Period
to 17 July 2018

The following table provides summary statistics for permanent job vacancies with a requirement for Penetration Testing skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited Penetration Testing over the 6 months to 17 July 2018 with a comparison to the same period in the previous 2 years.

Penetration Testing
UK
6 months to
17 Jul 2018
Same period 2017 Same period 2016
Rank 418 426 400
Rank change year-on-year +8 -26 +130
Permanent jobs citing Penetration Testing 1,264 1,275 1,636
As % of all permanent IT jobs advertised in the UK 0.72% 0.72% 0.80%
As % of the Processes & Methodologies category 0.79% 0.79% 0.89%
Number of salaries quoted 969 1,059 1,276
UK median annual salary £60,000 £55,000 £55,000
Median salary % change year-on-year +9.09% - +4.76%
10th Percentile £37,500 £33,750 £35,625
90th Percentile £90,000 £81,250 £83,750
UK excluding London median annual salary £52,500 £50,000 £50,000
% change year-on-year +5.00% - +8.70%

Penetration Testing is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

All Process and Methodology Skills
UK
Permanent vacancies with a requirement for process or methodology skills 159,438 161,090 183,017
As % of all permanent IT jobs advertised in the UK 90.68% 90.70% 90.02%
Number of salaries quoted 127,376 129,920 152,232
UK median annual salary £50,000 £49,000 £47,500
Median salary % change year-on-year +2.04% +3.16% -
10th Percentile £29,000 £28,000 £27,500
90th Percentile £82,500 £80,000 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +1.19%

Penetration Testing
Job Vacancy Trend

Job postings citing Penetration Testing as a percentage of all IT jobs advertised.

Job vacancy trend for Penetration Testing in the UK

Penetration Testing
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Penetration Testing.

Salary trend for Penetration Testing in the UK

Penetration Testing
Salary Histogram

The salary distribution of IT jobs citing Penetration Testing over the 6 months to 17 July 2018.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 17 July 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -2 1,197 £60,000 +9.09% 150
London +36 624 £65,000 +8.33% 72
UK excluding London -31 600 £52,500 +5.00% 83
North of England +39 188 £50,000 +2.56% 23
South East -83 172 £52,500 - 21
North West +40 120 £55,000 - 12
East of England +57 86 £60,000 +14.29% 12
Midlands -25 61 £52,500 +23.53% 18
Yorkshire +21 55 £45,000 - 10
South West +22 54 £50,000 +5.26% 4
West Midlands -30 45 £52,500 +23.53% 16
Scotland -45 18 £65,000 +73.33% 4
Wales +10 15 £36,412 -23.34%
East Midlands +7 14 £57,500 +53.33% 2
North East -10 13 £68,250 +13.75% 1
Northern Ireland - 6 £43,750 -

For the 6 months to 17 July 2018, IT jobs citing Penetration Testing also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1 542 (42.88%) Cybersecurity
2 534 (42.25%) Information Security
3 501 (39.64%) CISSP
4 327 (25.87%) Firewall
5 287 (22.71%) Windows
6 275 (21.76%) CISM
7 274 (21.68%) Linux
8 246 (19.46%) ISO/IEC 27001
9 232 (18.35%) Finance
10 225 (17.80%) SIEM
11 209 (16.53%) Agile Software Development
12 204 (16.14%) Ethical Hacking
13 189 (14.95%) Security Testing
13 189 (14.95%) Vulnerability Scanning
14 187 (14.79%) Security Architecture
15 178 (14.08%) Microsoft
16 176 (13.92%) TCP/IP
17 175 (13.84%) Degree
18 173 (13.69%) Network Security
19 167 (13.21%) OWASP
19 167 (13.21%) CREST Certified
20 166 (13.13%) Python
21 164 (12.97%) GDPR
22 162 (12.82%) Vulnerability Management
23 161 (12.74%) Java
24 157 (12.42%) SANS
25 151 (11.95%) CISA
26 149 (11.79%) CEH
27 145 (11.47%) OSCP
27 145 (11.47%) Security Operations

Penetration Testing
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 33 (2.61%) Apache Pig
2 22 (1.74%) IIS
3 20 (1.58%) SharePoint
4 18 (1.42%) CMS
4 18 (1.42%) MS Exchange
5 16 (1.27%) Confluence
6 13 (1.03%) WebSphere
7 12 (0.95%) Apache
8 11 (0.87%) Exchange Server 2013
9 10 (0.79%) Exchange Server 2010
9 10 (0.79%) Sitecore CMS
9 10 (0.79%) Skype for Business
10 9 (0.71%) Elasticsearch
10 9 (0.71%) Tomcat
11 8 (0.63%) WordPress
12 7 (0.55%) nginx
13 5 (0.40%) JBoss
14 3 (0.24%) Apache Spark
14 3 (0.24%) Drupal
15 2 (0.16%) SAS
Applications
1 32 (2.53%) Microsoft Office
2 15 (1.19%) Microsoft PowerPoint
3 14 (1.11%) MS Visio
4 3 (0.24%) Microsoft Excel
4 3 (0.24%) Microsoft Project
Business Applications
1 9 (0.71%) Remedy ITSM
2 4 (0.32%) Sentinel
3 3 (0.24%) Magento
4 2 (0.16%) Dynamics CRM
4 2 (0.16%) Dynamics NAV
5 1 (0.079%) Payment Gateway
5 1 (0.079%) SunGard APT
Cloud Services
1 131 (10.36%) Amazon AWS
2 128 (10.13%) Microsoft Azure
3 47 (3.72%) Google Cloud Platform
4 44 (3.48%) SaaS
5 30 (2.37%) Office 365
6 26 (2.06%) IaaS
7 23 (1.82%) Cloud Computing
8 20 (1.58%) PaaS
9 12 (0.95%) Virtual Private Cloud
10 11 (0.87%) Serverless
11 9 (0.71%) GitHub
12 5 (0.40%) Amazon S3
13 4 (0.32%) Amazon SQS
14 2 (0.16%) Amazon EC2
14 2 (0.16%) AWS Lambda
15 1 (0.079%) Amazon ELB
15 1 (0.079%) BlazeMeter
15 1 (0.079%) Cloudflare
15 1 (0.079%) OpenDNS
15 1 (0.079%) Route 53
Communications & Networking
1 327 (25.87%) Firewall
2 176 (13.92%) TCP/IP
3 173 (13.69%) Network Security
4 82 (6.49%) Intrusion Detection
5 76 (6.01%) Wireless
6 75 (5.93%) SSL
7 73 (5.78%) WAN
8 67 (5.30%) VPN
9 66 (5.22%) HTTP
10 62 (4.91%) Internet
11 60 (4.75%) DNS
12 53 (4.19%) LAN
13 46 (3.64%) IPsec
14 37 (2.93%) Cisco ASA
15 29 (2.29%) VoIP
16 25 (1.98%) Wireless Security
17 24 (1.90%) SAN
18 20 (1.58%) DHCP
18 20 (1.58%) MPLS
19 19 (1.50%) Cisco Nexus
Database & Business Intelligence
1 68 (5.38%) SQL Server
2 54 (4.27%) MySQL
3 43 (3.40%) Big Data
4 35 (2.77%) Hadoop
5 33 (2.61%) Apache Hive
6 15 (1.19%) NoSQL
7 10 (0.79%) Blockchain
8 9 (0.71%) MongoDB
9 6 (0.47%) SQL Server Integration Services
10 5 (0.40%) Microsoft Analysis Services
10 5 (0.40%) Redis
10 5 (0.40%) SQL Server Analysis Services
11 4 (0.32%) NonStop SQL
11 4 (0.32%) SQL Server 2014
12 3 (0.24%) Data Warehouse
12 3 (0.24%) Relational Database
13 2 (0.16%) GIS
13 2 (0.16%) Neo4j
13 2 (0.16%) PostgreSQL
13 2 (0.16%) RDBMS
Development Applications
1 74 (5.85%) JIRA
2 64 (5.06%) Git (software)
3 61 (4.83%) Selenium
4 48 (3.80%) Metasploit
5 34 (2.69%) Burp Suite
6 33 (2.61%) git-flow
6 33 (2.61%) Robot Framework
7 31 (2.45%) Atlassian Bamboo
7 31 (2.45%) Bitbucket
7 31 (2.45%) CodeSonar
8 19 (1.50%) Visual Studio
9 18 (1.42%) Jenkins
10 13 (1.03%) NUnit
11 11 (0.87%) AppScan
11 11 (0.87%) Cucumber
12 8 (0.63%) JUnit
12 8 (0.63%) webpack
13 7 (0.55%) Eclipse
13 7 (0.55%) Grunt
13 7 (0.55%) gulp
General
1 232 (18.35%) Finance
2 69 (5.46%) Retail
3 64 (5.06%) Banking
3 64 (5.06%) Legal
4 27 (2.14%) Telecoms
5 22 (1.74%) Investment Banking
6 21 (1.66%) Advertising
7 17 (1.34%) Games
8 13 (1.03%) Law
9 12 (0.95%) Financial Institution
9 12 (0.95%) Marketing
9 12 (0.95%) Publishing
10 10 (0.79%) Billing
11 6 (0.47%) Corporate Banking
11 6 (0.47%) Retail Banking
12 5 (0.40%) Automotive
13 4 (0.32%) Back Office
14 3 (0.24%) Brand Awareness
14 3 (0.24%) Electronics
14 3 (0.24%) Pharmaceutical
Job Titles
1 203 (16.06%) Tester
2 194 (15.35%) Security Engineer
3 192 (15.19%) Analyst
4 190 (15.03%) Penetration Tester
5 147 (11.63%) Security Analyst
6 125 (9.89%) Consultant
7 117 (9.26%) Security Manager
8 106 (8.39%) Security Consultant
9 97 (7.67%) Security Specialist
10 68 (5.38%) Architect
11 66 (5.22%) Information Manager
11 66 (5.22%) Information Security Manager
12 59 (4.67%) Security Architect
13 52 (4.11%) Cybersecurity Analyst
14 42 (3.32%) Senior Tester
14 42 (3.32%) Software Engineer
15 41 (3.24%) Network Engineer
15 41 (3.24%) Senior Penetration Tester
16 37 (2.93%) Infrastructure Engineer
16 37 (2.93%) Network Security Engineer
Libraries, Frameworks & Software Standards
1 71 (5.62%) .NET
2 67 (5.30%) Node.js
3 52 (4.11%) HTML
4 50 (3.96%) REST
5 45 (3.56%) CSS
6 44 (3.48%) .NET Framework
7 42 (3.32%) ASP.NET
8 39 (3.09%) Django
9 38 (3.01%) SOAP
10 36 (2.85%) LAMP
10 36 (2.85%) RabbitMQ
11 35 (2.77%) Java EE
12 34 (2.69%) Web Services
13 33 (2.61%) STL
14 32 (2.53%) Spring MVC
15 20 (1.58%) Ajax
15 20 (1.58%) RESTful
16 19 (1.50%) Laravel
16 19 (1.50%) WCF
17 18 (1.42%) JSON
Miscellaneous
1 115 (9.10%) Management Information System
2 77 (6.09%) Mobile App
3 76 (6.01%) Analytical Skills
4 68 (5.38%) Data Protection Act
5 64 (5.06%) Computer Science
6 61 (4.83%) Fintech
7 46 (3.64%) Data Centre
8 43 (3.40%) Security Operations Centre
9 41 (3.24%) Cyberattack
10 39 (3.09%) Self-Motivation
11 35 (2.77%) Cyber Defence
11 35 (2.77%) Cyberthreat
12 26 (2.06%) Greenfield Project
12 26 (2.06%) Public Cloud
13 25 (1.98%) Blog
13 25 (1.98%) Distributed Denial-of-Service
14 20 (1.58%) PKI
15 17 (1.34%) Cyber Kill Chain
16 16 (1.27%) CESG
17 14 (1.11%) Virtual Team
Operating Systems
1 287 (22.71%) Windows
2 274 (21.68%) Linux
3 75 (5.93%) Windows Server
4 74 (5.85%) Unix
5 67 (5.30%) Apple iOS
6 62 (4.91%) Android
7 56 (4.43%) Mac OS X
8 28 (2.22%) Windows Server 2008
9 26 (2.06%) Kali Linux
10 18 (1.42%) Windows Server 2012
11 12 (0.95%) Solaris
12 6 (0.47%) Ubuntu
13 5 (0.40%) CentOS
13 5 (0.40%) Red Hat Enterprise Linux
14 4 (0.32%) Windows 8
14 4 (0.32%) Windows Mobile
15 3 (0.24%) AIX
15 3 (0.24%) Check Point GAiA
15 3 (0.24%) Windows 10
15 3 (0.24%) Windows 7
Processes & Methodologies
1 542 (42.88%) Cybersecurity
2 534 (42.25%) Information Security
3 225 (17.80%) SIEM
4 209 (16.53%) Agile Software Development
5 204 (16.14%) Ethical Hacking
6 189 (14.95%) Security Testing
6 189 (14.95%) Vulnerability Scanning
7 187 (14.79%) Security Architecture
8 167 (13.21%) OWASP
9 162 (12.82%) Vulnerability Management
10 145 (11.47%) Security Operations
11 129 (10.21%) Risk Management
12 128 (10.13%) Data Protection
13 117 (9.26%) Vulnerability Assessment
14 116 (9.18%) ITIL
15 95 (7.52%) Problem-Solving
15 95 (7.52%) Test Automation
16 90 (7.12%) Scrum
17 87 (6.88%) Software Engineering
18 85 (6.72%) Stakeholder Management
Programming Languages
1 166 (13.13%) Python
2 161 (12.74%) Java
3 115 (9.10%) PHP
4 106 (8.39%) C#
5 103 (8.15%) C++
6 91 (7.20%) C
7 87 (6.88%) PowerShell
8 84 (6.65%) JavaScript
9 71 (5.62%) Bash Shell
10 69 (5.46%) Ruby
10 69 (5.46%) SQL
11 63 (4.98%) Perl
12 45 (3.56%) Objective-C
13 18 (1.42%) Go
14 14 (1.11%) Shell Script
15 6 (0.47%) Assembly Language
16 3 (0.24%) VB
16 3 (0.24%) VB.NET
17 2 (0.16%) T-SQL
18 1 (0.079%) R
Qualifications
1 501 (39.64%) CISSP
2 275 (21.76%) CISM
3 175 (13.84%) Degree
4 167 (13.21%) CREST Certified
5 157 (12.42%) SANS
6 151 (11.95%) CISA
7 149 (11.79%) CEH
8 145 (11.47%) OSCP
9 139 (11.00%) Security Cleared
10 124 (9.81%) Cisco Certification
11 83 (6.57%) GIAC
12 72 (5.70%) CCNA
13 56 (4.43%) CSSLP
14 53 (4.19%) DV Cleared
14 53 (4.19%) SSCP
15 48 (3.80%) CompTIA Security+
16 47 (3.72%) Microsoft Certification
16 47 (3.72%) SC Cleared
17 42 (3.32%) MCSE
18 39 (3.09%) CCNP
Quality Assurance & Compliance
1 246 (19.46%) ISO/IEC 27001
2 164 (12.97%) GDPR
3 129 (10.21%) PCI DSS
4 58 (4.59%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
5 47 (3.72%) QA
6 45 (3.56%) GCP
7 39 (3.09%) Cyber Essentials
8 38 (3.01%) HIPAA
9 26 (2.06%) COBIT
10 15 (1.19%) Sarbanes-Oxley
10 15 (1.19%) SLA
11 13 (1.03%) ISO 22301
12 9 (0.71%) ISO 9001
13 8 (0.63%) Cyber Essentials PLUS
14 5 (0.40%) GPG13
14 5 (0.40%) MiFID
15 4 (0.32%) Web Application Security Consortium
16 3 (0.24%) RMADS
17 2 (0.16%) COSO
17 2 (0.16%) ISO/IEC 27005
System Software
1 76 (6.01%) Active Directory
2 50 (3.96%) Docker
3 33 (2.61%) vSphere
4 26 (2.06%) VMware Infrastructure
5 17 (1.34%) Firmware
5 17 (1.34%) Hyper-V
6 10 (0.79%) VMware Server
7 6 (0.47%) VirtualBox
8 5 (0.40%) Virtual Machines
9 4 (0.32%) ProxySG
10 3 (0.24%) NFS
10 3 (0.24%) Snort
11 2 (0.16%) Apache Flume
11 2 (0.16%) HDFS
11 2 (0.16%) iptables
11 2 (0.16%) Samba
11 2 (0.16%) VMware ESXi
12 1 (0.079%) Virtual Servers
Systems Management
1 71 (5.62%) Nessus
2 42 (3.32%) Puppet
3 32 (2.53%) Salt
4 17 (1.34%) Nmap
5 15 (1.19%) Opscode Chef
6 13 (1.03%) Cisco CUCM
6 13 (1.03%) Cisco UCCX
7 12 (0.95%) Single Sign-On
8 11 (0.87%) TrustSec
9 9 (0.71%) Network Intrusion Detection System
9 9 (0.71%) SCCM
10 8 (0.63%) Ansible
10 8 (0.63%) Kubernetes
11 7 (0.55%) QRadar
11 7 (0.55%) WebInspect
12 6 (0.47%) Core Impact
12 6 (0.47%) HP ALM
13 5 (0.40%) Kibana
13 5 (0.40%) Plesk
13 5 (0.40%) Terraform
Vendors
1 178 (14.08%) Microsoft
2 105 (8.31%) Cisco
3 45 (3.56%) Qualys
4 37 (2.93%) Juniper
4 37 (2.93%) VMware
5 36 (2.85%) CheckPoint
6 33 (2.61%) Veracode
7 32 (2.53%) Splunk
8 28 (2.22%) HP
9 26 (2.06%) Capita
10 23 (1.82%) SolarWinds
11 20 (1.58%) F5
12 15 (1.19%) Blue Coat
12 15 (1.19%) EMC
13 13 (1.03%) Dell
13 13 (1.03%) Salesforce.com
14 12 (0.95%) ATG
14 12 (0.95%) hybris
14 12 (0.95%) Palo Alto
15 11 (0.87%) Sitecore