Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 3 January 2026, with comparisons to the same periods in the previous two years.

	6 months to 3 Jan 2026	Same period 2025	Same period 2024
Rank	459	379	366
Rank change year-on-year	-80	-13	+161
Permanent jobs citing Penetration Testing	186	359	393
As % of all permanent jobs in the UK	0.31%	0.66%	0.75%
As % of the Processes & Methodologies category	0.38%	0.73%	0.82%
Number of salaries quoted	152	203	318
10^th Percentile	£48,165	£45,000	£43,549
25^th Percentile	£55,000	£55,625	£52,500
Median annual salary (50^th Percentile)	£70,000	£65,000	£65,000
Median % change year-on-year	+7.69%	-	-5.80%
75^th Percentile	£90,000	£88,750	£82,500
90^th Percentile	-	£100,000	£89,125
UK excluding London median annual salary	£62,500	£61,250	£60,000
% change year-on-year	+2.04%	+2.08%	-7.69%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	48,372	49,297	47,661
As % of all permanent jobs advertised in the UK	81.70%	90.05%	91.50%
Number of salaries quoted	28,344	24,288	36,441
10^th Percentile	£28,500	£35,000	£31,500
25^th Percentile	£36,750	£45,000	£42,500
Median annual salary (50^th Percentile)	£55,000	£60,000	£60,000
Median % change year-on-year	-8.33%	-	-4.00%
75^th Percentile	£75,000	£80,000	£80,000
90^th Percentile	£95,000	£100,000	£97,500
UK excluding London median annual salary	£50,000	£55,000	£52,500
% change year-on-year	-9.09%	+4.76%	-4.55%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 3 January 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 3 January 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-54	167	£70,000	+7.69%	88
UK excluding London	-33	96	£62,500	+2.04%	64
London	-4	73	£76,000	+4.83%	32
Work from Home	+11	69	£60,000	-7.69%	44
South West	+29	33	£80,000	+25.00%	16
Midlands	+11	25	£52,750	-8.26%	9
South East	-22	20	£60,000	-	18
West Midlands	+17	14	£59,000	-9.23%	6
East Midlands	-4	11	£51,058	-11.20%	3
North of England	-2	10	£55,000	-3.30%	16
Scotland	-26	8	£90,000	+21.21%	3
Yorkshire	-4	6	£54,250	+3.33%	6
North West	+8	4	£55,000	-12.00%	9
East of England	+20	1	£85,000	+198.25%	3

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 3 January 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	93 (50.00%)	Cybersecurity
2	71 (38.17%)	ISO/IEC 27001
3	65 (34.95%)	Incident Response
4	61 (32.80%)	Python
5	57 (30.65%)	Azure
5	57 (30.65%)	CISSP
6	53 (28.49%)	Microsoft
7	52 (27.96%)	NIST
8	48 (25.81%)	SIEM
9	43 (23.12%)	Vulnerability Management
10	42 (22.58%)	Degree
10	42 (22.58%)	Red Team
11	40 (21.51%)	CREST Certified
12	39 (20.97%)	Bash
12	39 (20.97%)	Information Security

12	39 (20.97%)	Security Cleared
13	38 (20.43%)	PowerShell
14	36 (19.35%)	Problem-Solving
15	35 (18.82%)	Application Security
15	35 (18.82%)	Firewall
16	33 (17.74%)	SC Cleared
17	32 (17.20%)	AWS
17	32 (17.20%)	Security Operations
18	31 (16.67%)	Vulnerability Scanning
19	30 (16.13%)	Vulnerability Assessment
20	29 (15.59%)	Cisco Certification
20	29 (15.59%)	OSCP
21	28 (15.05%)	Threat Modelling
22	27 (14.52%)	Cyber Essentials
22	27 (14.52%)	DevOps

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	6 (3.23%)	Microsoft Exchange
2	3 (1.61%)	SharePoint
3	1 (0.54%)	Confluence

Applications
1	7 (3.76%)	Microsoft Excel
1	7 (3.76%)	Microsoft Office
2	2 (1.08%)	Weka
3	1 (0.54%)	GNU Octave

Cloud Services
1	57 (30.65%)	Azure
2	32 (17.20%)	AWS
3	16 (8.60%)	GitHub
4	15 (8.06%)	Azure Sentinel
5	14 (7.53%)	Slack
6	12 (6.45%)	Entra ID
6	12 (6.45%)	GitHub Actions
6	12 (6.45%)	Microsoft 365
7	11 (5.91%)	Microsoft Purview
8	10 (5.38%)	Power Platform
9	9 (4.84%)	GCP
10	3 (1.61%)	IBM Cloud
10	3 (1.61%)	Mimecast
11	2 (1.08%)	Rubrik
11	2 (1.08%)	SaaS
11	2 (1.08%)	SecurityScorecard
12	1 (0.54%)	Azure Key Vault
12	1 (0.54%)	Cloud Computing
12	1 (0.54%)	Power Automate
12	1 (0.54%)	Tessian

Communications & Networking
1	35 (18.82%)	Firewall
2	26 (13.98%)	Network Security
3	22 (11.83%)	TCP/IP
4	13 (6.99%)	VPN
5	9 (4.84%)	Wireshark
6	8 (4.30%)	Wireless
7	7 (3.76%)	Intrusion Detection
7	7 (3.76%)	Wi-Fi
8	5 (2.69%)	HTTP
8	5 (2.69%)	VLAN
9	4 (2.15%)	DNS
9	4 (2.15%)	Ethernet
10	3 (1.61%)	Cisco ISE
10	3 (1.61%)	Internet
10	3 (1.61%)	Modbus
11	2 (1.08%)	BGP
11	2 (1.08%)	Cisco Nexus
11	2 (1.08%)	ICMP
11	2 (1.08%)	OSPF
11	2 (1.08%)	WAN

Database & Business Intelligence
1	10 (5.38%)	Power BI
2	7 (3.76%)	Tableau
3	2 (1.08%)	SQL Server
4	1 (0.54%)	Elasticsearch

Development Applications
1	22 (11.83%)	Burp Suite
1	22 (11.83%)	Metasploit
2	16 (8.60%)	JIRA
3	12 (6.45%)	Jenkins
4	2 (1.08%)	IDA Disassembler
5	1 (0.54%)	Git
5	1 (0.54%)	GitLab

General
1	71 (38.17%)	Social Skills
2	40 (21.51%)	Finance
3	20 (10.75%)	Analytical Skills
4	17 (9.14%)	Influencing Skills
5	16 (8.60%)	Inclusion and Diversity
6	15 (8.06%)	Presentation Skills
7	11 (5.91%)	Public Sector
8	10 (5.38%)	Retail
9	9 (4.84%)	Banking
10	6 (3.23%)	Law
11	4 (2.15%)	Documentation Skills
11	4 (2.15%)	Electronics
11	4 (2.15%)	Legal
11	4 (2.15%)	Marketing
12	3 (1.61%)	Manufacturing
12	3 (1.61%)	Military
13	2 (1.08%)	Aerospace
13	2 (1.08%)	Pharmaceutical
13	2 (1.08%)	Public Speaking
13	2 (1.08%)	Telecoms

Job Titles
1	47 (25.27%)	Security Engineer
2	30 (16.13%)	Analyst
3	26 (13.98%)	Security Analyst
4	24 (12.90%)	Senior
5	21 (11.29%)	Tester
6	20 (10.75%)	Penetration Tester
7	18 (9.68%)	Consultant
7	18 (9.68%)	Security Consultant
8	17 (9.14%)	Cybersecurity Engineer
9	15 (8.06%)	Applications Engineer
9	15 (8.06%)	IT Manager
9	15 (8.06%)	Senior Security Engineer
10	11 (5.91%)	Cybersecurity Consultant
11	10 (5.38%)	Security Manager
12	9 (4.84%)	Lead
12	9 (4.84%)	Security Specialist
13	8 (4.30%)	Auditor
13	8 (4.30%)	Information Analyst
13	8 (4.30%)	Information Security Analyst
13	8 (4.30%)	IT Auditor

Libraries, Frameworks & Software Standards
1	5 (2.69%)	JSON
2	1 (0.54%)	Elastic Stack
2	1 (0.54%)	PyTorch
2	1 (0.54%)	TensorFlow
2	1 (0.54%)	YAML

Miscellaneous
1	30 (16.13%)	Security Posture
2	24 (12.90%)	Management Information System
3	14 (7.53%)	Cyber Threat
4	12 (6.45%)	Cyber Defence
5	11 (5.91%)	Security Operations Centre
6	9 (4.84%)	Mobile App
7	8 (4.30%)	Operational Technology
7	8 (4.30%)	Self-Motivation
8	7 (3.76%)	Analytical Mindset
8	7 (3.76%)	PKI
9	6 (3.23%)	Cyber Kill Chain
9	6 (3.23%)	Insider Threat
10	5 (2.69%)	Cloud Native
10	5 (2.69%)	Enterprise Software
10	5 (2.69%)	SCADA
11	4 (2.15%)	Linux Command Line
12	3 (1.61%)	Cyber Security Posture
12	3 (1.61%)	Data Protection Act
12	3 (1.61%)	Onboarding
12	3 (1.61%)	Renewable Energy

Operating Systems
1	26 (13.98%)	Linux
2	24 (12.90%)	Windows
3	7 (3.76%)	Unix
4	6 (3.23%)	Windows Server
5	4 (2.15%)	Android
5	4 (2.15%)	Apple iOS
5	4 (2.15%)	Kali Linux
6	1 (0.54%)	Debian
6	1 (0.54%)	Ubuntu
6	1 (0.54%)	Windows 10
6	1 (0.54%)	Windows Server 2016
6	1 (0.54%)	Windows Server 2019

Processes & Methodologies
1	93 (50.00%)	Cybersecurity
2	65 (34.95%)	Incident Response
3	48 (25.81%)	SIEM
4	43 (23.12%)	Vulnerability Management
5	42 (22.58%)	Red Team
6	39 (20.97%)	Information Security
7	36 (19.35%)	Problem-Solving
8	35 (18.82%)	Application Security
9	32 (17.20%)	Security Operations
10	31 (16.67%)	Vulnerability Scanning
11	30 (16.13%)	Vulnerability Assessment
12	28 (15.05%)	Threat Modelling
13	27 (14.52%)	DevOps
13	27 (14.52%)	Security Testing
14	26 (13.98%)	Technology Transformation
15	25 (13.44%)	Vulnerability Remediation
16	22 (11.83%)	Cloud Security
16	22 (11.83%)	ITIL
17	21 (11.29%)	CI/CD
17	21 (11.29%)	SDLC

Programming Languages
1	61 (32.80%)	Python
2	39 (20.97%)	Bash
3	38 (20.43%)	PowerShell
4	16 (8.60%)	Go
5	10 (5.38%)	SQL
6	7 (3.76%)	C
6	7 (3.76%)	C++
6	7 (3.76%)	R
7	6 (3.23%)	C#
7	6 (3.23%)	Perl
8	5 (2.69%)	JavaScript
9	3 (1.61%)	Java
10	2 (1.08%)	Ruby
11	1 (0.54%)	Kusto Query Language
11	1 (0.54%)	Scala

Qualifications
1	57 (30.65%)	CISSP
2	42 (22.58%)	Degree
3	40 (21.51%)	CREST Certified
4	39 (20.97%)	Security Cleared
5	33 (17.74%)	SC Cleared
6	29 (15.59%)	Cisco Certification
6	29 (15.59%)	OSCP
7	22 (11.83%)	SANS
8	20 (10.75%)	CCNA
9	18 (9.68%)	CompTIA Security+
10	17 (9.14%)	CHECK Team Member
10	17 (9.14%)	GIAC
11	13 (6.99%)	CEH
11	13 (6.99%)	DV Cleared
12	12 (6.45%)	CISA
12	12 (6.45%)	GCIA
12	12 (6.45%)	GCIH
13	11 (5.91%)	CCNP
14	9 (4.84%)	MCP
14	9 (4.84%)	Microsoft Certification

Quality Assurance & Compliance
1	71 (38.17%)	ISO/IEC 27001
2	52 (27.96%)	NIST
3	27 (14.52%)	Cyber Essentials
4	26 (13.98%)	Accessibility
5	14 (7.53%)	GDPR
6	6 (3.23%)	Actionable Recommendations
6	6 (3.23%)	GRC
6	6 (3.23%)	NCSC
7	5 (2.69%)	NIST 800
8	4 (2.15%)	QA
9	3 (1.61%)	ITGC
9	3 (1.61%)	PCI DSS
9	3 (1.61%)	RMADS
10	2 (1.08%)	Cyber Essentials PLUS
10	2 (1.08%)	GxP
10	2 (1.08%)	ISO/IEC 27005
11	1 (0.54%)	COBIT
11	1 (0.54%)	ISO/IEC 42001
11	1 (0.54%)	Sarbanes-Oxley
11	1 (0.54%)	SOC 2

System Software
1	14 (7.53%)	Virtual Machines
2	9 (4.84%)	Active Directory
3	6 (3.23%)	VMware Infrastructure
4	4 (2.15%)	VMware ESXi
5	3 (1.61%)	Hyper-V
6	2 (1.08%)	Docker
6	2 (1.08%)	EMC RecoverPoint
6	2 (1.08%)	Firmware
6	2 (1.08%)	pfSense
6	2 (1.08%)	Squid
6	2 (1.08%)	vSphere

Systems Management
1	19 (10.22%)	Nmap
2	17 (9.14%)	Nessus
3	8 (4.30%)	QRadar
4	5 (2.69%)	Kubernetes
4	5 (2.69%)	Single Sign-On
5	4 (2.15%)	Microsoft Intune
6	3 (1.61%)	ArcSight ESM
6	3 (1.61%)	Proxmox
7	2 (1.08%)	Cisco CUCM
7	2 (1.08%)	CSIRT
7	2 (1.08%)	Terraform
7	2 (1.08%)	VxRail
8	1 (0.54%)	Ansible
8	1 (0.54%)	CASB
8	1 (0.54%)	Kibana
8	1 (0.54%)	Progress Chef
8	1 (0.54%)	SCCM

Vendors
1	53 (28.49%)	Microsoft
2	15 (8.06%)	Cisco
2	15 (8.06%)	Tenable
3	14 (7.53%)	ServiceNow
4	11 (5.91%)	Splunk
5	8 (4.30%)	VMware
6	7 (3.76%)	Oracle
7	5 (2.69%)	Fortinet
7	5 (2.69%)	Palo Alto
8	4 (2.15%)	CheckPoint
8	4 (2.15%)	Qualys
8	4 (2.15%)	Zscaler
9	3 (1.61%)	ArcSight
9	3 (1.61%)	CyberArk
9	3 (1.61%)	IBM
9	3 (1.61%)	LogLogic
9	3 (1.61%)	LogRhythm
9	3 (1.61%)	McAfee
10	2 (1.08%)	LogicMonitor
10	2 (1.08%)	Okta

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 14 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category