Period
to 18 January 2019

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 18 January 2019 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
18 Jan 2019
Same period 2018 Same period 2017
Rank 332 394 359
Rank change year-on-year +62 -35 +114
Permanent jobs citing Penetration Testing 1,424 1,370 1,538
As % of all permanent IT jobs advertised in the UK 0.94% 0.79% 0.87%
As % of the Processes & Methodologies category 1.03% 0.86% 0.95%
Number of salaries quoted 1,076 1,101 1,228
UK median annual salary £60,000 £57,500 £60,000
Median salary % change year-on-year +4.35% -4.17% +9.09%
10th Percentile £37,500 £36,250 £36,250
90th Percentile £86,250 £85,000 £85,000
UK excluding London median annual salary £52,500 £50,000 £52,500
% change year-on-year +5.00% -4.76% +0.96%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 138,851 159,672 161,947
As % of all permanent IT jobs advertised in the UK 91.68% 91.80% 91.33%
Number of salaries quoted 109,503 128,276 133,965
UK median annual salary £52,500 £50,000 £47,500
Median salary % change year-on-year +5.00% +5.26% -
10th Percentile £30,000 £28,500 £27,500
90th Percentile £85,000 £80,000 £78,750
UK excluding London median annual salary £45,000 £45,000 £42,500
% change year-on-year - +5.88% -

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 18 January 2019.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 18 January 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +57 1,325 £60,000 +4.35% 143
UK excluding London +64 795 £52,500 +5.00% 102
London +17 553 £68,000 +4.62% 51
North of England +162 356 £50,000 - 29
North West +146 277 £50,000 -6.10% 15
East of England +106 134 £65,000 +13.04% 14
South East -133 115 £60,000 +14.29% 17
Midlands +56 93 £50,000 +5.26% 21
Yorkshire +30 74 £48,750 +2.63% 14
South West +29 63 £47,500 +5.56% 11
West Midlands +31 60 £45,000 -10.00% 17
East Midlands +39 32 £57,500 +61.65% 3
Wales +24 19 £45,000 -5.26% 2
Scotland +11 10 £43,750 +9.38% 5
North East +16 5 £65,750 -
Northern Ireland -6 5 £62,500 +4.17% 3

For the 6 months to 18 January 2019, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 755 (53.02%) Information Security
2 579 (40.66%) CISSP
3 548 (38.48%) Cybersecurity
4 476 (33.43%) SIEM
5 472 (33.15%) ISO/IEC 27001
6 444 (31.18%) Windows
7 439 (30.83%) Linux
8 373 (26.19%) Microsoft
9 306 (21.49%) CREST Certified
10 296 (20.79%) Finance
11 276 (19.38%) PCI DSS
12 275 (19.31%) Vulnerability Assessment
13 273 (19.17%) Risk Management
14 271 (19.03%) GDPR
15 266 (18.68%) Firewall
16 262 (18.40%) Vulnerability Management
17 258 (18.12%) OWASP
18 246 (17.28%) Management Information System
19 242 (16.99%) Security Testing
20 237 (16.64%) Degree
21 236 (16.57%) SANS
22 235 (16.50%) Cisco
23 227 (15.94%) Network Security
24 204 (14.33%) Cisco Certification
25 203 (14.26%) Microsoft Azure
26 195 (13.69%) CISM
27 191 (13.41%) Amazon AWS
28 188 (13.20%) Data Protection
29 185 (12.99%) Security Management
30 177 (12.43%) Data Loss Prevention

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 27 (1.90%) SharePoint
2 26 (1.83%) Confluence
3 17 (1.19%) Apache Pig
4 12 (0.84%) IIS
5 9 (0.63%) Skype for Business
6 8 (0.56%) MS Exchange
7 4 (0.28%) Apache
7 4 (0.28%) SharePoint Server
7 4 (0.28%) WebSphere
7 4 (0.28%) WebSphere Application Server
8 3 (0.21%) Umbraco
9 2 (0.14%) Apache Solr
9 2 (0.14%) Jupyter
10 1 (0.070%) Apache Spark
10 1 (0.070%) CMS
10 1 (0.070%) DNN
10 1 (0.070%) Elasticsearch
10 1 (0.070%) Mendix
10 1 (0.070%) nginx
Applications
1 116 (8.15%) Microsoft PowerPoint
2 22 (1.54%) Microsoft Office
3 7 (0.49%) Microsoft Excel
4 4 (0.28%) MS Visio
5 1 (0.070%) Microsoft Project
Business Applications
1 3 (0.21%) RiskWrite
2 2 (0.14%) SAP ERP
3 1 (0.070%) SAP IS-U
Cloud Services
1 203 (14.26%) Microsoft Azure
2 191 (13.41%) Amazon AWS
3 62 (4.35%) SaaS
4 42 (2.95%) Google Cloud Platform
5 22 (1.54%) Office 365
6 10 (0.70%) AWS CloudFormation
6 10 (0.70%) Cloud Computing
7 9 (0.63%) IaaS
8 8 (0.56%) PaaS
9 6 (0.42%) Amazon EC2
9 6 (0.42%) Amazon S3
9 6 (0.42%) BlazeMeter
10 5 (0.35%) Mimecast
10 5 (0.35%) Virtual Private Cloud
11 4 (0.28%) Amazon SQS
11 4 (0.28%) GitHub
12 3 (0.21%) Amazon ELB
12 3 (0.21%) IBM Cloud
12 3 (0.21%) Route 53
12 3 (0.21%) Serverless
Communications & Networking
1 266 (18.68%) Firewall
2 227 (15.94%) Network Security
3 126 (8.85%) Wi-Fi
4 113 (7.94%) TCP/IP
5 67 (4.71%) Intrusion Detection
6 57 (4.00%) VPN
7 48 (3.37%) Wireless
8 45 (3.16%) Internet
9 44 (3.09%) LAN
10 35 (2.46%) HTTP
10 35 (2.46%) SSL
11 34 (2.39%) WAN
12 32 (2.25%) IPsec
13 28 (1.97%) BGP
14 25 (1.76%) Cisco Nexus
15 22 (1.54%) EIGRP
16 19 (1.33%) DNS
17 18 (1.26%) Cisco ASA
18 15 (1.05%) Cisco IOS
19 14 (0.98%) Wireshark
Database & Business Intelligence
1 47 (3.30%) Big Data
2 29 (2.04%) SQL Server
3 27 (1.90%) MySQL
4 23 (1.62%) Hadoop
5 17 (1.19%) Apache Hive
6 12 (0.84%) Data Warehouse
7 8 (0.56%) NoSQL
8 7 (0.49%) DB2
9 6 (0.42%) Blockchain
9 6 (0.42%) MongoDB
10 5 (0.35%) Amazon RDS
11 4 (0.28%) PostgreSQL
11 4 (0.28%) Power BI
11 4 (0.28%) Relational Database
12 3 (0.21%) Amazon Aurora
12 3 (0.21%) Redis
13 2 (0.14%) NonStop SQL
13 2 (0.14%) Oracle Database
13 2 (0.14%) SQL Server 2014
14 1 (0.070%) RDBMS
Development Applications
1 82 (5.76%) JIRA
2 55 (3.86%) Selenium
3 46 (3.23%) Metasploit
4 39 (2.74%) Git (software)
5 35 (2.46%) Burp Suite
6 25 (1.76%) Cucumber
7 24 (1.69%) Atlassian Bamboo
8 20 (1.40%) Bitbucket
8 20 (1.40%) CodeSonar
8 20 (1.40%) git-flow
8 20 (1.40%) Robot Framework
9 16 (1.12%) Android Studio
9 16 (1.12%) Xcode
10 13 (0.91%) LoadRunner
11 11 (0.77%) SoapUI
12 10 (0.70%) Subversion
13 9 (0.63%) Jenkins
13 9 (0.63%) Visual Studio
14 8 (0.56%) Appium
14 8 (0.56%) TeamCity
General
1 296 (20.79%) Finance
2 155 (10.88%) Legal
3 75 (5.27%) Retail
4 53 (3.72%) Banking
5 26 (1.83%) Telecoms
6 19 (1.33%) Law
7 11 (0.77%) Electronics
8 10 (0.70%) Marketing
9 8 (0.56%) Advertising
9 8 (0.56%) Financial Institution
9 8 (0.56%) Publishing
10 6 (0.42%) Games
10 6 (0.42%) Military
11 4 (0.28%) Aerospace
11 4 (0.28%) Investment Banking
12 3 (0.21%) Manufacturing
13 2 (0.14%) Back Office
14 1 (0.070%) Automotive
14 1 (0.070%) Billing
14 1 (0.070%) Hungarian Language
Job Titles
1 304 (21.35%) Analyst
2 275 (19.31%) Security Analyst
3 242 (16.99%) Tester
4 239 (16.78%) Security Manager
5 208 (14.61%) Penetration Tester
6 167 (11.73%) Security Engineer
7 147 (10.32%) Information Security Manager
8 146 (10.25%) IT Analyst
9 145 (10.18%) Information Manager
9 145 (10.18%) IT Security Analyst
10 130 (9.13%) Consultant
11 128 (8.99%) Senior Analyst
12 120 (8.43%) Senior Security Analyst
13 108 (7.58%) Senior IT Security Analyst
14 99 (6.95%) Security Consultant
15 71 (4.99%) Senior Penetration Tester
15 71 (4.99%) Senior Tester
16 65 (4.56%) Security Specialist
17 56 (3.93%) Architect
18 54 (3.79%) Information Analyst
Libraries, Frameworks & Software Standards
1 58 (4.07%) .NET
2 46 (3.23%) Node.js
3 36 (2.53%) Web Services
4 30 (2.11%) ASP.NET
5 28 (1.97%) Elastic Stack
5 28 (1.97%) Java EE
5 28 (1.97%) REST
6 27 (1.90%) HTML
7 26 (1.83%) .NET Framework
8 25 (1.76%) Django
9 23 (1.62%) SOAP
9 23 (1.62%) STL
10 22 (1.54%) LAMP
11 20 (1.40%) RabbitMQ
11 20 (1.40%) RESTful
11 20 (1.40%) Spring MVC
12 19 (1.33%) SailPoint
13 16 (1.12%) Dagger
14 15 (1.05%) CSS
15 14 (0.98%) OAuth
Miscellaneous
1 246 (17.28%) Management Information System
2 111 (7.79%) Cyber Kill Chain
3 106 (7.44%) Mobile App
4 68 (4.78%) Analytical Skills
5 56 (3.93%) Cyberattack
6 54 (3.79%) Self-Motivation
7 52 (3.65%) Security Operations Centre
8 47 (3.30%) Data Centre
9 42 (2.95%) Fintech
10 34 (2.39%) Cyberthreat
11 32 (2.25%) Data Protection Act
12 25 (1.76%) Virtual Team
13 23 (1.62%) Enterprise Software
14 19 (1.33%) PKI
15 17 (1.19%) Distributed Denial-of-Service
16 15 (1.05%) Cybercrime
17 13 (0.91%) BYOD
17 13 (0.91%) Cyber Defence
18 12 (0.84%) Embedded Systems
19 10 (0.70%) NHS
Operating Systems
1 444 (31.18%) Windows
2 439 (30.83%) Linux
3 62 (4.35%) Android
3 62 (4.35%) Apple iOS
4 51 (3.58%) Unix
5 36 (2.53%) Kali Linux
6 34 (2.39%) Windows Server
7 22 (1.54%) Mac OS X
8 12 (0.84%) Windows Server 2008
9 8 (0.56%) CentOS
10 7 (0.49%) Windows 7
11 5 (0.35%) Embedded Linux
12 4 (0.28%) Ubuntu
13 3 (0.21%) Red Hat Enterprise Linux
13 3 (0.21%) Solaris
13 3 (0.21%) Windows Server 2012
14 2 (0.14%) Debian
14 2 (0.14%) Windows 10
15 1 (0.070%) Windows 8
15 1 (0.070%) Windows Phone
Processes & Methodologies
1 755 (53.02%) Information Security
2 548 (38.48%) Cybersecurity
3 476 (33.43%) SIEM
4 275 (19.31%) Vulnerability Assessment
5 273 (19.17%) Risk Management
6 262 (18.40%) Vulnerability Management
7 258 (18.12%) OWASP
8 242 (16.99%) Security Testing
9 188 (13.20%) Data Protection
10 185 (12.99%) Security Management
11 177 (12.43%) Data Loss Prevention
12 168 (11.80%) Ethical Hacking
13 151 (10.60%) Security Operations
14 149 (10.46%) Security Architecture
15 146 (10.25%) Mentoring
16 144 (10.11%) Incident Management
17 143 (10.04%) Scenario Testing
18 139 (9.76%) Disaster Recovery
19 136 (9.55%) Business Continuity
20 135 (9.48%) Vulnerability Scanning
Programming Languages
1 153 (10.74%) SQL
2 148 (10.39%) Python
3 128 (8.99%) Java
4 97 (6.81%) C#
5 90 (6.32%) C++
6 87 (6.11%) C
7 80 (5.62%) PowerShell
8 53 (3.72%) Bash Shell
9 49 (3.44%) JavaScript
10 48 (3.37%) Ruby
11 43 (3.02%) Perl
11 43 (3.02%) PHP
12 24 (1.69%) Objective-C
13 14 (0.98%) Go
13 14 (0.98%) VB
14 11 (0.77%) Shell Script
15 5 (0.35%) Embedded C
16 2 (0.14%) Lua
16 2 (0.14%) T-SQL
16 2 (0.14%) VB.NET
Qualifications
1 579 (40.66%) CISSP
2 306 (21.49%) CREST Certified
3 237 (16.64%) Degree
4 236 (16.57%) SANS
5 204 (14.33%) Cisco Certification
6 195 (13.69%) CISM
7 160 (11.24%) Security Cleared
8 132 (9.27%) CEH
8 132 (9.27%) OSCP
9 130 (9.13%) (ISC)2 CCSP
10 101 (7.09%) CISA
11 81 (5.69%) GIAC
12 73 (5.13%) SC Cleared
13 70 (4.92%) DV Cleared
14 61 (4.28%) CCNA
15 55 (3.86%) CCNP
16 48 (3.37%) Microsoft Certification
17 46 (3.23%) MCSE
18 45 (3.16%) SSCP
19 42 (2.95%) CCIE
Quality Assurance & Compliance
1 472 (33.15%) ISO/IEC 27001
2 276 (19.38%) PCI DSS
3 271 (19.03%) GDPR
4 78 (5.48%) Cyber Essentials
5 45 (3.16%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
6 41 (2.88%) COBIT
7 29 (2.04%) QA
8 19 (1.33%) MiFID
9 17 (1.19%) Cyber Essentials PLUS
10 10 (0.70%) PMO
11 9 (0.63%) ISO 22301
11 9 (0.63%) Sarbanes-Oxley
12 7 (0.49%) ISO 9001
13 6 (0.42%) HIPAA
13 6 (0.42%) Web Application Security Consortium
14 5 (0.35%) SLA
15 4 (0.28%) RMADS
16 2 (0.14%) FINRA
17 1 (0.070%) Data Quality
17 1 (0.070%) NIST 800
System Software
1 139 (9.76%) VMware Infrastructure
2 134 (9.41%) Active Directory
3 36 (2.53%) Docker
4 33 (2.32%) Snort
5 20 (1.40%) vSphere
6 9 (0.63%) Hyper-V
7 6 (0.42%) Firmware
8 5 (0.35%) KVM
9 4 (0.28%) ProxySG
9 4 (0.28%) Virtual Machines
10 2 (0.14%) Squid
10 2 (0.14%) Virtual Servers
11 1 (0.070%) Apache Flume
11 1 (0.070%) HDFS
11 1 (0.070%) VMware NSX
Systems Management
1 84 (5.90%) Nessus
2 35 (2.46%) Puppet
3 32 (2.25%) SCCM
4 30 (2.11%) Nmap
5 26 (1.83%) McAfee ePO
5 26 (1.83%) Nexpose
6 23 (1.62%) Ansible
7 20 (1.40%) QRadar
7 20 (1.40%) Salt
8 19 (1.33%) OSSEC
9 13 (0.91%) EnCase
9 13 (0.91%) OpenVAS
9 13 (0.91%) Opscode Chef
9 13 (0.91%) Terraform
10 11 (0.77%) Suricata
11 10 (0.70%) FTK
12 9 (0.63%) WSUS
13 8 (0.56%) Kubernetes
14 7 (0.49%) HP Quality Center
14 7 (0.49%) Network Intrusion Detection System
Vendors
1 373 (26.19%) Microsoft
2 235 (16.50%) Cisco
3 147 (10.32%) VMware
4 68 (4.78%) Splunk
5 51 (3.58%) Palo Alto
6 50 (3.51%) LogRhythm
7 47 (3.30%) CheckPoint
8 40 (2.81%) McAfee
8 40 (2.81%) Qualys
9 39 (2.74%) Symantec
10 33 (2.32%) Blue Coat
11 31 (2.18%) Juniper
12 28 (1.97%) FireEye
13 26 (1.83%) IBM
14 25 (1.76%) Google
15 19 (1.33%) ArcSight
15 19 (1.33%) Aveksa
16 18 (1.26%) Red Hat
17 15 (1.05%) ServiceNow
18 14 (0.98%) CyberArk