Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 21 January 2026, with comparisons to the same periods in the previous two years.

	6 months to 21 Jan 2026	Same period 2025	Same period 2024
Rank	435	386	378
Rank change year-on-year	-49	-8	+140
Permanent jobs citing Penetration Testing	207	356	433
As % of all permanent jobs in the UK	0.34%	0.67%	0.69%
As % of the Processes & Methodologies category	0.42%	0.74%	0.77%
Number of salaries quoted	156	201	353
10^th Percentile	£43,750	£45,000	£42,816
25^th Percentile	£51,250	£55,000	£52,500
Median annual salary (50^th Percentile)	£70,000	£66,250	£65,000
Median % change year-on-year	+5.66%	+1.92%	-3.70%
75^th Percentile	£87,500	£88,750	£82,500
90^th Percentile	£90,000	£100,000	£90,000
UK excluding London median annual salary	£62,500	£62,500	£60,000
% change year-on-year	-	+4.17%	-7.69%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	49,597	48,194	56,134
As % of all permanent jobs advertised in the UK	80.59%	90.99%	89.24%
Number of salaries quoted	29,262	23,336	43,211
10^th Percentile	£28,500	£35,000	£30,500
25^th Percentile	£37,500	£45,000	£41,250
Median annual salary (50^th Percentile)	£55,000	£60,000	£57,500
Median % change year-on-year	-8.33%	+4.35%	-8.00%
75^th Percentile	£75,246	£80,000	£77,500
90^th Percentile	£95,000	£100,000	£96,250
UK excluding London median annual salary	£50,000	£55,000	£50,000
% change year-on-year	-9.09%	+10.00%	-9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 21 January 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 21 January 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-39	184	£70,000	+7.69%	130
UK excluding London	-47	101	£62,500	-	116
London	+2	86	£76,000	+4.83%	31
Work from Home	-2	70	£60,000	-7.69%	57
South West	+37	38	£76,250	+12.96%	27
Midlands	+12	27	£52,500	-14.29%	21
South East	-28	16	£65,000	+4.00%	27
East Midlands	+1	14	£51,058	-11.20%	12
West Midlands	+5	13	£57,500	-13.21%	8
North of England	-11	11	£55,000	-3.30%	25
Scotland	-31	9	£90,000	+21.21%	8
Yorkshire	-12	8	£56,250	+7.14%	7
North West	-6	3	£55,000	-12.00%	16
East of England	+12	1	£85,000	+198.25%	7

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 21 January 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	104 (50.24%)	Cybersecurity
2	73 (35.27%)	ISO/IEC 27001
3	68 (32.85%)	Incident Response
4	62 (29.95%)	Python
5	60 (28.99%)	CISSP
5	60 (28.99%)	CREST Certified
6	57 (27.54%)	Red Team
7	55 (26.57%)	Azure
7	55 (26.57%)	Microsoft
8	52 (25.12%)	NIST
9	49 (23.67%)	Application Security
10	47 (22.71%)	Degree
10	47 (22.71%)	Vulnerability Management
11	46 (22.22%)	OSCP
12	44 (21.26%)	SIEM

13	42 (20.29%)	Bash
13	42 (20.29%)	Problem-Solving
14	40 (19.32%)	Information Security
14	40 (19.32%)	PowerShell
14	40 (19.32%)	Security Cleared
15	34 (16.43%)	Vulnerability Assessment
16	33 (15.94%)	AWS
17	32 (15.46%)	Agile
17	32 (15.46%)	Offensive Security
17	32 (15.46%)	SC Cleared
18	31 (14.98%)	Security Testing
18	31 (14.98%)	Threat Modelling
19	30 (14.49%)	Vulnerability Scanning
20	29 (14.01%)	Firewall
20	29 (14.01%)	Mentoring

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	4 (1.93%)	Microsoft Exchange
2	3 (1.45%)	SharePoint
3	1 (0.48%)	Confluence

Applications
1	6 (2.90%)	Microsoft Excel
1	6 (2.90%)	Microsoft Office
2	2 (0.97%)	Weka
3	1 (0.48%)	GNU Octave

Cloud Services
1	55 (26.57%)	Azure
2	33 (15.94%)	AWS
3	18 (8.70%)	GitHub
4	15 (7.25%)	Microsoft 365
5	14 (6.76%)	Azure Sentinel
5	14 (6.76%)	GitHub Actions
6	13 (6.28%)	Entra ID
7	12 (5.80%)	Slack
8	11 (5.31%)	Microsoft Purview
9	9 (4.35%)	Power Platform
10	8 (3.86%)	GCP
11	3 (1.45%)	IBM Cloud
12	2 (0.97%)	SaaS
13	1 (0.48%)	Datadog
13	1 (0.48%)	Dynamics 365
13	1 (0.48%)	Mimecast
13	1 (0.48%)	OpenShift
13	1 (0.48%)	Power Automate
13	1 (0.48%)	Rubrik
13	1 (0.48%)	SecurityScorecard

Communications & Networking
1	29 (14.01%)	Firewall
2	24 (11.59%)	Network Security
3	21 (10.14%)	TCP/IP
4	15 (7.25%)	Wireless
5	14 (6.76%)	VPN
6	9 (4.35%)	Wireshark
7	7 (3.38%)	VLAN
8	6 (2.90%)	DNS
8	6 (2.90%)	Intrusion Detection
8	6 (2.90%)	Wi-Fi
9	5 (2.42%)	HTTP
10	4 (1.93%)	Ethernet
11	3 (1.45%)	Internet
11	3 (1.45%)	LAN
11	3 (1.45%)	Modbus
11	3 (1.45%)	SSL
11	3 (1.45%)	WAN
12	2 (0.97%)	Cisco ISE
12	2 (0.97%)	DMARC
12	2 (0.97%)	DMZ

Database & Business Intelligence
1	9 (4.35%)	Power BI
2	6 (2.90%)	Tableau
3	1 (0.48%)	SQL Server

Development Applications
1	27 (13.04%)	Burp Suite
1	27 (13.04%)	Metasploit
2	14 (6.76%)	Jenkins
2	14 (6.76%)	JIRA
3	2 (0.97%)	IDA Disassembler
4	1 (0.48%)	Git
4	1 (0.48%)	GitLab

General
1	74 (35.75%)	Social Skills
2	59 (28.50%)	Finance
3	19 (9.18%)	Inclusion and Diversity
4	17 (8.21%)	Analytical Skills
5	15 (7.25%)	Influencing Skills
6	13 (6.28%)	Presentation Skills
6	13 (6.28%)	Public Sector
7	12 (5.80%)	Banking
7	12 (5.80%)	Retail
8	6 (2.90%)	Law
8	6 (2.90%)	Legal
8	6 (2.90%)	Marketing
9	4 (1.93%)	Electronics
10	3 (1.45%)	Aerospace
10	3 (1.45%)	Documentation Skills
10	3 (1.45%)	Manufacturing
10	3 (1.45%)	Military
10	3 (1.45%)	Pharmaceutical
10	3 (1.45%)	Telecoms
11	2 (0.97%)	Public Speaking

Job Titles
1	41 (19.81%)	Security Engineer
2	37 (17.87%)	Analyst
3	33 (15.94%)	Security Analyst
4	29 (14.01%)	Senior
5	26 (12.56%)	Consultant
5	26 (12.56%)	Security Consultant
6	23 (11.11%)	Tester
7	22 (10.63%)	Penetration Tester
8	17 (8.21%)	Applications Engineer
9	16 (7.73%)	IT Manager
10	15 (7.25%)	Security Manager
11	14 (6.76%)	Cybersecurity Consultant
12	13 (6.28%)	Cybersecurity Engineer
13	12 (5.80%)	Senior Security Engineer
14	11 (5.31%)	Security Specialist
15	10 (4.83%)	Information Analyst
15	10 (4.83%)	Information Security Analyst
16	9 (4.35%)	Lead
17	8 (3.86%)	Senior Analyst
17	8 (3.86%)	Senior Security Analyst

Libraries, Frameworks & Software Standards
1	5 (2.42%)	JSON
2	1 (0.48%)	PyTorch
2	1 (0.48%)	TensorFlow
2	1 (0.48%)	YAML

Miscellaneous
1	48 (23.19%)	Security Posture
2	22 (10.63%)	Cyber Defence
3	21 (10.14%)	Management Information System
3	21 (10.14%)	Mobile App
4	14 (6.76%)	Cyber Threat
5	9 (4.35%)	Self-Motivation
6	8 (3.86%)	Operational Technology
7	7 (3.38%)	Insider Threat
7	7 (3.38%)	PKI
7	7 (3.38%)	Security Operations Centre
8	6 (2.90%)	Analytical Mindset
8	6 (2.90%)	Cyber Kill Chain
9	5 (2.42%)	Cloud Native
9	5 (2.42%)	Enterprise Software
9	5 (2.42%)	SCADA
10	4 (1.93%)	Cyber Security Posture
11	3 (1.45%)	Data Centre
11	3 (1.45%)	Data Protection Act
11	3 (1.45%)	Linux Command Line
11	3 (1.45%)	Onboarding

Operating Systems
1	23 (11.11%)	Linux
1	23 (11.11%)	Windows
2	6 (2.90%)	Unix
3	5 (2.42%)	Android
3	5 (2.42%)	Apple iOS
3	5 (2.42%)	Windows Server
4	2 (0.97%)	Kali Linux
5	1 (0.48%)	Debian
5	1 (0.48%)	Ubuntu
5	1 (0.48%)	Windows 10
5	1 (0.48%)	Windows Server 2016
5	1 (0.48%)	Windows Server 2019

Processes & Methodologies
1	104 (50.24%)	Cybersecurity
2	68 (32.85%)	Incident Response
3	57 (27.54%)	Red Team
4	49 (23.67%)	Application Security
5	47 (22.71%)	Vulnerability Management
6	44 (21.26%)	SIEM
7	42 (20.29%)	Problem-Solving
8	40 (19.32%)	Information Security
9	34 (16.43%)	Vulnerability Assessment
10	32 (15.46%)	Agile
10	32 (15.46%)	Offensive Security
11	31 (14.98%)	Security Testing
11	31 (14.98%)	Threat Modelling
12	30 (14.49%)	Vulnerability Scanning
13	29 (14.01%)	Mentoring
14	27 (13.04%)	Security Operations
15	26 (12.56%)	Technology Transformation
16	25 (12.08%)	Internal Audit
17	24 (11.59%)	Business Strategy
17	24 (11.59%)	DevOps

Programming Languages
1	62 (29.95%)	Python
2	42 (20.29%)	Bash
3	40 (19.32%)	PowerShell
4	15 (7.25%)	Go
5	8 (3.86%)	SQL
6	7 (3.38%)	C
6	7 (3.38%)	C#
6	7 (3.38%)	C++
7	6 (2.90%)	R
8	5 (2.42%)	JavaScript
9	4 (1.93%)	Java
9	4 (1.93%)	Perl
10	2 (0.97%)	Ruby
11	1 (0.48%)	Kusto Query Language
11	1 (0.48%)	Scala

Qualifications
1	60 (28.99%)	CISSP
1	60 (28.99%)	CREST Certified
2	47 (22.71%)	Degree
3	46 (22.22%)	OSCP
4	40 (19.32%)	Security Cleared
5	32 (15.46%)	SC Cleared
6	28 (13.53%)	CHECK Team Member
6	28 (13.53%)	Cisco Certification
7	21 (10.14%)	SANS
8	19 (9.18%)	CCNA
8	19 (9.18%)	CEH
9	18 (8.70%)	CHECK Team Leader
9	18 (8.70%)	CompTIA Security+
9	18 (8.70%)	GIAC
10	14 (6.76%)	DV Cleared
11	13 (6.28%)	CCSAM
12	12 (5.80%)	CISA
12	12 (5.80%)	CISM
12	12 (5.80%)	GCIH
13	10 (4.83%)	Microsoft Certification

Quality Assurance & Compliance
1	73 (35.27%)	ISO/IEC 27001
2	52 (25.12%)	NIST
3	26 (12.56%)	Accessibility
3	26 (12.56%)	Cyber Essentials
4	19 (9.18%)	GDPR
5	9 (4.35%)	GRC
6	8 (3.86%)	Actionable Recommendations
7	7 (3.38%)	NCSC
8	5 (2.42%)	NIST 800
9	4 (1.93%)	QA
10	3 (1.45%)	Cyber Essentials PLUS
10	3 (1.45%)	GxP
10	3 (1.45%)	ITGC
10	3 (1.45%)	PCI DSS
10	3 (1.45%)	RMADS
11	2 (0.97%)	COBIT
11	2 (0.97%)	ISO/IEC 27005
11	2 (0.97%)	SOC 2
12	1 (0.48%)	HIPAA
12	1 (0.48%)	Sarbanes-Oxley

System Software
1	12 (5.80%)	Active Directory
1	12 (5.80%)	Virtual Machines
2	6 (2.90%)	VMware ESXi
3	5 (2.42%)	VMware Infrastructure
4	2 (0.97%)	Docker
4	2 (0.97%)	Hyper-V
4	2 (0.97%)	vSphere
5	1 (0.48%)	EMC RecoverPoint
5	1 (0.48%)	pfSense
5	1 (0.48%)	Squid

Systems Management
1	22 (10.63%)	Nessus
2	19 (9.18%)	Nmap
3	7 (3.38%)	QRadar
4	6 (2.90%)	Kubernetes
4	6 (2.90%)	Microsoft Intune
5	4 (1.93%)	Single Sign-On
6	3 (1.45%)	ArcSight ESM
6	3 (1.45%)	Proxmox
7	2 (0.97%)	CSIRT
7	2 (0.97%)	FortiGate
7	2 (0.97%)	Terraform
8	1 (0.48%)	Ansible
8	1 (0.48%)	Cisco CUCM
8	1 (0.48%)	Progress Chef
8	1 (0.48%)	VxRail

Vendors
1	55 (26.57%)	Microsoft
2	12 (5.80%)	Cisco
2	12 (5.80%)	ServiceNow
2	12 (5.80%)	Tenable
3	8 (3.86%)	Splunk
3	8 (3.86%)	VMware
4	6 (2.90%)	Oracle
5	4 (1.93%)	Qualys
6	3 (1.45%)	ArcSight
6	3 (1.45%)	CheckPoint
6	3 (1.45%)	CrowdStrike
6	3 (1.45%)	Dell
6	3 (1.45%)	IBM
6	3 (1.45%)	LogLogic
6	3 (1.45%)	McAfee
6	3 (1.45%)	Palo Alto
7	2 (0.97%)	CyberArk
7	2 (0.97%)	LogRhythm
7	2 (0.97%)	SonicWALL
7	2 (0.97%)	Zscaler

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 14 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category