management
15 107 (8.29%) Secure Coding
16 102 (7.91%) DevOps
17 100 (7.75%) Problem-Solving
17 100 (7.75%) Vulnerability Assessment
18 99 (7.67%) Test Automation
18 99 (7.67%) Threat Modelling
Programming Languages
1 186 (14.42%) Python
2 165 (12.79%) Java
3 113 (8.76%) C++
4 101 (7.83%) C
5 86 (6.67%) PowerShell
6 67 (5.19%) C#
7 63 (4.88%) JavaScript
8 60 (4.65%) SQL
9 53 (4.11%) Bash Shell
10 36 (2.79%) Perl
11 27 (2.09%) PHP
12 26 (2.02%) Shell Script
13 25 (1.94%) Go
14 21 (1.63%) Ruby
15 11 (0.85%) TypeScript
16 10 (0.78%) Embedded C
16 10 (0.78%) VB
17 4 (0.31%) Scala
17 4 (0.31%) VB.NET
18 3 (0.23%) XAML
Qualifications
1 348 (26.98%) CISSP
2 210 (16.28%) CREST Certified
3 172 (13.33%) CISM
4 162 (12.56%) Degree
5 159 (12.33%) OSCP
6 154 (11.94%) Security Cleared
7 146 (11.32%) Cisco Certification
8 133 (10.31%) CEH
9 109 (8.45%) SANS
10 101 (7.83%) CISA
11 100 (7.75%) SC Cleared
12 95 (7.36%) CCNA
13 89 (6.90%) GIAC
14 73 (5.66%) Microsoft Certification
15 65 (5.04%) CHECK Team Member
16 60 (4.65%) Tigerscheme
17 59 (4.57%) CCNP
18 58 (4.50%) MCSE
19 54 (4.19%) CHECK Team Leader
20 47 (3.64%) DV Cleared
Quality Assurance & Compliance
1 310 (24.03%) ISO/IEC 27001
2 190 (14.73%) PCI DSS
3 122 (9.46%) GDPR
4 110 (8.53%) NIST
5 44 (3.41%) COBIT
6 34 (2.64%) QA
7 32 (2.48%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
8 31 (2.40%) Sarbanes-Oxley
9 28 (2.17%) Cyber Essentials
10 16 (1.24%) SLA
11 12 (0.93%) RMADS
11 12 (0.93%) SAS 70
12 9 (0.70%) MiFID
13 8 (0.62%) ISO 9001
14 6 (0.47%) HIPAA
15 4 (0.31%) COSO
15 4 (0.31%) Data Quality
15 4 (0.31%) Web Application Security Consortium
16 3 (0.23%) ISO 31000
16 3 (0.23%) NCSC
System Software
1 123 (9.53%) Active Directory
2 63 (4.88%) VMware Infrastructure
3 50 (3.88%) Docker
4 35 (2.71%) Hyper-V
5 19 (1.47%) vSphere
6 13 (1.01%) Virtual Machines
7 12 (0.93%) XenApp
8 11 (0.85%) VMware ESXi
9 6 (0.47%) NFS
10 4 (0.31%) Snort
11 3 (0.23%) Firmware
12 2 (0.16%) iptables
12 2 (0.16%) Postfix
12 2 (0.16%) Samba
12 2 (0.16%) VMware Server
13 1 (0.078%) BitLocker
13 1 (0.078%) Shibboleth
13 1 (0.078%) VMware NSX
13 1 (0.078%) zsh
Systems Management
1 97 (7.52%) Nessus
2 53 (4.11%) SCCM
3 50 (3.88%) Kubernetes
4 38 (2.95%) McAfee ePO
5 37 (2.87%) Nmap
6 19 (1.47%) WSUS
7 17 (1.32%) Terraform
8 14 (1.09%) Ansible
9 12 (0.93%) Puppet
10 11 (0.85%) Sysdig
11 9 (0.70%) FortiGate
12 8 (0.62%) Opscode Chef
13 5 (0.39%) Host Intrusion Detection System
13 5 (0.39%) Nexpose
13 5 (0.39%) QRadar
14 4 (0.31%) HAProxy
14 4 (0.31%) Mesos
14 4 (0.31%) Nagios
14 4 (0.31%) Single Sign-On
15 3 (0.23%) WebInspect
Vendors
1 165 (12.79%) Microsoft
2 86 (6.67%) Cisco
3 69 (5.35%) VMware
4 64 (4.96%) Splunk
5 55 (4.26%) Qualys
6 52 (4.03%) Google
7 47 (3.64%) CyberArk
8 45 (3.49%) Palo Alto
9 41 (3.18%) McAfee
10 35 (2.71%) Aveksa
10 35 (2.71%) LogRhythm
11 34 (2.64%) Veracode
12 29 (2.25%) SolarWinds
13 28 (2.17%) Dell
14 27 (2.09%) CheckPoint
14 27 (2.09%) HP
15 24 (1.86%) Juniper
16 23 (1.78%) Citrix
17 18 (1.40%) Oracle
17 18 (1.40%) Red Hat