OWASP Jobs, Co-occurring Skills & Salary Benchmarking

Open Web Application Security Project (OWASP)
UK

The following table provides summary statistics for permanent job vacancies with a requirement for OWASP skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited OWASP over the 6 months to 1 June 2024 with a comparison to the same period in the previous 2 years.

Location	6 months to 1 Jun 2024	Same period 2023	Same period 2022
Rank	609	608	559
Rank change year-on-year	-1	-49	-54
Permanent jobs citing OWASP	318	366	985
As % of all permanent jobs advertised in the UK	0.30%	0.39%	0.58%
As % of the Processes & Methodologies category	0.36%	0.41%	0.61%
Number of salaries quoted	221	190	490
10^th Percentile	£50,500	£45,000	£42,500
25^th Percentile	£57,500	£56,750	£52,500
Median annual salary (50^th Percentile)	£70,000	£83,250	£67,500
Median % change year-on-year	-15.92%	+23.33%	-3.57%
75^th Percentile	£84,919	£95,000	£83,750
90^th Percentile	£96,250	£115,000	£100,000
UK excluding London median annual salary	£70,000	£70,000	£57,500
% change year-on-year	-	+21.74%	-4.17%

All Process and Methodology Skills
UK

OWASP is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	87,829	90,354	161,874
As % of all permanent jobs advertised in the UK	83.68%	95.46%	95.93%
Number of salaries quoted	61,251	54,292	82,971
10^th Percentile	£29,250	£34,000	£33,500
25^th Percentile	£40,000	£45,000	£43,750
Median annual salary (50^th Percentile)	£55,000	£60,800	£60,000
Median % change year-on-year	-9.54%	+1.33%	+9.09%
75^th Percentile	£72,500	£81,250	£80,000
90^th Percentile	£92,500	£100,000	£96,250
UK excluding London median annual salary	£50,000	£55,000	£52,500
% change year-on-year	-9.09%	+4.76%	+9.38%

OWASP
Job Vacancy Trend

Job postings citing OWASP as a proportion of all IT jobs advertised.

OWASP
Salary Trend

3-month moving average salary quoted in jobs citing OWASP.

OWASP
Salary Histogram

Salary distribution for jobs citing OWASP over the 6 months to 1 June 2024.

OWASP
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing OWASP within the UK over the 6 months to 1 June 2024. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	+2	289	£70,000	-17.65%	57
UK excluding London	-4	187	£70,000	-	32
Work from Home	+68	173	£70,000	-12.10%	36
London	+46	107	£70,000	-18.84%	26
South East	+28	70	£70,000	-6.67%	14
North of England	+19	47	£74,921	+36.22%	9
South West	-4	37	£71,991	+1.04%	4
North West	-9	32	£61,206	+36.01%	8
East of England	-2	17	£65,000	-27.78%	1
Yorkshire	+50	11	£79,842	-15.96%	1
Midlands	-13	7	£77,500	+31.91%	2
West Midlands	-14	7	£77,500	+31.91%	1
Scotland	-79	7	£33,250	-46.96%
North East	-	4	£79,842	-
Wales	-	2	£72,500	-

OWASP
Top 30 Co-occurring Skills and Capabilities

For the 6 months to 1 June 2024, job vacancies citing OWASP also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for OWASP.

1	156 (49.06%)	Azure
2	112 (35.22%)	Agile
3	104 (32.70%)	JavaScript
3	104 (32.70%)	Application Security
4	95 (29.87%)	AWS
5	92 (28.93%)	Information Security
6	91 (28.62%)	NIST
7	90 (28.30%)	Cybersecurity
8	89 (27.99%)	Social Skills
9	85 (26.73%)	CI/CD
9	85 (26.73%)	CISSP
10	81 (25.47%)	C#
11	78 (24.53%)	SQL
12	76 (23.90%)	.NET
13	69 (21.70%)	Mentoring

14	68 (21.38%)	Finance
15	67 (21.07%)	CISM
16	66 (20.75%)	Microsoft
16	66 (20.75%)	Secure Coding
17	63 (19.81%)	Docker
18	62 (19.50%)	DevOps
19	60 (18.87%)	Management Information System
20	59 (18.55%)	Security Architecture
21	57 (17.92%)	Git
21	57 (17.92%)	Microservices
21	57 (17.92%)	Kubernetes
22	55 (17.30%)	Test Automation
22	55 (17.30%)	REST
23	54 (16.98%)	Penetration Testing
24	52 (16.35%)	Problem-Solving

OWASP
Co-occurring Skills and Capabilities by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same employment type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
Cloud Services
Communications & Networking
Database & Business Intelligence
Development Applications
General
Job Titles
Libraries, Frameworks & Software Standards
Miscellaneous
Operating Systems
Processes & Methodologies
Programming Languages
Qualifications
Quality Assurance & Compliance
System Software
Systems Management
Vendors

Application Platforms
1	14 (4.40%)	CMS
2	8 (2.52%)	Confluence
3	6 (1.89%)	EPiServer
4	5 (1.57%)	IIS
5	3 (0.94%)	Apache
5	3 (0.94%)	Apache Spark
5	3 (0.94%)	NServiceBus

Cloud Services
1	156 (49.06%)	Azure
2	95 (29.87%)	AWS
3	40 (12.58%)	SaaS
4	39 (12.26%)	Azure DevOps
5	19 (5.97%)	Serverless
6	13 (4.09%)	Cloud Computing
7	12 (3.77%)	Entra ID
8	11 (3.46%)	PaaS
9	10 (3.14%)	IaaS
10	8 (2.52%)	Microsoft 365
10	8 (2.52%)	Power Platform
11	7 (2.20%)	AWS Lambda
11	7 (2.20%)	Azure Monitor
11	7 (2.20%)	Pulumi
12	6 (1.89%)	Azure API Management
12	6 (1.89%)	Azure Key Vault
12	6 (1.89%)	Azure Service Bus
12	6 (1.89%)	Azure Service Fabric
13	4 (1.26%)	Azure Sentinel
13	4 (1.26%)	Azure Storage

Communications & Networking
1	35 (11.01%)	Network Security
2	33 (10.38%)	SD-WAN
2	33 (10.38%)	WAN
3	27 (8.49%)	Firewall
4	18 (5.66%)	Internet
5	16 (5.03%)	Intrusion Detection
6	13 (4.09%)	Wireless
7	7 (2.20%)	VoIP
8	6 (1.89%)	VPN
9	2 (0.63%)	DNS
9	2 (0.63%)	SSL
9	2 (0.63%)	TCP/IP
9	2 (0.63%)	Wireshark

Database & Business Intelligence
1	42 (13.21%)	SQL Server
2	19 (5.97%)	Oracle Database
3	9 (2.83%)	MongoDB
4	8 (2.52%)	Azure SQL Database
5	7 (2.20%)	Power BI
6	4 (1.26%)	InfluxDB
6	4 (1.26%)	Relational Database
7	3 (0.94%)	Elasticsearch
7	3 (0.94%)	Redis
7	3 (0.94%)	SQL Server Analysis Services
7	3 (0.94%)	SQL Server Integration Services
7	3 (0.94%)	SQL Server Reporting Services
8	2 (0.63%)	MySQL
9	1 (0.31%)	Big Data
9	1 (0.31%)	Data Lake
9	1 (0.31%)	Data Warehouse
9	1 (0.31%)	MariaDB
9	1 (0.31%)	NoSQL
9	1 (0.31%)	OLTP

Development Applications
1	57 (17.92%)	Git
2	28 (8.81%)	Visual Studio
3	18 (5.66%)	NUnit
4	17 (5.35%)	Oracle APEX
5	14 (4.40%)	Burp Suite
6	13 (4.09%)	Metasploit
7	12 (3.77%)	Jenkins
8	10 (3.14%)	Selenium
9	8 (2.52%)	JIRA
9	8 (2.52%)	Postman
10	7 (2.20%)	Jasmine
10	7 (2.20%)	SoapUI
10	7 (2.20%)	Team Foundation Server
10	7 (2.20%)	TeamCity
10	7 (2.20%)	Visual Studio Code
11	6 (1.89%)	MSTest
12	4 (1.26%)	JMeter
12	4 (1.26%)	Moq
12	4 (1.26%)	Sonatype Nexus
13	3 (0.94%)	GitLab

General
1	89 (27.99%)	Social Skills
2	68 (21.38%)	Finance
3	33 (10.38%)	Marketing
4	26 (8.18%)	Law
5	25 (7.86%)	Analytical Skills
6	20 (6.29%)	Inclusion and Diversity
7	17 (5.35%)	Public Sector
8	13 (4.09%)	Banking
9	11 (3.46%)	Retail
10	10 (3.14%)	Aerospace
10	10 (3.14%)	Automotive
10	10 (3.14%)	Telecoms
11	8 (2.52%)	Legal
12	6 (1.89%)	Presentation Skills
13	4 (1.26%)	Welsh Language
14	2 (0.63%)	Back Office
14	2 (0.63%)	Influencing Skills
14	2 (0.63%)	Police
15	1 (0.31%)	Mandarin Language

Job Titles
1	94 (29.56%)	Architect
2	93 (29.25%)	Senior
3	78 (24.53%)	Developer
4	67 (21.07%)	Security Architect
5	60 (18.87%)	Lead
6	35 (11.01%)	Security Manager
6	35 (11.01%)	Senior Developer
7	33 (10.38%)	Lead Architect
8	27 (8.49%)	Lead Security Architect
9	26 (8.18%)	Analyst
10	25 (7.86%)	.NET Developer
10	25 (7.86%)	Technical Architect
11	23 (7.23%)	Security Analyst
11	23 (7.23%)	Software Developer
12	17 (5.35%)	Senior Analyst
13	16 (5.03%)	Senior Security Analyst
14	14 (4.40%)	Full Stack Developer
14	14 (4.40%)	Lead Developer
15	13 (4.09%)	Lead .NET Developer
16	12 (3.77%)	Security Consultant

Libraries, Frameworks & Software Standards
1	76 (23.90%)	.NET
2	55 (17.30%)	REST
3	40 (12.58%)	React
4	38 (11.95%)	HTML
5	37 (11.64%)	JSON
6	33 (10.38%)	ASP.NET
6	33 (10.38%)	CSS
7	27 (8.49%)	.NET Framework
8	26 (8.18%)	SOAP
9	25 (7.86%)	Web Services
10	18 (5.66%)	jQuery
10	18 (5.66%)	OAuth
11	17 (5.35%)	AngularJS
11	17 (5.35%)	XML
12	16 (5.03%)	.NET Core
12	16 (5.03%)	Vue
13	13 (4.09%)	Spring
14	12 (3.77%)	Entity Framework
14	12 (3.77%)	OAuth2
14	12 (3.77%)	XSLT

Miscellaneous
1	60 (18.87%)	Management Information System
2	34 (10.69%)	IoT
3	33 (10.38%)	Distributed Denial-of-Service
4	30 (9.43%)	Product Ownership
5	24 (7.55%)	Cloud Native
6	23 (7.23%)	Mobile App
7	20 (6.29%)	Security Posture
8	12 (3.77%)	Self-Motivation
9	9 (2.83%)	Data Centre
10	8 (2.52%)	Distributed Systems
10	8 (2.52%)	Public Cloud
11	6 (1.89%)	Cyber Defence
11	6 (1.89%)	Security Operations Centre
12	5 (1.57%)	Hybrid Cloud
12	5 (1.57%)	Replication
13	4 (1.26%)	Onboarding
14	3 (0.94%)	Linux Command Line
14	3 (0.94%)	Operational Technology
14	3 (0.94%)	W3C
15	2 (0.63%)	Cyber Threat

Operating Systems
1	13 (4.09%)	Linux
2	12 (3.77%)	Kali Linux
3	7 (2.20%)	Debian
3	7 (2.20%)	Ubuntu
4	6 (1.89%)	Unix
5	5 (1.57%)	Apple iOS
6	3 (0.94%)	Windows
7	1 (0.31%)	Android
7	1 (0.31%)	Mac OS

Processes & Methodologies
1	112 (35.22%)	Agile
2	104 (32.70%)	Application Security
3	92 (28.93%)	Information Security
4	90 (28.30%)	Cybersecurity
5	85 (26.73%)	CI/CD
6	69 (21.70%)	Mentoring
7	66 (20.75%)	Secure Coding
8	62 (19.50%)	DevOps
9	59 (18.55%)	Security Architecture
10	57 (17.92%)	Microservices
11	55 (17.30%)	Test Automation
12	54 (16.98%)	Penetration Testing
13	52 (16.35%)	Problem-Solving
14	51 (16.04%)	TDD
15	49 (15.41%)	SDLC
16	48 (15.09%)	Vulnerability Management
17	46 (14.47%)	Coaching
18	45 (14.15%)	Computer Science
19	39 (12.26%)	DevSecOps
20	38 (11.95%)	Software Engineering

Programming Languages
1	104 (32.70%)	JavaScript
2	81 (25.47%)	C#
3	78 (24.53%)	SQL
4	51 (16.04%)	Python
5	39 (12.26%)	Java
6	25 (7.86%)	TypeScript
7	17 (5.35%)	PL/SQL
8	16 (5.03%)	T-SQL
9	13 (4.09%)	C
10	12 (3.77%)	PowerShell
10	12 (3.77%)	XPath
11	10 (3.14%)	Bash
12	7 (2.20%)	Bicep
13	6 (1.89%)	R
13	6 (1.89%)	Scala
14	4 (1.26%)	Kusto Query Language
14	4 (1.26%)	Swift
15	3 (0.94%)	Shell Script
16	2 (0.63%)	PHP
16	2 (0.63%)	Ruby

Qualifications
1	85 (26.73%)	CISSP
2	67 (21.07%)	CISM
3	49 (15.41%)	AWS Certification
3	49 (15.41%)	Degree
4	46 (14.47%)	Azure Certification
5	39 (12.26%)	(ISC)2 CCSP
6	38 (11.95%)	Cisco Certification
7	37 (11.64%)	CCSP
8	33 (10.38%)	CCSK
9	31 (9.75%)	Computer Science Degree
10	22 (6.92%)	OSCP
11	19 (5.97%)	GIAC
12	18 (5.66%)	CISA
13	16 (5.03%)	CREST Certified
14	15 (4.72%)	CompTIA CySA+
15	14 (4.40%)	CEH
16	13 (4.09%)	SANS
17	11 (3.46%)	DBS Check
18	10 (3.14%)	HNC
18	10 (3.14%)	HND

Quality Assurance & Compliance
1	91 (28.62%)	NIST
2	36 (11.32%)	ISO/IEC 27001
3	25 (7.86%)	Cyber Essentials
3	25 (7.86%)	PCI DSS
4	19 (5.97%)	GDPR
5	18 (5.66%)	NCSC
6	15 (4.72%)	GRC
7	13 (4.09%)	Cyber Essentials PLUS
8	10 (3.14%)	COBIT
8	10 (3.14%)	SLA
9	9 (2.83%)	Accessibility
9	9 (2.83%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
10	7 (2.20%)	PMO
11	6 (1.89%)	Actionable Recommendations
11	6 (1.89%)	NIST 800
11	6 (1.89%)	Web Application Security Consortium
12	4 (1.26%)	ISO 31000
13	3 (0.94%)	SOC 2
13	3 (0.94%)	WCAG
14	2 (0.63%)	ISO 9000

System Software
1	63 (19.81%)	Docker
2	7 (2.20%)	Virtual Machines
3	3 (0.94%)	Active Directory
4	1 (0.31%)	Hyper-V

Systems Management
1	57 (17.92%)	Kubernetes
2	33 (10.38%)	Single Sign-On
3	14 (4.40%)	Nmap
4	13 (4.09%)	Nessus
4	13 (4.09%)	Terraform
5	12 (3.77%)	Computer Emergency Response Teams
6	7 (2.20%)	MIIS
7	6 (1.89%)	Grafana
8	5 (1.57%)	Kibana
8	5 (1.57%)	Suricata
9	3 (0.94%)	Ansible
10	2 (0.63%)	QRadar

Vendors
1	66 (20.75%)	Microsoft
2	23 (7.23%)	Oracle
3	17 (5.35%)	Qualys
4	7 (2.20%)	Splunk
5	5 (1.57%)	Cisco
5	5 (1.57%)	Juniper
5	5 (1.57%)	Palo Alto
6	2 (0.63%)	Google
6	2 (0.63%)	IBM
7	1 (0.31%)	CA
7	1 (0.31%)	VMware

Open Web Application Security Project (OWASP)UK

All Process and Methodology SkillsUK

OWASPJob Vacancy Trend

OWASPSalary Trend

OWASPSalary Histogram

OWASPTop 15 Job Locations

OWASPTop 30 Co-occurring Skills and Capabilities

OWASPCo-occurring Skills and Capabilities by Category