Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 18 April 2026, with comparisons to the same periods in the previous two years.

	6 months to 18 Apr 2026	Same period 2025	Same period 2024
Rank	438	392	425
Rank change year-on-year	-46	+33	+55
Permanent jobs citing Penetration Testing	288	258	539
As % of all permanent jobs in the UK	0.33%	0.62%	0.57%
As % of the Processes & Methodologies category	0.44%	0.67%	0.66%
Number of salaries quoted	199	202	423
10^th Percentile	£44,600	£45,000	£38,750
25^th Percentile	£50,000	£58,750	£47,500
Median annual salary (50^th Percentile)	£65,000	£67,500	£62,500
Median % change year-on-year	-3.70%	+8.00%	-9.68%
75^th Percentile	£89,500	£85,000	£82,500
90^th Percentile	£97,500	£97,500	£95,000
UK excluding London median annual salary	£65,000	£67,500	£55,000
% change year-on-year	-3.70%	+22.73%	-4.35%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	65,329	38,670	81,283
As % of all permanent jobs advertised in the UK	75.37%	92.92%	85.97%
Number of salaries quoted	40,301	22,594	59,579
10^th Percentile	£30,000	£31,250	£29,000
25^th Percentile	£40,000	£42,500	£40,000
Median annual salary (50^th Percentile)	£57,500	£60,000	£55,000
Median % change year-on-year	-4.17%	+9.09%	-10.51%
75^th Percentile	£77,500	£80,000	£72,500
90^th Percentile	£97,500	£102,500	£92,500
UK excluding London median annual salary	£50,000	£52,600	£50,000
% change year-on-year	-4.94%	+5.20%	-8.41%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 18 April 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 18 April 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-59	250	£65,000	-3.70%	86
UK excluding London	-47	148	£65,000	-3.70%	61
London	-10	106	£78,750	+8.62%	41
Work from Home	+8	98	£60,000	-15.79%	44
South West	-5	53	£55,000	-18.52%	20
South East	-56	29	£72,500	+16.00%	20
North of England	-59	26	£58,000	-2.11%	6
Midlands	-40	25	£52,500	-22.22%	5
West Midlands	-33	16	£65,000	-3.70%	5
Yorkshire	-55	14	£55,000	+7.32%	2
Scotland	-19	13	£90,000	+21.21%	5
East Midlands	-43	9	£51,058	+27.65%
North West	-37	7	£56,000	-8.20%	3
North East	-28	5	£75,000	+12.36%	1
East of England	-32	3	£35,000	-	2

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 18 April 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	175 (60.76%)	Cybersecurity
2	102 (35.42%)	CREST Certified
3	90 (31.25%)	ISO/IEC 27001
4	85 (29.51%)	Incident Response
4	85 (29.51%)	Red Team
5	74 (25.69%)	OSCP
6	73 (25.35%)	CISSP
7	66 (22.92%)	Azure
8	65 (22.57%)	Application Security
9	63 (21.88%)	AWS
9	63 (21.88%)	Information Security
10	59 (20.49%)	Microsoft
11	57 (19.79%)	Security Testing
12	56 (19.44%)	Mentoring
12	56 (19.44%)	Security Cleared

13	55 (19.10%)	Offensive Security
14	54 (18.75%)	Python
15	53 (18.40%)	SIEM
16	50 (17.36%)	NIST
17	49 (17.01%)	Firewall
18	48 (16.67%)	Degree
18	48 (16.67%)	Problem-Solving
18	48 (16.67%)	Vulnerability Management
19	47 (16.32%)	PowerShell
20	46 (15.97%)	SC Cleared
21	45 (15.63%)	Agile
22	44 (15.28%)	GDPR
23	41 (14.24%)	Bash
24	39 (13.54%)	Cloud Security
24	39 (13.54%)	Threat Modelling

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	4 (1.39%)	SharePoint
2	3 (1.04%)	Confluence
2	3 (1.04%)	IIS
2	3 (1.04%)	Microsoft Exchange
3	1 (0.35%)	Apache
3	1 (0.35%)	Drupal
3	1 (0.35%)	nginx
3	1 (0.35%)	WordPress

Applications
1	2 (0.69%)	Weka

Business Applications
1	1 (0.35%)	Exchequer
1	1 (0.35%)	Magento

Cloud Services
1	66 (22.92%)	Azure
2	63 (21.88%)	AWS
3	22 (7.64%)	GCP
4	19 (6.60%)	GitHub
5	17 (5.90%)	Microsoft 365
6	15 (5.21%)	GitHub Actions
7	12 (4.17%)	Azure Sentinel
8	11 (3.82%)	Entra ID
9	9 (3.13%)	Microsoft Purview
10	7 (2.43%)	SaaS
11	4 (1.39%)	Amazon EKS
11	4 (1.39%)	AWS CloudFormation
11	4 (1.39%)	Azure DevOps
11	4 (1.39%)	Azure Key Vault
11	4 (1.39%)	Mimecast
12	3 (1.04%)	IaaS
12	3 (1.04%)	PaaS
13	2 (0.69%)	Cloudflare
13	2 (0.69%)	Dynamics 365
13	2 (0.69%)	Figma

Communications & Networking
1	49 (17.01%)	Firewall
2	28 (9.72%)	Network Security
3	21 (7.29%)	TCP/IP
4	20 (6.94%)	Wireless
5	18 (6.25%)	VPN
6	13 (4.51%)	DNS
7	9 (3.13%)	Intrusion Detection
8	8 (2.78%)	VLAN
9	7 (2.43%)	Cisco ISE
10	6 (2.08%)	Internet
11	4 (1.39%)	Cisco Nexus
11	4 (1.39%)	HTTPS
12	3 (1.04%)	DHCP
12	3 (1.04%)	DMZ
12	3 (1.04%)	HTTP
12	3 (1.04%)	LAN
12	3 (1.04%)	Modbus
12	3 (1.04%)	SSL
12	3 (1.04%)	VoIP
12	3 (1.04%)	WAN

Database & Business Intelligence
1	3 (1.04%)	Amazon RDS
1	3 (1.04%)	SQL Server
2	2 (0.69%)	Power BI
3	1 (0.35%)	InterSystems Cache
3	1 (0.35%)	MongoDB
3	1 (0.35%)	Redis

Development Applications
1	28 (9.72%)	Burp Suite
1	28 (9.72%)	Metasploit
2	14 (4.86%)	Jenkins
3	7 (2.43%)	JIRA
4	6 (2.08%)	Bitbucket
5	2 (0.69%)	Git
5	2 (0.69%)	NUnit
6	1 (0.35%)	Gatling
6	1 (0.35%)	IDA Disassembler
6	1 (0.35%)	JMeter
6	1 (0.35%)	Vagrant

General
1	86 (29.86%)	Finance
2	85 (29.51%)	Social Skills
3	33 (11.46%)	Public Sector
4	26 (9.03%)	Inclusion and Diversity
5	24 (8.33%)	Banking
6	22 (7.64%)	Law
7	20 (6.94%)	Retail
8	17 (5.90%)	Analytical Skills
9	9 (3.13%)	Legal
9	9 (3.13%)	Pharmaceutical
10	7 (2.43%)	Marketing
11	5 (1.74%)	Influencing Skills
12	4 (1.39%)	Financial Institution
12	4 (1.39%)	Telecoms
13	3 (1.04%)	Aerospace
13	3 (1.04%)	Back Office
13	3 (1.04%)	Manufacturing
13	3 (1.04%)	Military
14	2 (0.69%)	Public Speaking
14	2 (0.69%)	Social Housing

Job Titles
1	50 (17.36%)	Consultant
2	45 (15.63%)	Security Consultant
3	42 (14.58%)	Tester
4	41 (14.24%)	Penetration Tester
5	38 (13.19%)	Analyst
5	38 (13.19%)	Senior
6	31 (10.76%)	Security Analyst
7	28 (9.72%)	Security Engineer
8	26 (9.03%)	Cybersecurity Consultant
9	25 (8.68%)	Lead
9	25 (8.68%)	Security Manager
10	17 (5.90%)	Security Specialist
11	16 (5.56%)	Applications Engineer
12	15 (5.21%)	Senior Analyst
12	15 (5.21%)	Senior Security Analyst
13	14 (4.86%)	Team Leader
14	12 (4.17%)	Test Team Leader
15	11 (3.82%)	Information Analyst
15	11 (3.82%)	Information Security Analyst
16	10 (3.47%)	Head of Security

Libraries, Frameworks & Software Standards
1	4 (1.39%)	.NET
2	3 (1.04%)	.NET Framework
3	2 (0.69%)	AngularJS
3	2 (0.69%)	ASP.NET
3	2 (0.69%)	ASP.NET Core
3	2 (0.69%)	Entity Framework
3	2 (0.69%)	OAuth
3	2 (0.69%)	OAuth2
3	2 (0.69%)	OpenAPI
3	2 (0.69%)	OpenID
3	2 (0.69%)	RESTful
3	2 (0.69%)	RxJS
3	2 (0.69%)	Swagger
3	2 (0.69%)	Vitest
4	1 (0.35%)	ARM Templates
4	1 (0.35%)	LDAP
4	1 (0.35%)	Memcached

Miscellaneous
1	67 (23.26%)	Security Posture
2	33 (11.46%)	Mobile App
3	25 (8.68%)	Cyber Defence
4	23 (7.99%)	Cyber Threat
5	20 (6.94%)	Management Information System
6	9 (3.13%)	Self-Motivation
7	8 (2.78%)	Blog
7	8 (2.78%)	Operational Technology
8	7 (2.43%)	Data Centre
9	6 (2.08%)	Cloud Native
9	6 (2.08%)	Insider Threat
9	6 (2.08%)	PKI
10	5 (1.74%)	Cyber Security Posture
10	5 (1.74%)	Enterprise Software
10	5 (1.74%)	Public Cloud
10	5 (1.74%)	Security Operations Centre
11	4 (1.39%)	Cyberattack
11	4 (1.39%)	Data Protection Act
12	3 (1.04%)	Renewable Energy
12	3 (1.04%)	SCADA

Operating Systems
1	33 (11.46%)	Linux
1	33 (11.46%)	Windows
2	13 (4.51%)	Android
2	13 (4.51%)	Apple iOS
3	4 (1.39%)	Unix
3	4 (1.39%)	Windows Server
4	2 (0.69%)	Windows Server 2016
5	1 (0.35%)	Kali Linux
5	1 (0.35%)	Mac OS
5	1 (0.35%)	Red Hat Enterprise Linux

Processes & Methodologies
1	175 (60.76%)	Cybersecurity
2	85 (29.51%)	Incident Response
2	85 (29.51%)	Red Team
3	65 (22.57%)	Application Security
4	63 (21.88%)	Information Security
5	57 (19.79%)	Security Testing
6	56 (19.44%)	Mentoring
7	55 (19.10%)	Offensive Security
8	53 (18.40%)	SIEM
9	48 (16.67%)	Problem-Solving
9	48 (16.67%)	Vulnerability Management
10	45 (15.63%)	Agile
11	39 (13.54%)	Cloud Security
11	39 (13.54%)	Threat Modelling
12	35 (12.15%)	Security Operations
13	31 (10.76%)	Business Strategy
14	30 (10.42%)	Vulnerability Assessment
15	29 (10.07%)	Business Transformation
15	29 (10.07%)	Coaching
15	29 (10.07%)	Internal Audit

Programming Languages
1	54 (18.75%)	Python
2	47 (16.32%)	PowerShell
3	41 (14.24%)	Bash
4	15 (5.21%)	Java
5	14 (4.86%)	Go
6	8 (2.78%)	C#
6	8 (2.78%)	Perl
7	7 (2.43%)	C
7	7 (2.43%)	C++
8	6 (2.08%)	Ruby
8	6 (2.08%)	SQL
9	4 (1.39%)	Bicep
10	3 (1.04%)	Objective-C
10	3 (1.04%)	Rust
11	2 (0.69%)	Kusto Query Language
11	2 (0.69%)	TypeScript
12	1 (0.35%)	PHP

Qualifications
1	102 (35.42%)	CREST Certified
2	74 (25.69%)	OSCP
3	73 (25.35%)	CISSP
4	56 (19.44%)	Security Cleared
5	48 (16.67%)	Degree
6	46 (15.97%)	SC Cleared
7	37 (12.85%)	CHECK Team Member
8	32 (11.11%)	CISM
9	30 (10.42%)	CEH
10	29 (10.07%)	Cisco Certification
11	27 (9.38%)	CHECK Team Leader
12	21 (7.29%)	CCSAM
13	20 (6.94%)	CCNA
14	18 (6.25%)	CompTIA Security+
14	18 (6.25%)	SANS
15	16 (5.56%)	GIAC
16	15 (5.21%)	DV Cleared
17	13 (4.51%)	CCNP
17	13 (4.51%)	GPEN
18	11 (3.82%)	Cyber Scheme

Quality Assurance & Compliance
1	90 (31.25%)	ISO/IEC 27001
2	50 (17.36%)	NIST
3	44 (15.28%)	GDPR
4	32 (11.11%)	Cyber Essentials
5	19 (6.60%)	PCI DSS
6	18 (6.25%)	Actionable Recommendations
7	16 (5.56%)	Accessibility
8	13 (4.51%)	NCSC
9	11 (3.82%)	Cyber Essentials PLUS
9	11 (3.82%)	GRC
10	7 (2.43%)	SOC 2
11	4 (1.39%)	ITGC
12	3 (1.04%)	COBIT
12	3 (1.04%)	Data Quality
12	3 (1.04%)	GxP
12	3 (1.04%)	NIST 800
12	3 (1.04%)	QA
12	3 (1.04%)	RMADS
12	3 (1.04%)	Sarbanes-Oxley
13	2 (0.69%)	ISO/IEC 27005

System Software
1	25 (8.68%)	Active Directory
2	7 (2.43%)	VMware Infrastructure
3	3 (1.04%)	Docker
3	3 (1.04%)	VMware ESXi
4	2 (0.69%)	EMC RecoverPoint
4	2 (0.69%)	Hyper-V
4	2 (0.69%)	Virtual Machines
4	2 (0.69%)	vSphere
5	1 (0.35%)	Virtual Desktop

Systems Management
1	21 (7.29%)	Nessus
2	18 (6.25%)	Nmap
3	15 (5.21%)	Kubernetes
4	8 (2.78%)	Microsoft Intune
4	8 (2.78%)	Terraform
5	5 (1.74%)	Ansible
5	5 (1.74%)	CSIRT
5	5 (1.74%)	Single Sign-On
6	3 (1.04%)	ArcSight ESM
6	3 (1.04%)	FortiGate
6	3 (1.04%)	QRadar
7	2 (0.69%)	Jamf Pro
7	2 (0.69%)	VxRail
8	1 (0.35%)	CASB
8	1 (0.35%)	Consul
8	1 (0.35%)	Packer
8	1 (0.35%)	Progress Chef
8	1 (0.35%)	Puppet
8	1 (0.35%)	Red Hat Satellite

Vendors
1	59 (20.49%)	Microsoft
2	14 (4.86%)	Splunk
3	13 (4.51%)	Cisco
4	10 (3.47%)	Sophos
4	10 (3.47%)	VMware
5	9 (3.13%)	Zscaler
6	7 (2.43%)	CheckPoint
6	7 (2.43%)	Fortinet
7	5 (1.74%)	CrowdStrike
7	5 (1.74%)	Qualys
7	5 (1.74%)	TOWER Software
8	4 (1.39%)	Okta
9	3 (1.04%)	ArcSight
9	3 (1.04%)	CyberArk
9	3 (1.04%)	Dell
9	3 (1.04%)	LogLogic
9	3 (1.04%)	McAfee
9	3 (1.04%)	Palo Alto
9	3 (1.04%)	Veeam
10	2 (0.69%)	DevExpress

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category