Period
to 20 November 2017

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 20 November 2017 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
20 Nov 2017
Same period 2016 Same period 2015
Rank 380 335 486
Rank change year-on-year -45 +151 +67
Permanent jobs citing Penetration Testing 1454 1776 1286
As % of all permanent IT jobs advertised in the UK 0.81% 0.95% 0.59%
As % of the Processes & Methodologies category 0.90% 1.06% 0.66%
Number of salaries quoted 1169 1421 1007
UK median annual salary £55,000 £57,500 £55,000
Median salary % change year-on-year -4.35% +4.55% +4.76%
10th Percentile £36,250 £35,073 £32,500
90th Percentile £85,000 £83,750 £82,500
UK excluding London median annual salary £50,000 £50,000 £47,500
% change year-on-year - +5.26% +5.56%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 161665 167144 194190
As % of all permanent IT jobs advertised in the UK 89.93% 89.36% 88.79%
Number of salaries quoted 127669 138904 159942
UK median annual salary £50,000 £49,500 £47,500
Median salary % change year-on-year +1.01% +4.21% +5.56%
10th Percentile £28,750 £28,000 £27,500
90th Percentile £80,000 £78,750 £77,500
UK excluding London median annual salary £44,000 £42,500 £42,500
% change year-on-year +3.53% - +6.25%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 20 November 2017.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 November 2017. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -41 1396 £55,000 -4.35% 105
UK excluding London -43 749 £50,000 - 69
London -50 650 £62,500 -3.85% 38
South East +13 356 £52,500 -4.55% 30
North of England -26 147 £50,000 - 16
North West +10 104 £52,500 +5.00% 7
Midlands -24 97 £47,500 -5.00% 5
West Midlands -22 82 £50,000 +5.26% 3
East of England -1 65 £57,500 +21.05% 6
South West -71 60 £45,000 -10.00% 9
Yorkshire -48 39 £47,500 -5.00% 8
Scotland -23 15 £37,500 -28.57%
East Midlands +22 14 £37,500 -31.82% 2
Wales +12 8 £47,500 -42.42% 3
North East -4 4 £59,500 +32.22% 1
Northern Ireland -28 2 £60,000 +45.45%

For the 6 months to 20 November 2017, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the number co-occurrences and its proportion to all job ads with a requirement for Penetration Testing.

1 854 (58.73%) Information Security
2 593 (40.78%) Cybersecurity
3 506 (34.80%) CISSP
4 502 (34.53%) ISO/IEC 27001
5 469 (32.26%) Firewall
6 330 (22.70%) CISM
7 323 (22.21%) Finance
7 323 (22.21%) Windows
8 300 (20.63%) Network Security
9 295 (20.29%) SIEM
10 254 (17.47%) Linux
11 232 (15.96%) PCI DSS
12 218 (14.99%) Vulnerability Scanning
13 217 (14.92%) ITIL
14 211 (14.51%) Security Architecture
15 205 (14.10%) Data Protection
15 205 (14.10%) TCP/IP
16 202 (13.89%) Risk Management
17 198 (13.62%) Vulnerability Management
18 197 (13.55%) Degree
19 194 (13.34%) CREST Certified
20 190 (13.07%) Active Directory
21 173 (11.90%) Agile Software Development
22 172 (11.83%) Management Information System
23 167 (11.49%) Vulnerability Assessment
24 166 (11.42%) Security Operations
25 163 (11.21%) Security Cleared
26 161 (11.07%) Cisco
27 159 (10.94%) CEH
28 149 (10.25%) Ethical Hacking

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 35 (2.41%) IIS
2 34 (2.34%) MS Exchange
3 21 (1.44%) Exchange Server 2010
4 17 (1.17%) Exchange Server 2013
5 15 (1.03%) Apache
6 13 (0.89%) SharePoint
7 12 (0.83%) OpenStack
8 10 (0.69%) CMS
9 9 (0.62%) Skype for Business
10 8 (0.55%) Apache Pig
11 6 (0.41%) JBoss
11 6 (0.41%) nginx
11 6 (0.41%) WordPress
12 3 (0.21%) Elasticsearch
13 1 (0.069%) BizTalk Server
13 1 (0.069%) Tomcat
Applications
1 11 (0.76%) Spreadsheet
2 10 (0.69%) Microsoft Office
3 3 (0.21%) Microsoft Excel
3 3 (0.21%) Microsoft PowerPoint
4 2 (0.14%) MS Visio
Business Applications
1 7 (0.48%) Payment Gateway
2 2 (0.14%) Dynamics CRM
3 1 (0.069%) Salesforce.com CRM
3 1 (0.069%) SunGard APT
Cloud Services
1 103 (7.08%) Amazon AWS
2 60 (4.13%) SaaS
3 44 (3.03%) IaaS
4 43 (2.96%) Microsoft Azure
5 16 (1.10%) Office 365
6 11 (0.76%) Cloudflare
7 10 (0.69%) PaaS
8 6 (0.41%) AWS Lambda
8 6 (0.41%) Serverless
9 5 (0.34%) AWS CloudFormation
9 5 (0.34%) Cloud Computing
9 5 (0.34%) GitHub
9 5 (0.34%) Mimecast
10 4 (0.28%) Amazon S3
11 3 (0.21%) Amazon SQS
11 3 (0.21%) Google Cloud Platform
11 3 (0.21%) Google Compute Engine
11 3 (0.21%) OpenShift
12 1 (0.069%) Amazon ELB
12 1 (0.069%) Route 53
Communications & Networking
1 469 (32.26%) Firewall
2 300 (20.63%) Network Security
3 205 (14.10%) TCP/IP
4 87 (5.98%) Wireless
5 85 (5.85%) Internet
6 84 (5.78%) DNS
7 69 (4.75%) WAN
8 63 (4.33%) VPN
9 60 (4.13%) DHCP
10 55 (3.78%) Cisco ASA
10 55 (3.78%) Intrusion Detection
10 55 (3.78%) LAN
11 40 (2.75%) HTTP
12 33 (2.27%) SAN
12 33 (2.27%) SSL
12 33 (2.27%) VoIP
13 31 (2.13%) VLAN
14 27 (1.86%) Ethernet
14 27 (1.86%) MPLS
15 24 (1.65%) Wireshark
Database & Business Intelligence
1 54 (3.71%) SQL Server
2 25 (1.72%) MySQL
3 14 (0.96%) Big Data
4 12 (0.83%) NoSQL
4 12 (0.83%) SQL Server 2008
5 11 (0.76%) Hadoop
5 11 (0.76%) MongoDB
5 11 (0.76%) SQL Server 2012
5 11 (0.76%) SQL Server 2014
6 8 (0.55%) Apache Hive
7 6 (0.41%) Amazon RDS
8 5 (0.34%) GIS
9 3 (0.21%) Blockchain
9 3 (0.21%) Looker
9 3 (0.21%) PostgreSQL
9 3 (0.21%) Redis
10 2 (0.14%) SQL Server 2016
11 1 (0.069%) Hazelcast
11 1 (0.069%) Oracle Database
11 1 (0.069%) Relational Database
Development Applications
1 63 (4.33%) Metasploit
2 52 (3.58%) Burp Suite
3 25 (1.72%) AppScan
4 24 (1.65%) Git (software)
5 11 (0.76%) Selenium
6 9 (0.62%) Paros
7 8 (0.55%) Atlassian Bamboo
7 8 (0.55%) Jenkins
7 8 (0.55%) JIRA
8 7 (0.48%) Bitbucket
8 7 (0.48%) CodeSonar
8 7 (0.48%) git-flow
8 7 (0.48%) Robot Framework
9 4 (0.28%) IDA Disassembler
9 4 (0.28%) Team Foundation Server
9 4 (0.28%) WebScarab
10 3 (0.21%) Fiddler
10 3 (0.21%) Sonatype Nexus
10 3 (0.21%) Visual Studio
11 2 (0.14%) Protractor
General
1 323 (22.21%) Finance
2 96 (6.60%) Banking
3 89 (6.12%) Legal
4 80 (5.50%) Telecoms
5 42 (2.89%) Retail
6 33 (2.27%) Law
7 19 (1.31%) Financial Institution
8 18 (1.24%) Marketing
9 14 (0.96%) Aerospace
10 12 (0.83%) Automotive
11 11 (0.76%) Publishing
12 9 (0.62%) Digital Economy
12 9 (0.62%) Games
12 9 (0.62%) Investment Banking
13 7 (0.48%) Electronics
13 7 (0.48%) Manufacturing
14 6 (0.41%) Spanish Language
15 4 (0.28%) Advertising
16 3 (0.21%) Corporate Banking
16 3 (0.21%) Multimedia
Job Titles
1 292 (20.08%) Analyst
2 253 (17.40%) Security Analyst
3 238 (16.37%) Tester
4 219 (15.06%) Penetration Tester
5 190 (13.07%) Consultant
6 169 (11.62%) Security Consultant
7 167 (11.49%) Security Engineer
8 149 (10.25%) Security Manager
9 85 (5.85%) IT Analyst
9 85 (5.85%) IT Security Analyst
10 83 (5.71%) IT Engineer
11 81 (5.57%) Business Manager
12 79 (5.43%) Business Development Manager
12 79 (5.43%) Development Manager
12 79 (5.43%) Information Analyst
12 79 (5.43%) Information Security Analyst
13 73 (5.02%) IT Security Engineer
14 68 (4.68%) Senior Penetration Tester
14 68 (4.68%) Senior Tester
15 66 (4.54%) Network Engineer
Libraries, Frameworks & Software Standards
1 74 (5.09%) .NET
2 43 (2.96%) Web Services
3 36 (2.48%) HTML
4 27 (1.86%) Node.js
5 26 (1.79%) XML
6 25 (1.72%) J2EE
7 19 (1.31%) ASP.NET
8 17 (1.17%) RESTful
9 16 (1.10%) CSS
9 16 (1.10%) LAMP
10 15 (1.03%) JSON
11 14 (0.96%) Django
12 13 (0.89%) Ajax
13 12 (0.83%) Middleware
13 12 (0.83%) REST
13 12 (0.83%) SOAP
14 10 (0.69%) CGI
14 10 (0.69%) OAuth
15 9 (0.62%) HTML5
16 8 (0.55%) OAuth2
Miscellaneous
1 172 (11.83%) Management Information System
2 131 (9.01%) Data Protection Act
3 102 (7.02%) Data Centre
4 87 (5.98%) Computer Science
5 72 (4.95%) Cyberthreat
6 55 (3.78%) Analytical Skills
7 49 (3.37%) Mobile App
8 46 (3.16%) Distributed Denial-of-Service
9 39 (2.68%) Cyber Attack
10 30 (2.06%) PKI
11 29 (1.99%) SCADA
12 25 (1.72%) Cyber Defence
13 24 (1.65%) Security Operations Centre
14 22 (1.51%) iPad
15 20 (1.38%) Cybercrime
15 20 (1.38%) Public Cloud
16 19 (1.31%) Clustering
17 18 (1.24%) CESG
18 15 (1.03%) Enterprise Software
19 14 (0.96%) Smartphone
Operating Systems
1 323 (22.21%) Windows
2 254 (17.47%) Linux
3 126 (8.67%) Unix
4 122 (8.39%) Windows Server
5 95 (6.53%) Apple iOS
6 82 (5.64%) Android
7 42 (2.89%) Mac OS X
8 39 (2.68%) Kali Linux
9 27 (1.86%) Windows Server 2008
10 15 (1.03%) Solaris
10 15 (1.03%) Windows Server 2012
11 13 (0.89%) Windows 7
12 12 (0.83%) VxWorks
13 6 (0.41%) VMS
14 3 (0.21%) Ubuntu
15 2 (0.14%) CentOS
15 2 (0.14%) Check Point GAiA
15 2 (0.14%) KNOPPIX
15 2 (0.14%) Red Hat Enterprise Linux
15 2 (0.14%) Windows 10
Processes & Methodologies
1 854 (58.73%) Information Security
2 593 (40.78%) Cybersecurity
3 295 (20.29%) SIEM
4 218 (14.99%) Vulnerability Scanning
5 217 (14.92%) ITIL
6 211 (14.51%) Security Architecture
7 205 (14.10%) Data Protection
8 202 (13.89%) Risk Management
9 198 (13.62%) Vulnerability Management
10 173 (11.90%) Agile Software Development
11 167 (11.49%) Vulnerability Assessment
12 166 (11.42%) Security Operations
13 149 (10.25%) Ethical Hacking
14 143 (9.83%) OWASP
15 132 (9.08%) Risk Assessment
15 132 (9.08%) Security Testing
16 100 (6.88%) Data Loss Prevention
17 95 (6.53%) Business Development
18 91 (6.26%) Security Management
19 88 (6.05%) Incident Management
Programming Languages
1 130 (8.94%) Java
2 126 (8.67%) Python
3 114 (7.84%) C
4 81 (5.57%) C++
5 67 (4.61%) SQL
6 53 (3.65%) C#
7 49 (3.37%) JavaScript
8 46 (3.16%) Ruby
9 45 (3.09%) PHP
10 42 (2.89%) Perl
11 41 (2.82%) Bash Shell
12 36 (2.48%) PowerShell
13 18 (1.24%) VB.NET
14 17 (1.17%) Objective-C
15 13 (0.89%) VB
16 10 (0.69%) Shell Script
17 9 (0.62%) VBScript
18 6 (0.41%) Ada
18 6 (0.41%) Scala
19 4 (0.28%) Groovy
Qualifications
1 506 (34.80%) CISSP
2 330 (22.70%) CISM
3 197 (13.55%) Degree
4 194 (13.34%) CREST Certified
5 163 (11.21%) Security Cleared
6 159 (10.94%) CEH
7 110 (7.57%) OSCP
8 101 (6.95%) Cisco Certification
9 94 (6.46%) GIAC
10 83 (5.71%) CISA
11 66 (4.54%) CCNA
11 66 (4.54%) CCNP
12 64 (4.40%) SANS
13 60 (4.13%) CHECK Team Leader
14 55 (3.78%) SC Cleared
15 51 (3.51%) CRISC
15 51 (3.51%) DV Cleared
16 47 (3.23%) Computer Science Degree
17 44 (3.03%) SSCP
18 42 (2.89%) CHECK Team Member
Quality Assurance & Compliance
1 502 (34.53%) ISO/IEC 27001
2 232 (15.96%) PCI DSS
3 134 (9.22%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
4 112 (7.70%) GDPR
5 69 (4.75%) Cyber Essentials
6 48 (3.30%) COBIT
7 23 (1.58%) Cyber Essentials PLUS
7 23 (1.58%) ISO 22301
8 21 (1.44%) ISO/IEC 27005
8 21 (1.44%) QA
9 20 (1.38%) Sarbanes-Oxley
10 15 (1.03%) SLA
11 11 (0.76%) NIST 800
12 9 (0.62%) HMG Security Policy Framework
13 7 (0.48%) ISO 31000
13 7 (0.48%) ISO 9001
13 7 (0.48%) MISRA
14 5 (0.34%) HIPAA
15 3 (0.21%) RMADS
16 2 (0.14%) PA-DSS
System Software
1 190 (13.07%) Active Directory
2 30 (2.06%) Hyper-V
2 30 (2.06%) VMware Infrastructure
3 27 (1.86%) ProxySG
4 23 (1.58%) Docker
5 15 (1.03%) vSphere
6 13 (0.89%) Virtual Machines
6 13 (0.89%) VMware ESXi
7 10 (0.69%) Firmware
8 8 (0.55%) Snort
9 4 (0.28%) XenApp
10 2 (0.14%) KVM
10 2 (0.14%) VirtualBox
11 1 (0.069%) LXC
11 1 (0.069%) OpenSIPS
11 1 (0.069%) Virtual Servers
11 1 (0.069%) VMware NSX
11 1 (0.069%) Xen
Systems Management
1 85 (5.85%) Nessus
2 39 (2.68%) Nmap
3 14 (0.96%) Computer Emergency Response Teams
4 13 (0.89%) Puppet
5 11 (0.76%) Core Impact
5 11 (0.76%) QRadar
6 10 (0.69%) Microsoft Clustering
6 10 (0.69%) SCOM
7 8 (0.55%) Ansible
7 8 (0.55%) HP Fortify
7 8 (0.55%) Opscode Chef
7 8 (0.55%) SCCM
8 7 (0.48%) Cisco CUCM
8 7 (0.48%) Kibana
8 7 (0.48%) logstash
8 7 (0.48%) McAfee ePO
8 7 (0.48%) Salt
9 6 (0.41%) Host Intrusion Detection System
9 6 (0.41%) Network Intrusion Detection System
9 6 (0.41%) WebInspect
Vendors
1 161 (11.07%) Cisco
2 114 (7.84%) Microsoft
3 80 (5.50%) CheckPoint
4 58 (3.99%) VMware
5 57 (3.92%) Splunk
6 49 (3.37%) Apple
7 40 (2.75%) Palo Alto
8 33 (2.27%) Blue Coat
8 33 (2.27%) Juniper
8 33 (2.27%) Qualys
9 29 (1.99%) Citrix
10 25 (1.72%) HP
11 21 (1.44%) Oracle
12 20 (1.38%) McAfee
13 18 (1.24%) Sophos
14 16 (1.10%) ArcSight
14 16 (1.10%) NetWitness
14 16 (1.10%) SolarWinds
15 15 (1.03%) IBM
16 13 (0.89%) Capita