Period
to 20 October 2020

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 20 October 2020 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
20 Oct 2020
Same period 2019 Same period 2018
Rank 330 388 403
Rank change year-on-year +58 +15 -10
Permanent jobs citing Penetration Testing 423 1,040 1,290
As % of all permanent jobs advertised in the UK 0.87% 0.76% 0.79%
As % of the Processes & Methodologies category 0.94% 0.83% 0.86%
Number of salaries quoted 366 876 1,094
Median annual salary £60,000 £61,500 £60,000
Median salary % change year-on-year -2.44% +2.50% +9.09%
10th Percentile £36,250 £36,250 £37,500
90th Percentile £90,000 £100,000 £85,000
UK excluding London median annual salary £57,500 £55,000 £52,500
% change year-on-year +4.55% +4.76% +5.00%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 45,139 125,482 150,299
As % of all permanent IT jobs advertised in the UK 92.43% 92.23% 91.93%
Number of salaries quoted 37,179 98,719 119,605
Median annual salary £55,000 £52,500 £50,000
Median salary % change year-on-year +4.76% +5.00% -
10th Percentile £33,000 £30,000 £29,000
90th Percentile £90,000 £86,250 £83,750
UK excluding London median annual salary £49,000 £45,000 £45,000
% change year-on-year +8.89% - +5.88%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a proportion of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

3-month moving average salary quoted in jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 20 October 2020.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 20 October 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +40 352 £60,000 -4.00% 90
UK excluding London +46 213 £57,500 +4.55% 51
London +87 172 £65,000 -13.33% 40
Work from Home -12 54 £55,138 -26.48% 18
South East +114 51 £62,500 +4.17% 14
Midlands +55 51 £56,250 +7.14% 8
North of England +133 50 £47,500 -8.83% 13
West Midlands +35 41 £57,500 - 4
Scotland +110 32 £53,255 +12.12% 2
North West +118 24 £57,500 +15.00% 11
Yorkshire +108 24 £37,500 -31.82% 2
Wales +40 12 £41,500 -1.19%
South West +26 12 £34,000 -38.18% 7
East Midlands +79 9 £43,500 -13.00% 4
East of England +73 5 £45,000 -18.18% 7
North East +21 2 £36,500 -29.94%

For the 6 months to 20 October 2020, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 223 (52.72%) Cybersecurity
2 196 (46.34%) Information Security
3 114 (26.95%) Firewall
4 104 (24.59%) Finance
4 104 (24.59%) SIEM
5 91 (21.51%) CISSP
6 87 (20.57%) Security Operations
7 85 (20.09%) AWS
8 83 (19.62%) ISO/IEC 27001
9 79 (18.68%) Azure
10 77 (18.20%) Threat Intelligence
11 76 (17.97%) Windows
11 76 (17.97%) Linux
12 74 (17.49%) Security Testing
13 72 (17.02%) Microsoft
14 69 (16.31%) OWASP
15 67 (15.84%) Python
16 65 (15.37%) Cyber Threat Intelligence
17 61 (14.42%) Vulnerability Scanning
17 61 (14.42%) Vulnerability Management
18 60 (14.18%) CREST Certified
19 57 (13.48%) CISM
20 56 (13.24%) Degree
21 55 (13.00%) DevOps
22 53 (12.53%) Office 365
23 50 (11.82%) Mobile App
23 50 (11.82%) Risk Management
24 48 (11.35%) Java
25 45 (10.64%) Management Information System
26 44 (10.40%) Agile Software Development

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 3 (0.71%) IIS
2 1 (0.24%) BizTalk Server
2 1 (0.24%) Confluence
2 1 (0.24%) Elasticsearch
2 1 (0.24%) SharePoint
Applications
1 2 (0.47%) Adobe Creative Suite
2 1 (0.24%) Microsoft PowerPoint
Business Applications
1 11 (2.60%) Sentinel
2 1 (0.24%) Actimize
2 1 (0.24%) Dynamics AX
2 1 (0.24%) Dynamics NAV
2 1 (0.24%) NetSuite
Cloud Services
1 85 (20.09%) AWS
2 79 (18.68%) Azure
3 53 (12.53%) Office 365
4 37 (8.75%) SaaS
5 26 (6.15%) GCP
6 12 (2.84%) AWS CloudFormation
7 11 (2.60%) IaaS
8 10 (2.36%) Amazon GuardDuty
8 10 (2.36%) Logic Apps
8 10 (2.36%) PaaS
8 10 (2.36%) Virtual Private Cloud
9 9 (2.13%) Cloud Computing
10 5 (1.18%) Mimecast
11 4 (0.95%) BrowserStack
11 4 (0.95%) Power Platform
12 2 (0.47%) Google Analytics
13 1 (0.24%) Azure Active Directory
13 1 (0.24%) BPaaS
13 1 (0.24%) Dynamics 365
13 1 (0.24%) G Suite
Communications & Networking
1 114 (26.95%) Firewall
2 35 (8.27%) VPN
3 32 (7.57%) Wireless
4 30 (7.09%) Internet
5 28 (6.62%) TCP/IP
6 25 (5.91%) WAN
6 25 (5.91%) Wireshark
7 24 (5.67%) LAN
8 22 (5.20%) DNS
9 21 (4.96%) Network Security
10 16 (3.78%) Intrusion Detection
11 13 (3.07%) SSL
12 11 (2.60%) Wireless Security
13 10 (2.36%) DKIM
13 10 (2.36%) DMARC
14 7 (1.65%) CTI
14 7 (1.65%) Software-Defined Networking
15 6 (1.42%) HTTP
16 5 (1.18%) VLAN
16 5 (1.18%) X.509
Database & Business Intelligence
1 12 (2.84%) SQL Server
2 11 (2.60%) PostgreSQL
3 6 (1.42%) MongoDB
3 6 (1.42%) Redis
4 5 (1.18%) NoSQL
5 4 (0.95%) Power BI
6 3 (0.71%) DB2
6 3 (0.71%) Relational Database
7 2 (0.47%) Big Data
7 2 (0.47%) Blockchain
7 2 (0.47%) EDRMS
7 2 (0.47%) MySQL
7 2 (0.47%) RDBMS
7 2 (0.47%) SQL Server 2014
8 1 (0.24%) Cosmos DB
8 1 (0.24%) SQL Server Integration Services
Development Applications
1 26 (6.15%) Metasploit
2 13 (3.07%) JIRA
2 13 (3.07%) Selenium
3 10 (2.36%) Burp Suite
4 8 (1.89%) Git (software)
5 7 (1.65%) WebScarab
6 6 (1.42%) HP UFT
7 5 (1.18%) eggPlant
7 5 (1.18%) Jenkins
7 5 (1.18%) JMeter
7 5 (1.18%) Visual Studio
8 4 (0.95%) Appium
8 4 (0.95%) IDA Disassembler
8 4 (0.95%) LoadRunner
8 4 (0.95%) OllyDbg
8 4 (0.95%) WinDbg
9 3 (0.71%) GitLab
9 3 (0.71%) IntelliJ
9 3 (0.71%) Snyk
9 3 (0.71%) Team Foundation Server
General
1 104 (24.59%) Finance
2 23 (5.44%) Manufacturing
3 21 (4.96%) Law
3 21 (4.96%) Retail
4 19 (4.49%) Banking
5 14 (3.31%) Legal
6 9 (2.13%) Investment Banking
7 5 (1.18%) Automotive
7 5 (1.18%) Public Sector
8 4 (0.95%) Aerospace
8 4 (0.95%) Games
8 4 (0.95%) Marketing
8 4 (0.95%) Publishing
8 4 (0.95%) Retail Banking
9 3 (0.71%) Telecoms
10 2 (0.47%) Mandarin Language
11 1 (0.24%) French Language
11 1 (0.24%) German Language
11 1 (0.24%) Italian Language
11 1 (0.24%) Russian Language
Job Titles
1 96 (22.70%) Analyst
2 80 (18.91%) Security Analyst
3 60 (14.18%) Security Engineer
4 46 (10.87%) Penetration Tester
4 46 (10.87%) Tester
5 32 (7.57%) Consultant
6 28 (6.62%) Security Consultant
7 22 (5.20%) Information Analyst
7 22 (5.20%) Information Security Analyst
8 21 (4.96%) Architect
9 17 (4.02%) Security Manager
10 15 (3.55%) SOC Analyst
11 14 (3.31%) Cybersecurity Engineer
12 13 (3.07%) Cybersecurity Analyst
12 13 (3.07%) IT Analyst
13 12 (2.84%) Cybersecurity Consultant
13 12 (2.84%) IT Security Analyst
13 12 (2.84%) Junior
14 11 (2.60%) Security Architect
14 11 (2.60%) Security Specialist
Libraries, Frameworks & Software Standards
1 37 (8.75%) .NET
2 21 (4.96%) Web Services
3 18 (4.26%) React
4 15 (3.55%) .NET Framework
5 13 (3.07%) YAML
6 12 (2.84%) OAuth
6 12 (2.84%) SAML
7 11 (2.60%) OpenID
8 8 (1.89%) OAuth2
9 6 (1.42%) AngularJS
10 5 (1.18%) CSS
10 5 (1.18%) HTML
10 5 (1.18%) LDAP
11 4 (0.95%) 802.1X
11 4 (0.95%) Twitter Bootstrap
11 4 (0.95%) Velocity
12 3 (0.71%) Middleware
12 3 (0.71%) SOAP
13 2 (0.47%) ASP.NET
13 2 (0.47%) WinForms
Miscellaneous
1 50 (11.82%) Mobile App
2 45 (10.64%) Management Information System
3 42 (9.93%) Cyberthreat
4 34 (8.04%) Security Operations Centre
5 30 (7.09%) Cybercrime
6 28 (6.62%) Analytical Skills
7 26 (6.15%) Cyberattack
8 17 (4.02%) PKI
9 14 (3.31%) Public Cloud
10 13 (3.07%) Distributed Denial-of-Service
10 13 (3.07%) Internet of Things
11 11 (2.60%) Cloud Native
11 11 (2.60%) Self-Motivation
12 9 (2.13%) Cyber Defence
12 9 (2.13%) Hybrid Cloud
13 8 (1.89%) Cyber Kill Chain
14 7 (1.65%) Driving Licence
14 7 (1.65%) Robotics
15 6 (1.42%) BYOD
15 6 (1.42%) Data Protection Act
Operating Systems
1 76 (17.97%) Linux
1 76 (17.97%) Windows
2 21 (4.96%) Mac OS
2 21 (4.96%) Windows Server
3 18 (4.26%) Kali Linux
4 16 (3.78%) Unix
5 7 (1.65%) Android
5 7 (1.65%) Apple iOS
5 7 (1.65%) Solaris
5 7 (1.65%) Windows XP
6 6 (1.42%) Windows Server 2016
7 5 (1.18%) Windows Server 2012
8 4 (0.95%) Mac OS X
8 4 (0.95%) Ubuntu
9 3 (0.71%) Windows Server 2019
10 2 (0.47%) Windows Server 2008
11 1 (0.24%) Red Hat Enterprise Linux
11 1 (0.24%) VMS
Processes & Methodologies
1 223 (52.72%) Cybersecurity
2 196 (46.34%) Information Security
3 104 (24.59%) SIEM
4 87 (20.57%) Security Operations
5 77 (18.20%) Threat Intelligence
6 74 (17.49%) Security Testing
7 69 (16.31%) OWASP
8 65 (15.37%) Cyber Threat Intelligence
9 61 (14.42%) Vulnerability Management
9 61 (14.42%) Vulnerability Scanning
10 55 (13.00%) DevOps
11 50 (11.82%) Risk Management
12 44 (10.40%) Agile Software Development
12 44 (10.40%) Threat Modelling
13 43 (10.17%) Open Source
14 41 (9.69%) Digital Forensics
15 37 (8.75%) Problem-Solving
15 37 (8.75%) Security Architecture
16 34 (8.04%) Red Team
16 34 (8.04%) Security Monitoring
Programming Languages
1 67 (15.84%) Python
2 48 (11.35%) Java
3 41 (9.69%) SQL
4 26 (6.15%) Bash Shell
4 26 (6.15%) PowerShell
5 19 (4.49%) C++
6 18 (4.26%) C#
7 15 (3.55%) C
8 14 (3.31%) JavaScript
9 6 (1.42%) Shell Script
10 4 (0.95%) PHP
10 4 (0.95%) TypeScript
11 3 (0.71%) Apex Code
11 3 (0.71%) Go
11 3 (0.71%) Perl
12 1 (0.24%) Lua
12 1 (0.24%) Ruby
12 1 (0.24%) VB.NET
12 1 (0.24%) VBA
Qualifications
1 91 (21.51%) CISSP
2 60 (14.18%) CREST Certified
3 57 (13.48%) CISM
4 56 (13.24%) Degree
5 43 (10.17%) Cisco Certification
5 43 (10.17%) Security Cleared
6 38 (8.98%) SC Cleared
7 37 (8.75%) CEH
8 30 (7.09%) OSCP
9 27 (6.38%) SANS
10 24 (5.67%) GCIH
11 22 (5.20%) CCNA
12 21 (4.96%) GCIA
13 20 (4.73%) (ISC)2 CCSP
14 18 (4.26%) CISA
14 18 (4.26%) Microsoft Certification
15 17 (4.02%) CSSLP
16 15 (3.55%) CHECK Team Leader
17 14 (3.31%) GIAC
18 13 (3.07%) MCSE
Quality Assurance & Compliance
1 83 (19.62%) ISO/IEC 27001
2 39 (9.22%) NIST
3 38 (8.98%) PCI DSS
4 34 (8.04%) GDPR
5 33 (7.80%) Cyber Essentials
6 15 (3.55%) ISO 9001
6 15 (3.55%) QA
7 12 (2.84%) COBIT
8 11 (2.60%) HMG Security Policy Framework
9 10 (2.36%) Cyber Essentials PLUS
10 9 (2.13%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
11 8 (1.89%) SLA
12 7 (1.65%) ISO 22301
12 7 (1.65%) NCSC
13 6 (1.42%) Sarbanes-Oxley
14 3 (0.71%) BS7799
14 3 (0.71%) GLBA
15 2 (0.47%) IASME
16 1 (0.24%) 21 CFR Part 11
16 1 (0.24%) ITGC
System Software
1 37 (8.75%) Active Directory
2 27 (6.38%) Docker
3 11 (2.60%) VMware Infrastructure
4 10 (2.36%) Snort
5 8 (1.89%) Firmware
6 6 (1.42%) Hyper-V
6 6 (1.42%) vSphere
7 4 (0.95%) BitLocker
8 1 (0.24%) VMware ESXi
Systems Management
1 32 (7.57%) Kubernetes
2 20 (4.73%) Terraform
3 18 (4.26%) Ansible
3 18 (4.26%) Nessus
4 13 (3.07%) CSIRT
5 9 (2.13%) Puppet
6 7 (1.65%) Core Impact
6 7 (1.65%) Nexpose
6 7 (1.65%) SCCM
7 5 (1.18%) Computer Incident Response Team
8 4 (0.95%) CASB
8 4 (0.95%) HP ALM
8 4 (0.95%) HP Fortify
8 4 (0.95%) Microsoft Intune
8 4 (0.95%) Norton AntiVirus
8 4 (0.95%) Prometheus
9 3 (0.71%) Grafana
9 3 (0.71%) HP Quality Center
9 3 (0.71%) Network Intrusion Detection System
10 2 (0.47%) Computer Emergency Response Teams
Vendors
1 72 (17.02%) Microsoft
2 30 (7.09%) Cisco
3 25 (5.91%) Google
4 20 (4.73%) VMware
5 17 (4.02%) Splunk
6 11 (2.60%) CheckPoint
6 11 (2.60%) LogRhythm
6 11 (2.60%) Oracle
7 10 (2.36%) HP
8 9 (2.13%) McAfee
9 8 (1.89%) AlienVault
9 8 (1.89%) Qualys
10 6 (1.42%) SolarWinds
11 5 (1.18%) Dell
11 5 (1.18%) Red Hat
12 4 (0.95%) Carbon Black
12 4 (0.95%) IBM
12 4 (0.95%) Proofpoint
12 4 (0.95%) Veeam
12 4 (0.95%) Zscaler