Penetration Testing jobs, average salaries and trends for Penetration Testing skills

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 20 October 2020 with a comparison to the same period in the previous 2 years.

Penetration Testing UK
Location	6 months to 20 Oct 2020	Same period 2019	Same period 2018
Rank	330	388	403
Rank change year-on-year	+58	+15	-10
Permanent jobs citing Penetration Testing	423	1,040	1,290
As % of all permanent jobs advertised in the UK	0.87%	0.76%	0.79%
As % of the Processes & Methodologies category	0.94%	0.83%	0.86%
Number of salaries quoted	366	876	1,094
Median annual salary	£60,000	£61,500	£60,000
Median salary % change year-on-year	-2.44%	+2.50%	+9.09%
10th Percentile	£36,250	£36,250	£37,500
90th Percentile	£90,000	£100,000	£85,000
UK excluding London median annual salary	£57,500	£55,000	£52,500
% change year-on-year	+4.55%	+4.76%	+5.00%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills UK
Permanent vacancies with a requirement for process or methodology skills	45,139	125,482	150,299
As % of all permanent IT jobs advertised in the UK	92.43%	92.23%	91.93%
Number of salaries quoted	37,179	98,719	119,605
Median annual salary	£55,000	£52,500	£50,000
Median salary % change year-on-year	+4.76%	+5.00%	-
10th Percentile	£33,000	£30,000	£29,000
90th Percentile	£90,000	£86,250	£83,750
UK excluding London median annual salary	£49,000	£45,000	£45,000
% change year-on-year	+8.89%	-	+5.88%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a proportion of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

3-month moving average salary quoted in jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 20 October 2020.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 October 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Job Vacancies
England	+40	352	£60,000	-4.00%	90
UK excluding London	+46	213	£57,500	+4.55%	51
London	+87	172	£65,000	-13.33%	40
Work from Home	-12	54	£55,138	-26.48%	18
South East	+114	51	£62,500	+4.17%	14
Midlands	+55	51	£56,250	+7.14%	8
North of England	+133	50	£47,500	-8.83%	13
West Midlands	+35	41	£57,500	-	4
Scotland	+110	32	£53,255	+12.12%	2
North West	+118	24	£57,500	+15.00%	11
Yorkshire	+108	24	£37,500	-31.82%	2
Wales	+40	12	£41,500	-1.19%
South West	+26	12	£34,000	-38.18%	7
East Midlands	+79	9	£43,500	-13.00%	4
East of England	+73	5	£45,000	-18.18%	7
North East	+21	2	£36,500	-29.94%

Penetration Testing
Top 30 Co-occurring IT Skills

For the 6 months to 20 October 2020, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	223 (52.72%)	Cybersecurity
2	196 (46.34%)	Information Security
3	114 (26.95%)	Firewall
4	104 (24.59%)	Finance
4	104 (24.59%)	SIEM
5	91 (21.51%)	CISSP
6	87 (20.57%)	Security Operations
7	85 (20.09%)	AWS
8	83 (19.62%)	ISO/IEC 27001
9	79 (18.68%)	Azure
10	77 (18.20%)	Threat Intelligence
11	76 (17.97%)	Windows
11	76 (17.97%)	Linux
12	74 (17.49%)	Security Testing
13	72 (17.02%)	Microsoft

14	69 (16.31%)	OWASP
15	67 (15.84%)	Python
16	65 (15.37%)	Cyber Threat Intelligence
17	61 (14.42%)	Vulnerability Scanning
17	61 (14.42%)	Vulnerability Management
18	60 (14.18%)	CREST Certified
19	57 (13.48%)	CISM
20	56 (13.24%)	Degree
21	55 (13.00%)	DevOps
22	53 (12.53%)	Office 365
23	50 (11.82%)	Mobile App
23	50 (11.82%)	Risk Management
24	48 (11.35%)	Java
25	45 (10.64%)	Management Information System
26	44 (10.40%)	Agile Software Development

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
Applications
Business Applications
Cloud Services
Communications & Networking
Database & Business Intelligence
Development Applications
General
Job Titles
Libraries, Frameworks & Software Standards
Miscellaneous
Operating Systems
Processes & Methodologies
Programming Languages
Qualifications
Quality Assurance & Compliance
System Software
Systems Management
Vendors

Application Platforms
1	3 (0.71%)	IIS
2	1 (0.24%)	BizTalk Server
2	1 (0.24%)	Confluence
2	1 (0.24%)	Elasticsearch
2	1 (0.24%)	SharePoint

Applications
1	2 (0.47%)	Adobe Creative Suite
2	1 (0.24%)	Microsoft PowerPoint

Business Applications
1	11 (2.60%)	Sentinel
2	1 (0.24%)	Actimize
2	1 (0.24%)	Dynamics AX
2	1 (0.24%)	Dynamics NAV
2	1 (0.24%)	NetSuite

Cloud Services
1	85 (20.09%)	AWS
2	79 (18.68%)	Azure
3	53 (12.53%)	Office 365
4	37 (8.75%)	SaaS
5	26 (6.15%)	GCP
6	12 (2.84%)	AWS CloudFormation
7	11 (2.60%)	IaaS
8	10 (2.36%)	Amazon GuardDuty
8	10 (2.36%)	Logic Apps
8	10 (2.36%)	PaaS
8	10 (2.36%)	Virtual Private Cloud
9	9 (2.13%)	Cloud Computing
10	5 (1.18%)	Mimecast
11	4 (0.95%)	BrowserStack
11	4 (0.95%)	Power Platform
12	2 (0.47%)	Google Analytics
13	1 (0.24%)	Azure Active Directory
13	1 (0.24%)	BPaaS
13	1 (0.24%)	Dynamics 365
13	1 (0.24%)	G Suite

Communications & Networking
1	114 (26.95%)	Firewall
2	35 (8.27%)	VPN
3	32 (7.57%)	Wireless
4	30 (7.09%)	Internet
5	28 (6.62%)	TCP/IP
6	25 (5.91%)	WAN
6	25 (5.91%)	Wireshark
7	24 (5.67%)	LAN
8	22 (5.20%)	DNS
9	21 (4.96%)	Network Security
10	16 (3.78%)	Intrusion Detection
11	13 (3.07%)	SSL
12	11 (2.60%)	Wireless Security
13	10 (2.36%)	DKIM
13	10 (2.36%)	DMARC
14	7 (1.65%)	CTI
14	7 (1.65%)	Software-Defined Networking
15	6 (1.42%)	HTTP
16	5 (1.18%)	VLAN
16	5 (1.18%)	X.509

Database & Business Intelligence
1	12 (2.84%)	SQL Server
2	11 (2.60%)	PostgreSQL
3	6 (1.42%)	MongoDB
3	6 (1.42%)	Redis
4	5 (1.18%)	NoSQL
5	4 (0.95%)	Power BI
6	3 (0.71%)	DB2
6	3 (0.71%)	Relational Database
7	2 (0.47%)	Big Data
7	2 (0.47%)	Blockchain
7	2 (0.47%)	EDRMS
7	2 (0.47%)	MySQL
7	2 (0.47%)	RDBMS
7	2 (0.47%)	SQL Server 2014
8	1 (0.24%)	Cosmos DB
8	1 (0.24%)	SQL Server Integration Services

Development Applications
1	26 (6.15%)	Metasploit
2	13 (3.07%)	JIRA
2	13 (3.07%)	Selenium
3	10 (2.36%)	Burp Suite
4	8 (1.89%)	Git (software)
5	7 (1.65%)	WebScarab
6	6 (1.42%)	HP UFT
7	5 (1.18%)	eggPlant
7	5 (1.18%)	Jenkins
7	5 (1.18%)	JMeter
7	5 (1.18%)	Visual Studio
8	4 (0.95%)	Appium
8	4 (0.95%)	IDA Disassembler
8	4 (0.95%)	LoadRunner
8	4 (0.95%)	OllyDbg
8	4 (0.95%)	WinDbg
9	3 (0.71%)	GitLab
9	3 (0.71%)	IntelliJ
9	3 (0.71%)	Snyk
9	3 (0.71%)	Team Foundation Server

General
1	104 (24.59%)	Finance
2	23 (5.44%)	Manufacturing
3	21 (4.96%)	Law
3	21 (4.96%)	Retail
4	19 (4.49%)	Banking
5	14 (3.31%)	Legal
6	9 (2.13%)	Investment Banking
7	5 (1.18%)	Automotive
7	5 (1.18%)	Public Sector
8	4 (0.95%)	Aerospace
8	4 (0.95%)	Games
8	4 (0.95%)	Marketing
8	4 (0.95%)	Publishing
8	4 (0.95%)	Retail Banking
9	3 (0.71%)	Telecoms
10	2 (0.47%)	Mandarin Language
11	1 (0.24%)	French Language
11	1 (0.24%)	German Language
11	1 (0.24%)	Italian Language
11	1 (0.24%)	Russian Language

Job Titles
1	96 (22.70%)	Analyst
2	80 (18.91%)	Security Analyst
3	60 (14.18%)	Security Engineer
4	46 (10.87%)	Penetration Tester
4	46 (10.87%)	Tester
5	32 (7.57%)	Consultant
6	28 (6.62%)	Security Consultant
7	22 (5.20%)	Information Analyst
7	22 (5.20%)	Information Security Analyst
8	21 (4.96%)	Architect
9	17 (4.02%)	Security Manager
10	15 (3.55%)	SOC Analyst
11	14 (3.31%)	Cybersecurity Engineer
12	13 (3.07%)	Cybersecurity Analyst
12	13 (3.07%)	IT Analyst
13	12 (2.84%)	Cybersecurity Consultant
13	12 (2.84%)	IT Security Analyst
13	12 (2.84%)	Junior
14	11 (2.60%)	Security Architect
14	11 (2.60%)	Security Specialist

Libraries, Frameworks & Software Standards
1	37 (8.75%)	.NET
2	21 (4.96%)	Web Services
3	18 (4.26%)	React
4	15 (3.55%)	.NET Framework
5	13 (3.07%)	YAML
6	12 (2.84%)	OAuth
6	12 (2.84%)	SAML
7	11 (2.60%)	OpenID
8	8 (1.89%)	OAuth2
9	6 (1.42%)	AngularJS
10	5 (1.18%)	CSS
10	5 (1.18%)	HTML
10	5 (1.18%)	LDAP
11	4 (0.95%)	802.1X
11	4 (0.95%)	Twitter Bootstrap
11	4 (0.95%)	Velocity
12	3 (0.71%)	Middleware
12	3 (0.71%)	SOAP
13	2 (0.47%)	ASP.NET
13	2 (0.47%)	WinForms

Miscellaneous
1	50 (11.82%)	Mobile App
2	45 (10.64%)	Management Information System
3	42 (9.93%)	Cyberthreat
4	34 (8.04%)	Security Operations Centre
5	30 (7.09%)	Cybercrime
6	28 (6.62%)	Analytical Skills
7	26 (6.15%)	Cyberattack
8	17 (4.02%)	PKI
9	14 (3.31%)	Public Cloud
10	13 (3.07%)	Distributed Denial-of-Service
10	13 (3.07%)	Internet of Things
11	11 (2.60%)	Cloud Native
11	11 (2.60%)	Self-Motivation
12	9 (2.13%)	Cyber Defence
12	9 (2.13%)	Hybrid Cloud
13	8 (1.89%)	Cyber Kill Chain
14	7 (1.65%)	Driving Licence
14	7 (1.65%)	Robotics
15	6 (1.42%)	BYOD
15	6 (1.42%)	Data Protection Act

Operating Systems
1	76 (17.97%)	Linux
1	76 (17.97%)	Windows
2	21 (4.96%)	Mac OS
2	21 (4.96%)	Windows Server
3	18 (4.26%)	Kali Linux
4	16 (3.78%)	Unix
5	7 (1.65%)	Android
5	7 (1.65%)	Apple iOS
5	7 (1.65%)	Solaris
5	7 (1.65%)	Windows XP
6	6 (1.42%)	Windows Server 2016
7	5 (1.18%)	Windows Server 2012
8	4 (0.95%)	Mac OS X
8	4 (0.95%)	Ubuntu
9	3 (0.71%)	Windows Server 2019
10	2 (0.47%)	Windows Server 2008
11	1 (0.24%)	Red Hat Enterprise Linux
11	1 (0.24%)	VMS

Processes & Methodologies
1	223 (52.72%)	Cybersecurity
2	196 (46.34%)	Information Security
3	104 (24.59%)	SIEM
4	87 (20.57%)	Security Operations
5	77 (18.20%)	Threat Intelligence
6	74 (17.49%)	Security Testing
7	69 (16.31%)	OWASP
8	65 (15.37%)	Cyber Threat Intelligence
9	61 (14.42%)	Vulnerability Management
9	61 (14.42%)	Vulnerability Scanning
10	55 (13.00%)	DevOps
11	50 (11.82%)	Risk Management
12	44 (10.40%)	Agile Software Development
12	44 (10.40%)	Threat Modelling
13	43 (10.17%)	Open Source
14	41 (9.69%)	Digital Forensics
15	37 (8.75%)	Problem-Solving
15	37 (8.75%)	Security Architecture
16	34 (8.04%)	Red Team
16	34 (8.04%)	Security Monitoring

Programming Languages
1	67 (15.84%)	Python
2	48 (11.35%)	Java
3	41 (9.69%)	SQL
4	26 (6.15%)	Bash Shell
4	26 (6.15%)	PowerShell
5	19 (4.49%)	C++
6	18 (4.26%)	C#
7	15 (3.55%)	C
8	14 (3.31%)	JavaScript
9	6 (1.42%)	Shell Script
10	4 (0.95%)	PHP
10	4 (0.95%)	TypeScript
11	3 (0.71%)	Apex Code
11	3 (0.71%)	Go
11	3 (0.71%)	Perl
12	1 (0.24%)	Lua
12	1 (0.24%)	Ruby
12	1 (0.24%)	VB.NET
12	1 (0.24%)	VBA

Qualifications
1	91 (21.51%)	CISSP
2	60 (14.18%)	CREST Certified
3	57 (13.48%)	CISM
4	56 (13.24%)	Degree
5	43 (10.17%)	Cisco Certification
5	43 (10.17%)	Security Cleared
6	38 (8.98%)	SC Cleared
7	37 (8.75%)	CEH
8	30 (7.09%)	OSCP
9	27 (6.38%)	SANS
10	24 (5.67%)	GCIH
11	22 (5.20%)	CCNA
12	21 (4.96%)	GCIA
13	20 (4.73%)	(ISC)2 CCSP
14	18 (4.26%)	CISA
14	18 (4.26%)	Microsoft Certification
15	17 (4.02%)	CSSLP
16	15 (3.55%)	CHECK Team Leader
17	14 (3.31%)	GIAC
18	13 (3.07%)	MCSE

Quality Assurance & Compliance
1	83 (19.62%)	ISO/IEC 27001
2	39 (9.22%)	NIST
3	38 (8.98%)	PCI DSS
4	34 (8.04%)	GDPR
5	33 (7.80%)	Cyber Essentials
6	15 (3.55%)	ISO 9001
6	15 (3.55%)	QA
7	12 (2.84%)	COBIT
8	11 (2.60%)	HMG Security Policy Framework
9	10 (2.36%)	Cyber Essentials PLUS
10	9 (2.13%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
11	8 (1.89%)	SLA
12	7 (1.65%)	ISO 22301
12	7 (1.65%)	NCSC
13	6 (1.42%)	Sarbanes-Oxley
14	3 (0.71%)	BS7799
14	3 (0.71%)	GLBA
15	2 (0.47%)	IASME
16	1 (0.24%)	21 CFR Part 11
16	1 (0.24%)	ITGC

System Software
1	37 (8.75%)	Active Directory
2	27 (6.38%)	Docker
3	11 (2.60%)	VMware Infrastructure
4	10 (2.36%)	Snort
5	8 (1.89%)	Firmware
6	6 (1.42%)	Hyper-V
6	6 (1.42%)	vSphere
7	4 (0.95%)	BitLocker
8	1 (0.24%)	VMware ESXi

Systems Management
1	32 (7.57%)	Kubernetes
2	20 (4.73%)	Terraform
3	18 (4.26%)	Ansible
3	18 (4.26%)	Nessus
4	13 (3.07%)	CSIRT
5	9 (2.13%)	Puppet
6	7 (1.65%)	Core Impact
6	7 (1.65%)	Nexpose
6	7 (1.65%)	SCCM
7	5 (1.18%)	Computer Incident Response Team
8	4 (0.95%)	CASB
8	4 (0.95%)	HP ALM
8	4 (0.95%)	HP Fortify
8	4 (0.95%)	Microsoft Intune
8	4 (0.95%)	Norton AntiVirus
8	4 (0.95%)	Prometheus
9	3 (0.71%)	Grafana
9	3 (0.71%)	HP Quality Center
9	3 (0.71%)	Network Intrusion Detection System
10	2 (0.47%)	Computer Emergency Response Teams

Vendors
1	72 (17.02%)	Microsoft
2	30 (7.09%)	Cisco
3	25 (5.91%)	Google
4	20 (4.73%)	VMware
5	17 (4.02%)	Splunk
6	11 (2.60%)	CheckPoint
6	11 (2.60%)	LogRhythm
6	11 (2.60%)	Oracle
7	10 (2.36%)	HP
8	9 (2.13%)	McAfee
9	8 (1.89%)	AlienVault
9	8 (1.89%)	Qualys
10	6 (1.42%)	SolarWinds
11	5 (1.18%)	Dell
11	5 (1.18%)	Red Hat
12	4 (0.95%)	Carbon Black
12	4 (0.95%)	IBM
12	4 (0.95%)	Proofpoint
12	4 (0.95%)	Veeam
12	4 (0.95%)	Zscaler

95 Penetration Testing job vacancies Nationwide

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 16 Job Locations

Penetration TestingTop 30 Co-occurring IT Skills