Incident Response Contracts

Incident Response
UK

The following table provides summary statistics for contract job vacancies with a requirement for Incident Response skills. Included is a benchmarking guide to the contractor rates offered in vacancies that have cited Incident Response over the 6 months to 16 May 2024 with a comparison to the same period in the previous 2 years.

6 months to
16 May 2024		 Same period 2023 Same period 2022
Rank 232 339 538
Rank change year-on-year +107 +199 -88
Contract jobs citing Incident Response 444 397 333
As % of all contract jobs advertised in the UK 1.04% 0.70% 0.38%
As % of the Processes & Methodologies category 1.21% 0.78% 0.42%
Number of daily rates quoted 317 303 254
10th Percentile £416 £411 £400
25th Percentile £458 £500 £475
Median daily rate (50th Percentile) £550 £588 £550
Median % change year-on-year -6.38% +6.82% +4.76%
75th Percentile £675 £725 £671
90th Percentile £768 £800 £765
UK excluding London median daily rate £540 £565 £550
% change year-on-year -4.42% +2.73% -
Number of hourly rates quoted 6 0 7
10th Percentile £35.06 - £16.10
25th Percentile - - £16.41
Median hourly rate £40.00 - £17.64
75th Percentile - - £31.46
90th Percentile - - £65.76
UK excluding London median hourly rate £40.00 - £17.23

All Process and Methodology Skills
UK

Incident Response is in the Processes and Methodologies category. The following table is for comparison with the above and provides summary statistics for all contract job vacancies with a requirement for process or methodology skills.

Contract vacancies with a requirement for process or methodology skills 36,679 51,168 79,259
As % of all contract IT jobs advertised in the UK 86.19% 89.82% 90.63%
Number of daily rates quoted 23,608 35,479 55,636
10th Percentile £300 £325 £345
25th Percentile £413 £438 £429
Median daily rate (50th Percentile) £525 £550 £530
Median % change year-on-year -4.55% +3.77% +8.16%
75th Percentile £638 £650 £638
90th Percentile £750 £750 £738
UK excluding London median daily rate £500 £500 £479
% change year-on-year - +4.38% +9.49%
Number of hourly rates quoted 2,436 1,692 1,900
10th Percentile £12.75 £10.64 £12.50
25th Percentile £15.94 £16.10 £15.50
Median hourly rate £36.27 £35.65 £25.68
Median % change year-on-year +1.75% +38.82% +5.35%
75th Percentile £60.00 £65.00 £49.75
90th Percentile £72.50 £75.00 £65.00
UK excluding London median hourly rate £37.50 £35.00 £20.00
% change year-on-year +7.14% +75.00% -6.21%

Incident Response
Job Vacancy Trend

Job postings citing Incident Response as a proportion of all IT jobs advertised.

Job vacancy trend for Incident Response in the UK

Incident Response
Contractor Daily Rate Trend

3-month moving average daily rate quoted in jobs citing Incident Response.

Daily rate trend for Incident Response in the UK

Incident Response
Daily Rate Histogram

Daily rate distribution for jobs citing Incident Response over the 6 months to 16 May 2024.

Daily rate histogram for Incident Response in the UK

Incident Response
Contractor Hourly Rate Trend

3-month moving average hourly rates quoted in jobs citing Incident Response.

Hourly rate trend for Incident Response in the UK

Incident Response
Top 14 Contract Locations

The table below looks at the demand and provides a guide to the median contractor rates quoted in IT jobs citing Incident Response within the UK over the 6 months to 16 May 2024. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year		 Matching
Contract
IT Job Ads		 Median
Daily Rate
Past 6 Months		 Median Daily Rate
% Change
on Same Period
Last Year		 Live
Jobs
England +110 393 £550 -8.33% 229
UK excluding London +141 279 £540 -4.42% 143
Work from Home +86 128 £488 -29.05% 120
South West +97 106 £582 -6.88% 14
London +17 106 £531 -12.19% 84
South East +69 70 £484 -19.42% 38
North of England +19 52 £525 -4.55% 42
Midlands +31 36 £635 -2.31% 31
West Midlands +36 33 £635 -2.31% 23
Yorkshire +18 27 £582 +10.86% 17
North West +9 25 £513 -12.54% 19
East of England +7 25 £600 +26.32% 8
Scotland +36 15 £500 +11.11% 8
East Midlands +10 3 £567 -7.65% 7

Incident Response
Co-occurring Skills and Capabilities by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same employment type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 17 (3.83%) CMS
2 11 (2.48%) NetWeaver
3 5 (1.13%) Confluence
4 4 (0.90%) Microsoft Exchange
5 2 (0.45%) Apache Spark
5 2 (0.45%) nginx
6 1 (0.23%) Blackberry Enterprise Server
6 1 (0.23%) IBM Notes
6 1 (0.23%) SharePoint
Applications
1 5 (1.13%) Microsoft Excel
2 2 (0.45%) Microsoft Project
3 1 (0.23%) Microsoft Office
3 1 (0.23%) Spreadsheet
Business Applications
1 11 (2.48%) SAP IBP
Cloud Services
1 88 (19.82%) Azure
2 47 (10.59%) AWS
3 37 (8.33%) Azure Sentinel
4 14 (3.15%) Microsoft 365
5 10 (2.25%) GCP
6 9 (2.03%) Entra ID
7 8 (1.80%) OpenShift
8 7 (1.58%) Azure Monitor
8 7 (1.58%) Microsoft Purview
8 7 (1.58%) Virtual Private Cloud
9 6 (1.35%) Azure DevOps
9 6 (1.35%) GitHub
9 6 (1.35%) Power Platform
10 5 (1.13%) Amazon CloudWatch
10 5 (1.13%) Amazon GuardDuty
10 5 (1.13%) AWS CloudTrail
10 5 (1.13%) CloudFront
10 5 (1.13%) Google Kubernetes Engine
11 4 (0.90%) Amazon S3
11 4 (0.90%) AWS CloudFormation
Communications & Networking
1 59 (13.29%) Firewall
2 35 (7.88%) Network Security
3 23 (5.18%) Intrusion Detection
4 14 (3.15%) TCP/IP
5 13 (2.93%) DNS
6 10 (2.25%) VPN
7 6 (1.35%) HTTP
7 6 (1.35%) LAN
8 5 (1.13%) tcpdump
8 5 (1.13%) Wireshark
9 4 (0.90%) Cisco ISE
9 4 (0.90%) Cisco Nexus
9 4 (0.90%) DHCP
9 4 (0.90%) FTP
9 4 (0.90%) SMTP
9 4 (0.90%) WAN
10 3 (0.68%) Intranet
10 3 (0.68%) NGFW
10 3 (0.68%) SSL
10 3 (0.68%) Wireless
Database & Business Intelligence
1 19 (4.28%) Elasticsearch
2 11 (2.48%) SAP BW
2 11 (2.48%) SAP HANA
3 8 (1.80%) PostgreSQL
4 7 (1.58%) SQL Server
5 6 (1.35%) Apache Hive
5 6 (1.35%) Hadoop
5 6 (1.35%) Power BI
6 5 (1.13%) MongoDB
7 4 (0.90%) BigQuery
7 4 (0.90%) Data Lake
7 4 (0.90%) Tableau
8 2 (0.45%) Amazon Athena
8 2 (0.45%) Amazon Redshift
8 2 (0.45%) Data Hub
8 2 (0.45%) Enterprise Data Warehouse
8 2 (0.45%) IBM BigInsights
8 2 (0.45%) NoSQL
8 2 (0.45%) Parquet
8 2 (0.45%) PolyBase
Development Applications
1 17 (3.83%) JIRA
2 7 (1.58%) Jenkins
3 4 (0.90%) Git
3 4 (0.90%) IDA Disassembler
4 3 (0.68%) GitLab
5 2 (0.45%) Artifactory
5 2 (0.45%) Liquibase
5 2 (0.45%) Octopus Deploy
5 2 (0.45%) TeamCity
6 1 (0.23%) Subversion
General
1 121 (27.25%) Social Skills
2 62 (13.96%) Analytical Skills
3 51 (11.49%) Finance
4 33 (7.43%) Public Sector
5 22 (4.95%) Banking
6 19 (4.28%) Legal
6 19 (4.28%) Telecoms
7 9 (2.03%) Inclusion and Diversity
7 9 (2.03%) Retail
8 8 (1.80%) Law
9 6 (1.35%) Manufacturing
10 5 (1.13%) Financial Institution
10 5 (1.13%) Influencing Skills
11 4 (0.90%) Documentation Skills
11 4 (0.90%) Presentation Skills
12 3 (0.68%) Games
13 2 (0.45%) Advertising
13 2 (0.45%) Aerospace
13 2 (0.45%) Marketing
13 2 (0.45%) Retail Banking
Job Titles
1 146 (32.88%) Analyst
2 84 (18.92%) SOC Analyst
3 41 (9.23%) Consultant
4 35 (7.88%) Security Engineer
4 35 (7.88%) Senior
5 34 (7.66%) Lead
6 30 (6.76%) Security Analyst
7 28 (6.31%) SOC Engineer
8 21 (4.73%) Architect
8 21 (4.73%) Senior Analyst
9 17 (3.83%) Security Manager
10 16 (3.60%) Cyber Defence Analyst
11 14 (3.15%) Security Architect
12 13 (2.93%) Site Engineer
12 13 (2.93%) Site Reliability Engineer
13 12 (2.70%) Cybersecurity Analyst
13 12 (2.70%) Security Specialist
13 12 (2.70%) SIEM Consultant
14 11 (2.48%) SAP Basis Consultant
14 11 (2.48%) SAP Consultant
Libraries, Frameworks & Software Standards
1 13 (2.93%) Kafka
2 11 (2.48%) Elastic Stack
2 11 (2.48%) SAP Basis
2 11 (2.48%) SAP Fiori
3 6 (1.35%) OAuth
3 6 (1.35%) OAuth2
3 6 (1.35%) SAML
4 5 (1.13%) JSON
4 5 (1.13%) XML
5 4 (0.90%) Ajax
5 4 (0.90%) AngularJS
5 4 (0.90%) CSS
5 4 (0.90%) HTML
5 4 (0.90%) OLE
5 4 (0.90%) Web Services
6 3 (0.68%) LDAP
6 3 (0.68%) SailPoint
6 3 (0.68%) SOAP
7 2 (0.45%) Apache Avro
7 2 (0.45%) Apache NiFi
Miscellaneous
1 106 (23.87%) Management Information System
2 89 (20.05%) Security Operations Centre
3 86 (19.37%) Cyber Threat
4 73 (16.44%) Cyber Kill Chain
5 67 (15.09%) Cyber Defence
6 45 (10.14%) Security Posture
7 39 (8.78%) CSOC
8 30 (6.76%) Cyberattack
9 19 (4.28%) Cloud Native
10 17 (3.83%) Onboarding
11 14 (3.15%) Distributed Denial-of-Service
12 12 (2.70%) Public Cloud
13 8 (1.80%) CMDB
14 6 (1.35%) Analytical Mindset
15 5 (1.13%) Cloud Security Posture
15 5 (1.13%) Data Protection Act
16 4 (0.90%) Hedge funds
16 4 (0.90%) Self-Motivation
16 4 (0.90%) YARA
17 3 (0.68%) Insider Threat
Operating Systems
1 64 (14.41%) Linux
1 64 (14.41%) Windows
2 16 (3.60%) Unix
3 7 (1.58%) Windows Server
4 5 (1.13%) zOS
5 3 (0.68%) Mac OS
6 2 (0.45%) Red Hat Enterprise Linux
7 1 (0.23%) Android
7 1 (0.23%) Apple iOS
7 1 (0.23%) Mac OS X
7 1 (0.23%) Windows 10
Processes & Methodologies
1 260 (58.56%) Cybersecurity
2 191 (43.02%) SIEM
3 189 (42.57%) Security Operations
4 130 (29.28%) Information Security
5 103 (23.20%) Threat Intelligence
5 103 (23.20%) Use Case
6 100 (22.52%) Incident Management
7 85 (19.14%) MITRE ATT&CK
7 85 (19.14%) Vulnerability Management
8 75 (16.89%) Cyber Threat Intelligence
9 67 (15.09%) Problem-Solving
10 66 (14.86%) SOAR
11 65 (14.64%) Root Cause Analysis
12 64 (14.41%) Mentoring
13 61 (13.74%) Protective Monitoring
14 50 (11.26%) Case Management
15 48 (10.81%) Data Security
16 47 (10.59%) Analytics
17 42 (9.46%) Cloud Security
18 41 (9.23%) Data Loss Prevention
Programming Languages
1 30 (6.76%) PowerShell
2 23 (5.18%) Kusto Query Language
3 22 (4.95%) Python
4 9 (2.03%) JavaScript
5 8 (1.80%) SQL
6 7 (1.58%) Bash
7 5 (1.13%) Search Processing Language
8 3 (0.68%) Go
8 3 (0.68%) Perl
8 3 (0.68%) Shell Script
9 2 (0.45%) U-SQL
10 1 (0.23%) Bicep
10 1 (0.23%) C#
10 1 (0.23%) Java
10 1 (0.23%) Ruby
Qualifications
1 164 (36.94%) Security Cleared
2 100 (22.52%) DV Cleared
3 63 (14.19%) CISSP
4 54 (12.16%) Degree
5 52 (11.71%) SC Cleared
6 28 (6.31%) CISM
7 26 (5.86%) SANS
8 20 (4.50%) Computer Science Degree
9 17 (3.83%) Cisco Certification
9 17 (3.83%) CompTIA Security+
10 16 (3.60%) CEH
11 13 (2.93%) Azure Certification
12 11 (2.48%) CCNP
13 10 (2.25%) Microsoft Certification
14 9 (2.03%) CCNA
15 8 (1.80%) SAP Certification
16 7 (1.58%) BPSS Clearance
16 7 (1.58%) GIAC
17 6 (1.35%) AWS Certification
17 6 (1.35%) CISA
Quality Assurance & Compliance
1 91 (20.50%) NIST
2 47 (10.59%) ISO/IEC 27001
3 44 (9.91%) NIST 800
4 42 (9.46%) GDPR
5 27 (6.08%) NCSC
6 13 (2.93%) PCI DSS
7 12 (2.70%) GRC
8 7 (1.58%) Cyber Essentials
9 6 (1.35%) HIPAA
10 5 (1.13%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
11 4 (0.90%) Cyber Essentials PLUS
11 4 (0.90%) SLA
12 3 (0.68%) COBIT
12 3 (0.68%) GPG13
13 2 (0.45%) Data Quality
13 2 (0.45%) Sarbanes-Oxley
14 1 (0.23%) Disclosure Scotland
14 1 (0.23%) GLBA
14 1 (0.23%) ISAE 3402
14 1 (0.23%) QA
System Software
1 20 (4.50%) Active Directory
2 13 (2.93%) Docker
3 5 (1.13%) Virtual Machines
3 5 (1.13%) VMware Infrastructure
4 4 (0.90%) Snort
5 2 (0.45%) XenApp
Systems Management
1 21 (4.73%) Kibana
2 15 (3.38%) Kubernetes
3 12 (2.70%) Prometheus
4 11 (2.48%) Terraform
5 10 (2.25%) Istio
5 10 (2.25%) Nessus
6 9 (2.03%) Grafana
6 9 (2.03%) logstash
7 8 (1.80%) Argo
8 7 (1.58%) Ansible
8 7 (1.58%) CSIRT
9 4 (0.90%) Computer Emergency Response Teams
9 4 (0.90%) Puppet
9 4 (0.90%) QRadar
9 4 (0.90%) Trend Micro Deep Security
10 3 (0.68%) CASB
10 3 (0.68%) FortiGate
10 3 (0.68%) Progress Chef
11 2 (0.45%) Network Intrusion Detection System
11 2 (0.45%) Rancher
Vendors
1 171 (38.51%) Microsoft
2 59 (13.29%) Splunk
3 33 (7.43%) LogRhythm
4 31 (6.98%) Qualys
5 23 (5.18%) Darktrace
6 22 (4.95%) Varonis
7 20 (4.50%) Cisco
8 17 (3.83%) FireEye
9 16 (3.60%) Forcepoint
10 15 (3.38%) SAP
11 12 (2.70%) CrowdStrike
12 10 (2.25%) Google
12 10 (2.25%) Rapid7
13 9 (2.03%) CheckPoint
14 7 (1.58%) Virgin Media
14 7 (1.58%) VMware
15 6 (1.35%) Oracle
15 6 (1.35%) Palo Alto
15 6 (1.35%) ServiceNow
16 5 (1.13%) F5
273 Incident Response jobs Nationwide