Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 21 November 2025, with comparisons to the same periods in the previous two years.

	6 months to 21 Nov 2025	Same period 2024	Same period 2023
Rank	484	421	395
Rank change year-on-year	-63	-26	+138
Permanent jobs citing Penetration Testing	182	363	361
As % of all permanent jobs in the UK	0.34%	0.54%	0.69%
As % of the Processes & Methodologies category	0.40%	0.64%	0.74%
Number of salaries quoted	159	202	320
10^th Percentile	£47,750	£47,500	£42,500
25^th Percentile	£52,375	£56,250	£52,500
Median annual salary (50^th Percentile)	£70,000	£65,000	£64,451
Median % change year-on-year	+7.69%	+0.85%	-6.86%
75^th Percentile	£86,375	£87,500	£78,750
90^th Percentile	£90,000	£100,000	£90,000
UK excluding London median annual salary	£62,500	£61,250	£60,000
% change year-on-year	+2.04%	+2.08%	-7.69%

All Process and Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	45,592	56,393	48,809
As % of all permanent jobs advertised in the UK	85.45%	83.65%	93.81%
Number of salaries quoted	27,617	29,299	37,445
10^th Percentile	£28,250	£34,404	£32,500
25^th Percentile	£36,250	£45,000	£43,750
Median annual salary (50^th Percentile)	£55,000	£60,000	£60,000
Median % change year-on-year	-8.33%	-	-
75^th Percentile	£75,000	£80,000	£80,000
90^th Percentile	£95,000	£97,500	£98,750
UK excluding London median annual salary	£47,500	£55,000	£52,500
% change year-on-year	-13.64%	+4.76%	-

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 21 November 2025.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 21 November 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-14	164	£65,000	-	181
UK excluding London	-26	87	£62,500	+2.04%	123
London	-13	78	£75,000	-	70
Work from Home	+14	65	£65,000	-	112
South West	+33	25	£80,000	+25.00%	24
South East	+27	23	£57,500	-4.17%	32
Midlands	+39	19	£52,750	-8.26%	25
West Midlands	+28	12	£53,000	-9.79%	23
North of England	+12	12	£56,250	-6.25%	27
Yorkshire	+14	9	£55,000	+4.76%	4
East Midlands	+32	7	£51,058	-11.20%	2
Scotland	-22	6	£90,000	+20.00%	7
North West	+13	3	£65,000	+4.00%	19
Northern Ireland	+8	2	£70,000	+16.67%	2
East of England	+24	1	£85,000	+198.25%	7

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 21 November 2025, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	99 (54.40%)	Cybersecurity
2	72 (39.56%)	ISO/IEC 27001
3	69 (37.91%)	Incident Response
4	63 (34.62%)	Python
5	57 (31.32%)	Azure
6	55 (30.22%)	Microsoft
7	54 (29.67%)	NIST
7	54 (29.67%)	SIEM
8	52 (28.57%)	Firewall
9	48 (26.37%)	Vulnerability Management
10	46 (25.27%)	CISSP
11	43 (23.63%)	PowerShell
12	41 (22.53%)	Degree
13	40 (21.98%)	Bash
14	39 (21.43%)	Vulnerability Assessment

15	35 (19.23%)	Security Cleared
16	34 (18.68%)	Information Security
16	34 (18.68%)	Network Security
16	34 (18.68%)	Security Operations
17	33 (18.13%)	Vulnerability Scanning
18	32 (17.58%)	DevOps
19	30 (16.48%)	Cyber Essentials
19	30 (16.48%)	Problem-Solving
19	30 (16.48%)	Windows
20	29 (15.93%)	SC Cleared
21	28 (15.38%)	Application Security
21	28 (15.38%)	CREST Certified
21	28 (15.38%)	Linux
21	28 (15.38%)	Threat Modelling
22	27 (14.84%)	Accessibility

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	6 (3.30%)	Microsoft Exchange
2	3 (1.65%)	SharePoint
3	1 (0.55%)	Confluence

Applications
1	7 (3.85%)	Microsoft Excel
1	7 (3.85%)	Microsoft Office
2	1 (0.55%)	GNU Octave

Cloud Services
1	57 (31.32%)	Azure
2	27 (14.84%)	AWS
3	17 (9.34%)	Entra ID
4	16 (8.79%)	GitHub
5	15 (8.24%)	Slack
6	13 (7.14%)	Azure Sentinel
6	13 (7.14%)	Microsoft 365
7	12 (6.59%)	GitHub Actions
8	11 (6.04%)	Microsoft Purview
9	10 (5.49%)	Power Platform
10	7 (3.85%)	GCP
11	4 (2.20%)	Azure Key Vault
12	3 (1.65%)	Azure DevOps
12	3 (1.65%)	Azure Logic Apps
12	3 (1.65%)	IBM Cloud
12	3 (1.65%)	Mimecast
12	3 (1.65%)	PaaS
12	3 (1.65%)	SaaS
13	2 (1.10%)	Azure Stack
13	2 (1.10%)	SecurityScorecard

Communications & Networking
1	52 (28.57%)	Firewall
2	34 (18.68%)	Network Security
3	19 (10.44%)	TCP/IP
4	13 (7.14%)	VPN
5	10 (5.49%)	Intrusion Detection
6	8 (4.40%)	Wi-Fi
6	8 (4.40%)	Wireshark
7	7 (3.85%)	Wireless
8	6 (3.30%)	VLAN
9	5 (2.75%)	HTTP
10	4 (2.20%)	BGP
10	4 (2.20%)	DNS
10	4 (2.20%)	Ethernet
10	4 (2.20%)	OSPF
11	3 (1.65%)	Cisco ISE
11	3 (1.65%)	Modbus
11	3 (1.65%)	Spanning Tree
12	2 (1.10%)	Cisco Nexus
12	2 (1.10%)	ICMP
12	2 (1.10%)	SSH

Database & Business Intelligence
1	10 (5.49%)	Power BI
2	7 (3.85%)	Tableau
3	2 (1.10%)	SQL Server
4	1 (0.55%)	Elasticsearch

Development Applications
1	19 (10.44%)	JIRA
2	18 (9.89%)	Burp Suite
3	17 (9.34%)	Metasploit
4	12 (6.59%)	Jenkins
5	3 (1.65%)	Git
6	2 (1.10%)	IDA Disassembler
7	1 (0.55%)	GitLab

General
1	80 (43.96%)	Social Skills
2	31 (17.03%)	Finance
3	22 (12.09%)	Analytical Skills
4	19 (10.44%)	Influencing Skills
5	16 (8.79%)	Inclusion and Diversity
5	16 (8.79%)	Presentation Skills
6	8 (4.40%)	Law
6	8 (4.40%)	Public Sector
7	6 (3.30%)	Retail
8	5 (2.75%)	Banking
8	5 (2.75%)	Manufacturing
9	4 (2.20%)	Documentation Skills
9	4 (2.20%)	Electronics
9	4 (2.20%)	Military
10	3 (1.65%)	Legal
10	3 (1.65%)	Mandarin Language
10	3 (1.65%)	Marketing
11	2 (1.10%)	Organisational Skills
12	1 (0.55%)	Advertising
12	1 (0.55%)	Aerospace

Job Titles
1	54 (29.67%)	Security Engineer
2	38 (20.88%)	Analyst
3	33 (18.13%)	Security Analyst
4	24 (13.19%)	Senior
5	20 (10.99%)	Tester
6	19 (10.44%)	Cybersecurity Engineer
6	19 (10.44%)	Penetration Tester
7	15 (8.24%)	Senior Security Engineer
8	14 (7.69%)	Applications Engineer
9	11 (6.04%)	IT Manager
9	11 (6.04%)	Lead
9	11 (6.04%)	Network Engineer
10	9 (4.95%)	Cybersecurity Analyst
10	9 (4.95%)	Information Analyst
10	9 (4.95%)	Information Security Analyst
11	8 (4.40%)	Cloud Engineer
11	8 (4.40%)	Consultant
11	8 (4.40%)	Security Consultant
11	8 (4.40%)	Vulnerability Management Engineer
12	7 (3.85%)	Cybersecurity Consultant

Libraries, Frameworks & Software Standards
1	5 (2.75%)	JSON
2	1 (0.55%)	Elastic Stack
2	1 (0.55%)	ModSecurity
2	1 (0.55%)	PyTorch
2	1 (0.55%)	TensorFlow
2	1 (0.55%)	YAML

Miscellaneous
1	29 (15.93%)	Management Information System
2	24 (13.19%)	Security Posture
3	16 (8.79%)	Cyber Threat
3	16 (8.79%)	Security Operations Centre
4	9 (4.95%)	Cyber Defence
4	9 (4.95%)	Operational Technology
5	8 (4.40%)	Self-Motivation
6	7 (3.85%)	Cloud Native
6	7 (3.85%)	Mobile App
6	7 (3.85%)	PKI
7	6 (3.30%)	Analytical Mindset
7	6 (3.30%)	Cyber Kill Chain
7	6 (3.30%)	Data Centre
7	6 (3.30%)	SCADA
8	5 (2.75%)	Enterprise Software
9	4 (2.20%)	Cyberattack
9	4 (2.20%)	Linux Command Line
10	3 (1.65%)	Public Cloud
10	3 (1.65%)	Renewable Energy
10	3 (1.65%)	Virtual Team

Operating Systems
1	30 (16.48%)	Windows
2	28 (15.38%)	Linux
3	7 (3.85%)	Unix
4	6 (3.30%)	Kali Linux
4	6 (3.30%)	Windows Server
5	3 (1.65%)	VMS
6	2 (1.10%)	Android
6	2 (1.10%)	Apple iOS
7	1 (0.55%)	Debian
7	1 (0.55%)	Ubuntu
7	1 (0.55%)	Windows 10
7	1 (0.55%)	Windows Server 2016
7	1 (0.55%)	Windows Server 2019

Processes & Methodologies
1	99 (54.40%)	Cybersecurity
2	69 (37.91%)	Incident Response
3	54 (29.67%)	SIEM
4	48 (26.37%)	Vulnerability Management
5	39 (21.43%)	Vulnerability Assessment
6	34 (18.68%)	Information Security
6	34 (18.68%)	Security Operations
7	33 (18.13%)	Vulnerability Scanning
8	32 (17.58%)	DevOps
9	30 (16.48%)	Problem-Solving
10	28 (15.38%)	Application Security
10	28 (15.38%)	Threat Modelling
11	27 (14.84%)	Technology Transformation
11	27 (14.84%)	Vulnerability Remediation
12	26 (14.29%)	Security Testing
13	24 (13.19%)	CI/CD
13	24 (13.19%)	Cloud Security
14	23 (12.64%)	Red Team
15	21 (11.54%)	ITIL
16	20 (10.99%)	SDLC

Programming Languages
1	63 (34.62%)	Python
2	43 (23.63%)	PowerShell
3	40 (21.98%)	Bash
4	17 (9.34%)	Go
5	13 (7.14%)	SQL
6	7 (3.85%)	R
7	6 (3.30%)	C
7	6 (3.30%)	C++
8	5 (2.75%)	C#
8	5 (2.75%)	JavaScript
9	2 (1.10%)	Perl
10	1 (0.55%)	Java
10	1 (0.55%)	Kusto Query Language
10	1 (0.55%)	Scala

Qualifications
1	46 (25.27%)	CISSP
2	41 (22.53%)	Degree
3	35 (19.23%)	Security Cleared
4	29 (15.93%)	SC Cleared
5	28 (15.38%)	CREST Certified
6	23 (12.64%)	SANS
7	22 (12.09%)	Cisco Certification
7	22 (12.09%)	OSCP
8	17 (9.34%)	CCNA
9	16 (8.79%)	CompTIA Security+
9	16 (8.79%)	DV Cleared
10	13 (7.14%)	GIAC
11	12 (6.59%)	GCIA
12	11 (6.04%)	CCNP
12	11 (6.04%)	CHECK Team Member
13	10 (5.49%)	CISA
14	9 (4.95%)	CEH
15	8 (4.40%)	CHECK Team Leader
16	7 (3.85%)	Computer Science Degree
16	7 (3.85%)	GCIH

Quality Assurance & Compliance
1	72 (39.56%)	ISO/IEC 27001
2	54 (29.67%)	NIST
3	30 (16.48%)	Cyber Essentials
4	27 (14.84%)	Accessibility
5	17 (9.34%)	GDPR
6	9 (4.95%)	NCSC
7	5 (2.75%)	NIST 800
7	5 (2.75%)	QA
8	4 (2.20%)	GRC
8	4 (2.20%)	PCI DSS
9	3 (1.65%)	Actionable Recommendations
9	3 (1.65%)	ITGC
9	3 (1.65%)	RMADS
10	2 (1.10%)	Cyber Essentials PLUS
10	2 (1.10%)	ISO/IEC 27005
11	1 (0.55%)	COBIT
11	1 (0.55%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
11	1 (0.55%)	ISO/IEC 42001
11	1 (0.55%)	Sarbanes-Oxley
11	1 (0.55%)	SOC 2

System Software
1	15 (8.24%)	Virtual Machines
2	13 (7.14%)	Active Directory
3	6 (3.30%)	VMware Infrastructure
4	4 (2.20%)	VMware ESXi
5	3 (1.65%)	Firmware
5	3 (1.65%)	Hyper-V
6	2 (1.10%)	EMC RecoverPoint
6	2 (1.10%)	pfSense
6	2 (1.10%)	Squid

Systems Management
1	14 (7.69%)	Nessus
1	14 (7.69%)	Nmap
2	8 (4.40%)	QRadar
3	6 (3.30%)	Single Sign-On
4	5 (2.75%)	Microsoft Intune
5	4 (2.20%)	Kubernetes
6	3 (1.65%)	ArcSight ESM
6	3 (1.65%)	Proxmox
7	2 (1.10%)	Cisco CUCM
7	2 (1.10%)	Terraform
7	2 (1.10%)	VxRail
8	1 (0.55%)	Ansible
8	1 (0.55%)	CASB
8	1 (0.55%)	Jamf Pro
8	1 (0.55%)	Kibana
8	1 (0.55%)	Progress Chef
8	1 (0.55%)	SCCM
8	1 (0.55%)	ZENworks

Vendors
1	55 (30.22%)	Microsoft
2	17 (9.34%)	Tenable
3	15 (8.24%)	ServiceNow
4	14 (7.69%)	Cisco
5	11 (6.04%)	Splunk
6	8 (4.40%)	VMware
7	7 (3.85%)	Oracle
8	6 (3.30%)	Fortinet
9	5 (2.75%)	Palo Alto
10	4 (2.20%)	CheckPoint
10	4 (2.20%)	Sophos
10	4 (2.20%)	Zscaler
11	3 (1.65%)	ArcSight
11	3 (1.65%)	CyberArk
11	3 (1.65%)	IBM
11	3 (1.65%)	LogLogic
11	3 (1.65%)	LogRhythm
11	3 (1.65%)	McAfee
11	3 (1.65%)	Qualys
12	2 (1.10%)	Meraki

Penetration TestingUK

All Process and Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category