Period
to 22 January 2018

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 22 January 2018 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
22 Jan 2018
Same period 2017 Same period 2016
Rank 392 354 474
Rank change year-on-year -38 +120 +96
Permanent jobs citing Penetration Testing 1,352 1,489 1,275
As % of all permanent IT jobs advertised in the UK 0.78% 0.85% 0.61%
As % of the Processes & Methodologies category 0.87% 0.95% 0.69%
Number of salaries quoted 1,082 1,188 1,024
UK median annual salary £57,500 £60,000 £55,000
Median salary % change year-on-year -4.17% +9.09% +4.76%
10th Percentile £36,250 £36,250 £33,575
90th Percentile £85,000 £85,000 £82,500
UK excluding London median annual salary £50,000 £52,500 £52,500
% change year-on-year -4.76% - +10.53%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 155,849 156,291 185,435
As % of all permanent IT jobs advertised in the UK 89.86% 89.54% 88.88%
Number of salaries quoted 125,378 129,131 153,692
UK median annual salary £50,000 £48,750 £47,500
Median salary % change year-on-year +2.56% +2.63% +5.56%
10th Percentile £28,750 £28,250 £27,500
90th Percentile £80,000 £79,000 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +6.25%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 22 January 2018.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 22 January 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -38 1,293 £57,500 -4.17% 164
UK excluding London -27 696 £50,000 -4.76% 105
London -49 594 £65,500 +0.77% 61
South East +28 314 £52,500 -12.50% 36
North of England +2 155 £50,000 - 33
North West +45 97 £53,000 +6.00% 25
Midlands -40 78 £48,750 -2.50% 11
South West -60 72 £45,000 -18.18% 8
West Midlands -32 65 £50,000 +5.26% 9
East of England +13 62 £57,500 +15.00% 14
Yorkshire -11 56 £47,500 +13.10% 5
East Midlands +9 13 £33,210 -39.62% 2
Wales +13 7 £47,500 -29.63%
Scotland -47 7 £40,000 +6.67% 3
North East -17 2 - - 3
Northern Ireland - 2 £60,000 -

For the 6 months to 22 January 2018, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for Penetration Testing.

1 738 (54.59%) Information Security
2 540 (39.94%) Cybersecurity
3 495 (36.61%) CISSP
4 470 (34.76%) Firewall
5 453 (33.51%) ISO/IEC 27001
6 352 (26.04%) Finance
7 319 (23.59%) CISM
8 307 (22.71%) SIEM
9 300 (22.19%) Windows
10 299 (22.12%) Network Security
11 231 (17.09%) Linux
12 203 (15.01%) PCI DSS
13 197 (14.57%) Data Protection
14 196 (14.50%) Vulnerability Management
15 192 (14.20%) Vulnerability Scanning
16 191 (14.13%) Management Information System
17 186 (13.76%) Risk Management
18 185 (13.68%) ITIL
18 185 (13.68%) CREST Certified
19 182 (13.46%) Security Architecture
20 180 (13.31%) TCP/IP
21 169 (12.50%) Agile Software Development
22 164 (12.13%) CEH
23 162 (11.98%) Ethical Hacking
24 156 (11.54%) GDPR
25 155 (11.46%) Active Directory
26 151 (11.17%) Degree
27 149 (11.02%) Cisco
28 147 (10.87%) Security Operations
29 146 (10.80%) Security Testing

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 25 (1.85%) IIS
2 22 (1.63%) MS Exchange
3 20 (1.48%) SharePoint
4 18 (1.33%) Exchange Server 2010
5 11 (0.81%) Apache Pig
5 11 (0.81%) Exchange Server 2013
6 10 (0.74%) Apache
7 9 (0.67%) Confluence
7 9 (0.67%) OpenStack
8 8 (0.59%) Elasticsearch
8 8 (0.59%) Skype for Business
9 6 (0.44%) JBoss
9 6 (0.44%) WordPress
10 3 (0.22%) nginx
10 3 (0.22%) Tomcat
11 1 (0.074%) BizTalk Server
11 1 (0.074%) CMS
11 1 (0.074%) SAS
Applications
1 21 (1.55%) Microsoft Office
2 9 (0.67%) Spreadsheet
3 3 (0.22%) Microsoft Excel
4 2 (0.15%) Microsoft PowerPoint
5 1 (0.074%) MS Visio
Business Applications
1 4 (0.30%) Payment Gateway
2 3 (0.22%) Remedy ITSM
3 1 (0.074%) Dynamics CRM
3 1 (0.074%) SunGard APT
Cloud Services
1 94 (6.95%) Amazon AWS
2 60 (4.44%) Microsoft Azure
3 48 (3.55%) SaaS
4 28 (2.07%) IaaS
5 25 (1.85%) Office 365
6 17 (1.26%) Cloud Computing
7 11 (0.81%) Cloudflare
8 9 (0.67%) PaaS
9 6 (0.44%) Google Cloud Platform
10 5 (0.37%) AWS Lambda
10 5 (0.37%) GitHub
10 5 (0.37%) Serverless
11 4 (0.30%) Amazon S3
12 3 (0.22%) Amazon SQS
12 3 (0.22%) Mimecast
13 1 (0.074%) Amazon ELB
13 1 (0.074%) AWS CloudFormation
13 1 (0.074%) Basecamp
13 1 (0.074%) G Suite
13 1 (0.074%) OpenShift
Communications & Networking
1 470 (34.76%) Firewall
2 299 (22.12%) Network Security
3 180 (13.31%) TCP/IP
4 111 (8.21%) Wireless
5 100 (7.40%) VPN
6 82 (6.07%) Internet
7 80 (5.92%) WAN
8 74 (5.47%) DNS
8 74 (5.47%) HTTP
9 65 (4.81%) Intrusion Detection
10 59 (4.36%) SSL
11 49 (3.62%) Cisco ASA
12 46 (3.40%) IPsec
13 45 (3.33%) LAN
14 39 (2.88%) DHCP
15 30 (2.22%) VoIP
16 29 (2.14%) VLAN
17 28 (2.07%) Ethernet
18 27 (2.00%) SMTP
19 23 (1.70%) HTTPS
Database & Business Intelligence
1 46 (3.40%) SQL Server
2 26 (1.92%) MySQL
3 20 (1.48%) Big Data
4 17 (1.26%) NoSQL
5 12 (0.89%) GIS
5 12 (0.89%) Hadoop
6 11 (0.81%) Apache Hive
6 11 (0.81%) MongoDB
7 6 (0.44%) Amazon RDS
7 6 (0.44%) SQL Server 2012
7 6 (0.44%) SQL Server 2014
8 5 (0.37%) SQL Server 2008
9 3 (0.22%) Blockchain
10 1 (0.074%) Data Mining
10 1 (0.074%) Hazelcast
10 1 (0.074%) PostgreSQL
10 1 (0.074%) Redis
10 1 (0.074%) Relational Database
Development Applications
1 69 (5.10%) Metasploit
2 54 (3.99%) Burp Suite
3 31 (2.29%) Git (software)
4 25 (1.85%) JIRA
4 25 (1.85%) Selenium
5 18 (1.33%) AppScan
6 14 (1.04%) Jenkins
7 11 (0.81%) Atlassian Bamboo
7 11 (0.81%) Robot Framework
8 10 (0.74%) Bitbucket
8 10 (0.74%) CodeSonar
8 10 (0.74%) git-flow
9 8 (0.59%) Appium
10 7 (0.52%) Team Foundation Server
11 5 (0.37%) IDA Disassembler
11 5 (0.37%) Paros
12 4 (0.30%) SpecFlow
12 4 (0.30%) Visual Studio
13 3 (0.22%) WebScarab
14 2 (0.15%) JUnit
General
1 352 (26.04%) Finance
2 87 (6.43%) Legal
3 66 (4.88%) Banking
4 55 (4.07%) Telecoms
5 41 (3.03%) Law
6 35 (2.59%) Retail
7 28 (2.07%) Publishing
8 26 (1.92%) Marketing
9 20 (1.48%) Games
10 17 (1.26%) Financial Institution
11 13 (0.96%) Investment Banking
12 12 (0.89%) Advertising
13 9 (0.67%) Electronics
14 8 (0.59%) Automotive
15 7 (0.52%) Manufacturing
16 5 (0.37%) Aerospace
17 4 (0.30%) Digital Economy
18 3 (0.22%) Spanish Language
19 2 (0.15%) Military
19 2 (0.15%) Multimedia
Job Titles
1 279 (20.64%) Analyst
2 244 (18.05%) Security Analyst
3 240 (17.75%) Tester
4 217 (16.05%) Penetration Tester
5 202 (14.94%) Consultant
6 180 (13.31%) Security Consultant
7 150 (11.09%) Security Engineer
8 136 (10.06%) Security Manager
9 79 (5.84%) Information Analyst
9 79 (5.84%) Information Security Analyst
10 70 (5.18%) IT Analyst
10 70 (5.18%) IT Security Analyst
11 66 (4.88%) Security Officer
11 66 (4.88%) Senior Penetration Tester
11 66 (4.88%) Senior Tester
12 64 (4.73%) Security Specialist
13 61 (4.51%) Architect
14 60 (4.44%) Security Tester
15 57 (4.22%) Security Penetration Tester
16 56 (4.14%) IT Engineer
Libraries, Frameworks & Software Standards
1 70 (5.18%) .NET
2 40 (2.96%) HTML
3 31 (2.29%) Node.js
4 28 (2.07%) Web Services
5 27 (2.00%) CSS
6 23 (1.70%) Django
7 22 (1.63%) ASP.NET
7 22 (1.63%) J2EE
8 20 (1.48%) REST
9 18 (1.33%) Ajax
10 17 (1.26%) XML
11 16 (1.18%) jQuery
11 16 (1.18%) LAMP
12 15 (1.11%) SOAP
13 14 (1.04%) 802.1X
14 13 (0.96%) HTML5
14 13 (0.96%) Middleware
15 12 (0.89%) .NET Framework
15 12 (0.89%) JSON
16 11 (0.81%) Java EE
Miscellaneous
1 191 (14.13%) Management Information System
2 111 (8.21%) Data Protection Act
3 88 (6.51%) Data Centre
4 87 (6.43%) Computer Science
5 73 (5.40%) Mobile App
6 68 (5.03%) Cyberthreat
7 54 (3.99%) Analytical Skills
8 52 (3.85%) Cyberattack
9 43 (3.18%) Distributed Denial-of-Service
10 41 (3.03%) PKI
11 34 (2.51%) Security Operations Centre
12 26 (1.92%) Cyber Defence
13 25 (1.85%) Blog
13 25 (1.85%) Clustering
14 22 (1.63%) Fintech
14 22 (1.63%) Greenfield Project
14 22 (1.63%) Mainframe
15 21 (1.55%) Public Cloud
16 18 (1.33%) Virtual Team
17 17 (1.26%) CESG
Operating Systems
1 300 (22.19%) Windows
2 231 (17.09%) Linux
3 132 (9.76%) Unix
4 108 (7.99%) Apple iOS
5 97 (7.17%) Android
6 94 (6.95%) Windows Server
7 48 (3.55%) Kali Linux
8 42 (3.11%) Mac OS X
9 24 (1.78%) Windows Server 2008
10 15 (1.11%) Windows Server 2012
11 10 (0.74%) Solaris
11 10 (0.74%) VxWorks
12 9 (0.67%) Windows 7
13 6 (0.44%) VMS
14 4 (0.30%) Windows 10
15 3 (0.22%) Red Hat Enterprise Linux
15 3 (0.22%) Ubuntu
16 2 (0.15%) KNOPPIX
16 2 (0.15%) Windows 8
16 2 (0.15%) Windows Mobile
Processes & Methodologies
1 738 (54.59%) Information Security
2 540 (39.94%) Cybersecurity
3 307 (22.71%) SIEM
4 197 (14.57%) Data Protection
5 196 (14.50%) Vulnerability Management
6 192 (14.20%) Vulnerability Scanning
7 186 (13.76%) Risk Management
8 185 (13.68%) ITIL
9 182 (13.46%) Security Architecture
10 169 (12.50%) Agile Software Development
11 162 (11.98%) Ethical Hacking
12 147 (10.87%) Security Operations
13 146 (10.80%) Security Testing
14 141 (10.43%) Vulnerability Assessment
15 131 (9.69%) OWASP
16 103 (7.62%) Risk Assessment
17 98 (7.25%) Security Management
18 95 (7.03%) Incident Management
19 84 (6.21%) Social Engineering
20 79 (5.84%) Data Loss Prevention
Programming Languages
1 127 (9.39%) Python
2 123 (9.10%) Java
3 99 (7.32%) C
4 85 (6.29%) C++
5 69 (5.10%) C#
6 59 (4.36%) SQL
7 55 (4.07%) Bash Shell
8 53 (3.92%) JavaScript
9 51 (3.77%) Ruby
10 50 (3.70%) PHP
11 41 (3.03%) PowerShell
12 25 (1.85%) Perl
13 20 (1.48%) Objective-C
14 14 (1.04%) Shell Script
14 14 (1.04%) VB.NET
15 9 (0.67%) Lua
16 6 (0.44%) VB
17 4 (0.30%) VBScript
18 3 (0.22%) Groovy
19 2 (0.15%) Ada
Qualifications
1 495 (36.61%) CISSP
2 319 (23.59%) CISM
3 185 (13.68%) CREST Certified
4 164 (12.13%) CEH
5 151 (11.17%) Degree
6 141 (10.43%) OSCP
7 114 (8.43%) Security Cleared
8 112 (8.28%) Cisco Certification
9 108 (7.99%) SANS
10 104 (7.69%) CISA
11 92 (6.80%) GIAC
12 70 (5.18%) CCNA
13 57 (4.22%) CHECK Team Leader
14 54 (3.99%) CCNP
14 54 (3.99%) CRISC
15 48 (3.55%) SSCP
16 43 (3.18%) Computer Science Degree
17 42 (3.11%) SC Cleared
18 39 (2.88%) Microsoft Certification
19 36 (2.66%) MCSE
Quality Assurance & Compliance
1 453 (33.51%) ISO/IEC 27001
2 203 (15.01%) PCI DSS
3 156 (11.54%) GDPR
4 99 (7.32%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
5 61 (4.51%) Cyber Essentials
6 58 (4.29%) COBIT
7 36 (2.66%) QA
8 17 (1.26%) ISO 22301
8 17 (1.26%) Sarbanes-Oxley
9 10 (0.74%) SLA
10 9 (0.67%) ISO 31000
10 9 (0.67%) ISO/IEC 27005
11 8 (0.59%) Cyber Essentials PLUS
11 8 (0.59%) HIPAA
12 7 (0.52%) NIST 800
13 6 (0.44%) GPG13
14 5 (0.37%) HMG Security Policy Framework
15 4 (0.30%) GCP
15 4 (0.30%) RMADS
16 3 (0.22%) MISRA
System Software
1 155 (11.46%) Active Directory
2 31 (2.29%) Hyper-V
3 29 (2.14%) VMware Infrastructure
4 22 (1.63%) Docker
4 22 (1.63%) vSphere
5 12 (0.89%) ProxySG
6 11 (0.81%) Virtual Machines
7 9 (0.67%) VMware ESXi
8 6 (0.44%) Firmware
8 6 (0.44%) Snort
9 5 (0.37%) XenApp
10 3 (0.22%) VMware Server
11 2 (0.15%) KVM
12 1 (0.074%) NFS
12 1 (0.074%) OpenAM
12 1 (0.074%) OpenSIPS
12 1 (0.074%) Virtual Servers
12 1 (0.074%) VirtualBox
12 1 (0.074%) VMware Workstation
Systems Management
1 96 (7.10%) Nessus
2 38 (2.81%) Nmap
3 25 (1.85%) Core Impact
4 16 (1.18%) QRadar
5 12 (0.89%) Puppet
6 11 (0.81%) Host Intrusion Detection System
7 10 (0.74%) Salt
8 8 (0.59%) Computer Emergency Response Teams
9 7 (0.52%) Kibana
9 7 (0.52%) logstash
10 6 (0.44%) McAfee ePO
10 6 (0.44%) SCOM
11 5 (0.37%) Microsoft Clustering
11 5 (0.37%) SCCM
11 5 (0.37%) Trend Micro Deep Security
12 4 (0.30%) Computer Incident Response Team
12 4 (0.30%) Kubernetes
12 4 (0.30%) Nagios
12 4 (0.30%) WMI
13 3 (0.22%) WebInspect
Vendors
1 149 (11.02%) Cisco
2 140 (10.36%) Microsoft
3 57 (4.22%) CheckPoint
4 50 (3.70%) VMware
5 49 (3.62%) Splunk
6 42 (3.11%) Apple
6 42 (3.11%) Qualys
7 31 (2.29%) Juniper
8 25 (1.85%) Blue Coat
8 25 (1.85%) Sophos
9 24 (1.78%) F5
10 23 (1.70%) McAfee
10 23 (1.70%) Palo Alto
11 22 (1.63%) Citrix
12 20 (1.48%) Capita
13 18 (1.33%) SolarWinds
14 15 (1.11%) HP
15 12 (0.89%) IBM
15 12 (0.89%) Oracle
15 12 (0.89%) Radware