Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 14 February 2026, with comparisons to the same periods in the previous two years.

	6 months to 14 Feb 2026	Same period 2025	Same period 2024
Rank	437	400	397
Rank change year-on-year	-37	-3	+103
Permanent jobs citing Penetration Testing	237	331	489
As % of all permanent jobs in the UK	0.35%	0.67%	0.66%
As % of the Processes & Methodologies category	0.44%	0.72%	0.74%
Number of salaries quoted	173	189	399
10^th Percentile	£42,500	£45,000	£41,250
25^th Percentile	£51,250	£57,500	£50,000
Median annual salary (50^th Percentile)	£70,000	£69,500	£64,902
Median % change year-on-year	+0.72%	+7.08%	-6.21%
75^th Percentile	£87,500	£88,750	£82,500
90^th Percentile	£90,000	£105,000	£90,000
UK excluding London median annual salary	£65,000	£65,000	£57,500
% change year-on-year	-	+13.04%	-8.00%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	53,358	45,796	65,934
As % of all permanent jobs advertised in the UK	79.56%	92.23%	88.32%
Number of salaries quoted	31,921	22,329	51,135
10^th Percentile	£29,000	£35,000	£29,500
25^th Percentile	£38,000	£46,250	£40,000
Median annual salary (50^th Percentile)	£55,000	£60,001	£55,000
Median % change year-on-year	-8.33%	+9.09%	-12.00%
75^th Percentile	£76,250	£81,250	£75,000
90^th Percentile	£97,500	£102,500	£95,000
UK excluding London median annual salary	£50,000	£55,000	£50,000
% change year-on-year	-9.09%	+10.00%	-9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 14 February 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 14 February 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-18	209	£70,000	+3.70%	81
UK excluding London	-45	115	£65,000	-	60
London	+3	99	£77,500	+3.33%	28
Work from Home	-12	79	£60,000	-14.29%	53
South West	+19	45	£72,500	+7.41%	13
Midlands	+2	27	£52,500	-22.22%	9
South East	-31	19	£65,000	+4.00%	17
East Midlands	-5	14	£51,058	+27.65%	2
West Midlands	+1	13	£57,500	-14.81%	7
Scotland	-30	12	£90,000	+22.45%	2
North of England	-25	11	£55,000	-	14
Yorkshire	-26	6	£56,250	+9.76%	1
North West	-16	3	£55,000	-5.17%	10
East of England	+18	2	£57,500	-	4
North East	-	2	£75,000	-	3

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 14 February 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	122 (51.48%)	Cybersecurity
2	80 (33.76%)	CREST Certified
2	80 (33.76%)	ISO/IEC 27001
3	75 (31.65%)	Incident Response
4	69 (29.11%)	CISSP
5	68 (28.69%)	Python
6	67 (28.27%)	Red Team
7	63 (26.58%)	Application Security
8	62 (26.16%)	OSCP
9	57 (24.05%)	Microsoft
10	56 (23.63%)	Azure
11	54 (22.78%)	NIST
12	52 (21.94%)	Degree
13	49 (20.68%)	Bash
13	49 (20.68%)	PowerShell

13	49 (20.68%)	Vulnerability Management
14	47 (19.83%)	Problem-Solving
15	45 (18.99%)	Agile
15	45 (18.99%)	SIEM
16	43 (18.14%)	Offensive Security
17	42 (17.72%)	Security Testing
18	41 (17.30%)	Information Security
18	41 (17.30%)	Threat Modelling
19	40 (16.88%)	Mentoring
19	40 (16.88%)	Security Cleared
20	36 (15.19%)	AWS
20	36 (15.19%)	Firewall
21	35 (14.77%)	Vulnerability Assessment
22	33 (13.92%)	Business Strategy
22	33 (13.92%)	CHECK Team Member

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	5 (2.11%)	Microsoft Exchange
1	5 (2.11%)	SharePoint
2	1 (0.42%)	Confluence

Applications
1	4 (1.69%)	Microsoft Excel
1	4 (1.69%)	Microsoft Office
2	2 (0.84%)	Weka
3	1 (0.42%)	GNU Octave

Business Applications
1	1 (0.42%)	Exchequer

Cloud Services
1	56 (23.63%)	Azure
2	36 (15.19%)	AWS
3	24 (10.13%)	GitHub
4	20 (8.44%)	GitHub Actions
5	18 (7.59%)	Microsoft 365
6	14 (5.91%)	Entra ID
7	13 (5.49%)	Azure Sentinel
7	13 (5.49%)	GCP
7	13 (5.49%)	Microsoft Purview
8	12 (5.06%)	Slack
9	7 (2.95%)	Power Platform
10	4 (1.69%)	SaaS
11	3 (1.27%)	IBM Cloud
12	1 (0.42%)	Amazon EKS
12	1 (0.42%)	AWS CloudFormation
12	1 (0.42%)	Datadog
12	1 (0.42%)	Dynamics 365
12	1 (0.42%)	IaaS
12	1 (0.42%)	OpenShift
12	1 (0.42%)	Power Automate

Communications & Networking
1	36 (15.19%)	Firewall
2	23 (9.70%)	Network Security
3	21 (8.86%)	TCP/IP
4	20 (8.44%)	Wireless
5	14 (5.91%)	VPN
6	8 (3.38%)	VLAN
7	7 (2.95%)	DNS
7	7 (2.95%)	Wi-Fi
7	7 (2.95%)	Wireshark
8	5 (2.11%)	HTTP
8	5 (2.11%)	Intrusion Detection
9	4 (1.69%)	Ethernet
9	4 (1.69%)	Internet
10	3 (1.27%)	DHCP
10	3 (1.27%)	DMZ
10	3 (1.27%)	LAN
10	3 (1.27%)	Modbus
10	3 (1.27%)	SSL
10	3 (1.27%)	VoIP
10	3 (1.27%)	WAN

Database & Business Intelligence
1	7 (2.95%)	Power BI
2	4 (1.69%)	Tableau
3	1 (0.42%)	SQL Server

Development Applications
1	29 (12.24%)	Burp Suite
1	29 (12.24%)	Metasploit
2	20 (8.44%)	Jenkins
3	16 (6.75%)	JIRA
4	2 (0.84%)	IDA Disassembler
5	1 (0.42%)	Git
5	1 (0.42%)	GitLab

General
1	81 (34.18%)	Social Skills
2	75 (31.65%)	Finance
3	24 (10.13%)	Inclusion and Diversity
4	18 (7.59%)	Analytical Skills
5	16 (6.75%)	Banking
5	16 (6.75%)	Retail
6	15 (6.33%)	Influencing Skills
7	13 (5.49%)	Law
7	13 (5.49%)	Presentation Skills
8	12 (5.06%)	Public Sector
9	8 (3.38%)	Legal
10	6 (2.53%)	Marketing
11	4 (1.69%)	Electronics
11	4 (1.69%)	Telecoms
12	3 (1.27%)	Aerospace
12	3 (1.27%)	Documentation Skills
12	3 (1.27%)	Manufacturing
12	3 (1.27%)	Military
12	3 (1.27%)	Pharmaceutical
13	2 (0.84%)	Public Speaking

Job Titles
1	44 (18.57%)	Security Engineer
2	35 (14.77%)	Analyst
2	35 (14.77%)	Consultant
2	35 (14.77%)	Security Consultant
2	35 (14.77%)	Senior
3	31 (13.08%)	Security Analyst
4	30 (12.66%)	Tester
5	29 (12.24%)	Penetration Tester
6	23 (9.70%)	Applications Engineer
6	23 (9.70%)	Security Manager
7	17 (7.17%)	Cybersecurity Consultant
8	16 (6.75%)	IT Manager
9	14 (5.91%)	Security Specialist
10	12 (5.06%)	Cybersecurity Engineer
11	11 (4.64%)	Senior Analyst
11	11 (4.64%)	Senior Security Analyst
11	11 (4.64%)	Senior Security Engineer
12	9 (3.80%)	Digital Analyst
12	9 (3.80%)	Lead
12	9 (3.80%)	Senior Digital Analyst

Libraries, Frameworks & Software Standards
1	5 (2.11%)	JSON
2	1 (0.42%)	.NET
2	1 (0.42%)	PyTorch
2	1 (0.42%)	TensorFlow
2	1 (0.42%)	YAML

Miscellaneous
1	59 (24.89%)	Security Posture
2	29 (12.24%)	Mobile App
3	26 (10.97%)	Cyber Defence
4	24 (10.13%)	Management Information System
5	13 (5.49%)	Cyber Threat
6	8 (3.38%)	PKI
6	8 (3.38%)	Security Operations Centre
7	7 (2.95%)	Insider Threat
7	7 (2.95%)	Self-Motivation
8	6 (2.53%)	Analytical Mindset
8	6 (2.53%)	Data Centre
8	6 (2.53%)	Enterprise Software
8	6 (2.53%)	Operational Technology
9	5 (2.11%)	Cloud Native
10	4 (1.69%)	Cyber Security Posture
11	3 (1.27%)	Cyberattack
11	3 (1.27%)	Data Protection Act
11	3 (1.27%)	Linux Command Line
11	3 (1.27%)	Onboarding
11	3 (1.27%)	Renewable Energy

Operating Systems
1	20 (8.44%)	Linux
1	20 (8.44%)	Windows
2	10 (4.22%)	Android
2	10 (4.22%)	Apple iOS
3	5 (2.11%)	Windows Server
4	4 (1.69%)	Unix
5	2 (0.84%)	Kali Linux
6	1 (0.42%)	Debian
6	1 (0.42%)	Mac OS
6	1 (0.42%)	Ubuntu

Processes & Methodologies
1	122 (51.48%)	Cybersecurity
2	75 (31.65%)	Incident Response
3	67 (28.27%)	Red Team
4	63 (26.58%)	Application Security
5	49 (20.68%)	Vulnerability Management
6	47 (19.83%)	Problem-Solving
7	45 (18.99%)	Agile
7	45 (18.99%)	SIEM
8	43 (18.14%)	Offensive Security
9	42 (17.72%)	Security Testing
10	41 (17.30%)	Information Security
10	41 (17.30%)	Threat Modelling
11	40 (16.88%)	Mentoring
12	35 (14.77%)	Vulnerability Assessment
13	33 (13.92%)	Business Strategy
14	32 (13.50%)	Internal Audit
14	32 (13.50%)	Technology Transformation
15	30 (12.66%)	Vulnerability Scanning
16	29 (12.24%)	Coaching
16	29 (12.24%)	Security Operations

Programming Languages
1	68 (28.69%)	Python
2	49 (20.68%)	Bash
2	49 (20.68%)	PowerShell
3	19 (8.02%)	Go
4	9 (3.80%)	C
4	9 (3.80%)	C#
4	9 (3.80%)	C++
4	9 (3.80%)	Java
5	6 (2.53%)	SQL
6	5 (2.11%)	JavaScript
6	5 (2.11%)	Perl
7	4 (1.69%)	R
8	3 (1.27%)	Ruby
9	1 (0.42%)	Scala

Qualifications
1	80 (33.76%)	CREST Certified
2	69 (29.11%)	CISSP
3	62 (26.16%)	OSCP
4	52 (21.94%)	Degree
5	40 (16.88%)	Security Cleared
6	33 (13.92%)	CHECK Team Member
7	32 (13.50%)	SC Cleared
8	28 (11.81%)	Cisco Certification
9	27 (11.39%)	SANS
10	23 (9.70%)	CEH
10	23 (9.70%)	CHECK Team Leader
11	20 (8.44%)	CCNA
12	18 (7.59%)	CCSAM
13	17 (7.17%)	CISM
13	17 (7.17%)	GIAC
14	16 (6.75%)	CompTIA Security+
14	16 (6.75%)	DV Cleared
15	12 (5.06%)	CISA
16	11 (4.64%)	GPEN
17	10 (4.22%)	Cyber Scheme

Quality Assurance & Compliance
1	80 (33.76%)	ISO/IEC 27001
2	54 (22.78%)	NIST
3	32 (13.50%)	Accessibility
4	30 (12.66%)	Cyber Essentials
5	27 (11.39%)	GDPR
6	12 (5.06%)	Actionable Recommendations
7	9 (3.80%)	GRC
7	9 (3.80%)	NCSC
8	7 (2.95%)	Cyber Essentials PLUS
8	7 (2.95%)	PCI DSS
9	4 (1.69%)	NIST 800
9	4 (1.69%)	QA
10	3 (1.27%)	COBIT
10	3 (1.27%)	GxP
10	3 (1.27%)	ITGC
10	3 (1.27%)	RMADS
11	2 (0.84%)	ISO/IEC 27005
12	1 (0.42%)	Data Quality
12	1 (0.42%)	HIPAA
12	1 (0.42%)	ISO/IEC 42001

System Software
1	16 (6.75%)	Active Directory
2	12 (5.06%)	Virtual Machines
3	7 (2.95%)	VMware ESXi
4	6 (2.53%)	VMware Infrastructure
5	2 (0.84%)	Docker
5	2 (0.84%)	Hyper-V
5	2 (0.84%)	vSphere
6	1 (0.42%)	EMC RecoverPoint
6	1 (0.42%)	Virtual Desktop

Systems Management
1	24 (10.13%)	Nessus
2	19 (8.02%)	Nmap
3	10 (4.22%)	Kubernetes
4	8 (3.38%)	Microsoft Intune
5	5 (2.11%)	QRadar
6	4 (1.69%)	Single Sign-On
6	4 (1.69%)	Terraform
7	3 (1.27%)	ArcSight ESM
7	3 (1.27%)	CSIRT
7	3 (1.27%)	FortiGate
7	3 (1.27%)	Proxmox
8	1 (0.42%)	Ansible
8	1 (0.42%)	CASB
8	1 (0.42%)	Progress Chef
8	1 (0.42%)	VxRail

Vendors
1	57 (24.05%)	Microsoft
2	12 (5.06%)	Cisco
2	12 (5.06%)	ServiceNow
2	12 (5.06%)	Tenable
3	9 (3.80%)	VMware
4	8 (3.38%)	Splunk
5	4 (1.69%)	CheckPoint
5	4 (1.69%)	CrowdStrike
5	4 (1.69%)	Oracle
5	4 (1.69%)	Qualys
5	4 (1.69%)	Zscaler
6	3 (1.27%)	ArcSight
6	3 (1.27%)	Dell
6	3 (1.27%)	IBM
6	3 (1.27%)	LogLogic
6	3 (1.27%)	McAfee
6	3 (1.27%)	Sophos
6	3 (1.27%)	Veeam
7	2 (0.84%)	Fortinet
7	2 (0.84%)	SonicWALL

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category