Penetration Testing Job Trends

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 27 June 2026, with comparisons to the same periods in the previous two years.

 6 months to
27 Jun 2026		 Same period 2025 Same period 2024
Rank 409 447 462
Rank change year-on-year +38 +15 +1
Permanent jobs citing Penetration Testing 372 225 493
As % of all permanent jobs in the UK 0.39% 0.49% 0.47%
As % of the Processes & Methodologies category 0.53% 0.54% 0.57%
Number of salaries quoted 246 171 399
10th Percentile £42,500 £43,750 £38,750
25th Percentile £50,000 £55,000 £48,750
Median annual salary (50th Percentile) £70,000 £67,500 £65,000
Median % change year-on-year +3.70% +3.85% +1.96%
75th Percentile £87,500 £79,750 £81,250
90th Percentile £100,000 £95,000 £100,000
UK excluding London median annual salary £55,000 £67,500 £60,000
% change year-on-year -18.52% +12.50% +9.09%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills 69,907 41,954 86,795
As % of all permanent jobs advertised in the UK 73.40% 92.11% 82.23%
Number of salaries quoted 48,219 22,640 61,471
10th Percentile £30,000 £28,750 £29,750
25th Percentile £41,250 £38,750 £40,000
Median annual salary (50th Percentile) £60,000 £57,500 £55,000
Median % change year-on-year +4.35% +4.55% -9.54%
75th Percentile £78,750 £77,500 £72,500
90th Percentile £100,000 £100,000 £92,500
UK excluding London median annual salary £53,000 £50,000 £50,000
% change year-on-year +6.00% - -9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing job vacancy trend in the UK

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Salary distribution trend for jobs in the UK citing Penetration Testing

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 27 June 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 27 June 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year		 Matching
Permanent
IT Job Ads		 Median Salary
Past 6 Months		 Median Salary
% Change
on Same Period
Last Year		 Live
Jobs
England +22 332 £68,750 +1.85% 70
UK excluding London +12 189 £55,000 -18.52% 51
London +25 147 £82,500 +17.86% 33
Work from Home +60 124 £72,500 -3.33% 33
South East +7 64 £71,250 +9.62% 20
South West -11 50 £50,000 -25.93% 11
Midlands -31 31 £51,058 -24.36% 4
North of England -42 25 £61,750 +7.39% 6
West Midlands -25 19 £65,000 -3.70% 2
Yorkshire -37 14 £55,000 - 3
East Midlands -15 12 £46,743 +16.86% 2
Scotland +19 11 £85,000 +21.43% 1
North East -39 6 £75,000 +3.18%
East of England - 6 £32,500 - 3
North West -12 5 £67,500 +13.92% 3
Wales -47 4 £54,085 -28.43% 2

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1 9 (2.42%) Microsoft Exchange
2 7 (1.88%) SharePoint
3 4 (1.08%) Confluence
4 3 (0.81%) IIS
5 2 (0.54%) Apache Spark
6 1 (0.27%) Apache
6 1 (0.27%) Drupal
6 1 (0.27%) nginx
6 1 (0.27%) WordPress
Applications
1 2 (0.54%) Spreadsheet
Business Applications
1 1 (0.27%) Exchequer
1 1 (0.27%) Magento
1 1 (0.27%) SAP EHS
1 1 (0.27%) SAP S/4HANA
Cloud Services
1 85 (22.85%) Azure
2 84 (22.58%) AWS
3 34 (9.14%) Microsoft 365
4 28 (7.53%) GCP
5 16 (4.30%) Entra ID
6 13 (3.49%) GitHub
7 10 (2.69%) Azure Sentinel
7 10 (2.69%) SaaS
8 9 (2.42%) GitHub Actions
9 6 (1.61%) Microsoft Purview
10 5 (1.34%) Mimecast
11 4 (1.08%) Amazon EKS
11 4 (1.08%) AWS CloudFormation
11 4 (1.08%) Azure DevOps
11 4 (1.08%) Azure Key Vault
11 4 (1.08%) Cloud Computing
11 4 (1.08%) Rubrik
12 3 (0.81%) IaaS
12 3 (0.81%) OneDrive
12 3 (0.81%) PaaS
Communications & Networking
1 79 (21.24%) Firewall
2 31 (8.33%) Network Security
3 25 (6.72%) Cisco Nexus
4 24 (6.45%) Wi-Fi
5 23 (6.18%) Internet
5 23 (6.18%) Wireless
6 21 (5.65%) VPN
7 15 (4.03%) LAN
7 15 (4.03%) WAN
8 13 (3.49%) DNS
9 11 (2.96%) TCP/IP
10 9 (2.42%) Cisco ISE
11 8 (2.15%) VLAN
12 6 (1.61%) Intrusion Detection
13 5 (1.34%) DHCP
14 4 (1.08%) DMARC
14 4 (1.08%) HTTPS
15 3 (0.81%) DMZ
15 3 (0.81%) SSL
15 3 (0.81%) VoIP
Database & Business Intelligence
1 7 (1.88%) SQL Server
2 3 (0.81%) Amazon RDS
2 3 (0.81%) MongoDB
3 2 (0.54%) Hadoop
3 2 (0.54%) KNIME
3 2 (0.54%) NoSQL
4 1 (0.27%) InterSystems Cache
4 1 (0.27%) Power BI
4 1 (0.27%) Redis
Development Applications
1 24 (6.45%) Burp Suite
2 23 (6.18%) Metasploit
3 11 (2.96%) JIRA
4 8 (2.15%) Jenkins
5 6 (1.61%) Bitbucket
6 3 (0.81%) Git
6 3 (0.81%) Yeoman
7 2 (0.54%) Cucumber
7 2 (0.54%) Gatling
7 2 (0.54%) JMeter
7 2 (0.54%) NUnit
7 2 (0.54%) Selenium
7 2 (0.54%) Snyk
8 1 (0.27%) Cypress.io
8 1 (0.27%) GitLab
8 1 (0.27%) IDA Disassembler
8 1 (0.27%) JUnit
8 1 (0.27%) Postman
8 1 (0.27%) SonarQube
8 1 (0.27%) Vagrant
General
1 115 (30.91%) Social Skills
2 85 (22.85%) Finance
3 40 (10.75%) Public Sector
4 39 (10.48%) Analytical Skills
5 33 (8.87%) Law
6 22 (5.91%) Inclusion and Diversity
7 19 (5.11%) Banking
7 19 (5.11%) Retail
8 10 (2.69%) Legal
9 8 (2.15%) Marketing
10 7 (1.88%) Pharmaceutical
11 5 (1.34%) Influencing Skills
12 4 (1.08%) Financial Institution
12 4 (1.08%) Telecoms
13 3 (0.81%) Back Office
13 3 (0.81%) Digital Health
13 3 (0.81%) Digital Healthcare
14 2 (0.54%) Military
14 2 (0.54%) Social Housing
15 1 (0.27%) Aerospace
Job Titles
1 83 (22.31%) Senior
2 64 (17.20%) Analyst
3 57 (15.32%) Penetration Tester
3 57 (15.32%) Tester
4 54 (14.52%) Security Analyst
5 51 (13.71%) Consultant
6 42 (11.29%) Security Consultant
7 41 (11.02%) Senior Analyst
8 38 (10.22%) Senior Security Analyst
9 33 (8.87%) Lead
10 28 (7.53%) Cybersecurity Analyst
11 27 (7.26%) Security Engineer
12 25 (6.72%) Security Manager
13 23 (6.18%) Senior Cybersecurity Analyst
14 22 (5.91%) Security Specialist
15 20 (5.38%) Team Leader
16 18 (4.84%) Cybersecurity Consultant
17 17 (4.57%) Network Analyst
17 17 (4.57%) Senior Network Analyst
18 14 (3.76%) Network Security Analyst
Libraries, Frameworks & Software Standards
1 4 (1.08%) .NET
1 4 (1.08%) RESTful
2 3 (0.81%) .NET Framework
2 3 (0.81%) LDAP
2 3 (0.81%) OAuth
3 2 (0.54%) AngularJS
3 2 (0.54%) ASP.NET
3 2 (0.54%) ASP.NET Core
3 2 (0.54%) Entity Framework
3 2 (0.54%) Kafka
3 2 (0.54%) OAuth2
3 2 (0.54%) OpenAPI
3 2 (0.54%) OpenID
3 2 (0.54%) Playwright
3 2 (0.54%) RxJS
3 2 (0.54%) Swagger
3 2 (0.54%) Vitest
4 1 (0.27%) ARM Templates
4 1 (0.27%) Gherkin
4 1 (0.27%) Memcached
Miscellaneous
1 89 (23.92%) Security Posture
2 36 (9.68%) Mobile App
3 32 (8.60%) Cyber Threat
4 31 (8.33%) Cyber Defence
5 24 (6.45%) Management Information System
6 15 (4.03%) Self-Motivation
7 14 (3.76%) Security Operations Centre
8 10 (2.69%) Data Centre
8 10 (2.69%) Onboarding
9 9 (2.42%) Blog
10 8 (2.15%) Cloud Native
11 7 (1.88%) Cyber Security Posture
11 7 (1.88%) Operational Technology
12 6 (1.61%) Cyberattack
12 6 (1.61%) Enterprise Software
12 6 (1.61%) Hybrid Cloud
12 6 (1.61%) Insider Threat
13 4 (1.08%) NHS
13 4 (1.08%) Public Cloud
14 3 (0.81%) PKI
Operating Systems
1 49 (13.17%) Windows
2 42 (11.29%) Linux
3 17 (4.57%) Android
3 17 (4.57%) Apple iOS
4 15 (4.03%) Windows Server
5 4 (1.08%) Unix
6 3 (0.81%) Kali Linux
6 3 (0.81%) Red Hat Enterprise Linux
7 2 (0.54%) Mac OS
7 2 (0.54%) Windows Server 2016
Processes & Methodologies
1 258 (69.35%) Cybersecurity
2 113 (30.38%) Incident Response
3 104 (27.96%) Vulnerability Management
4 93 (25.00%) Red Team
5 78 (20.97%) Security Testing
5 78 (20.97%) SIEM
6 73 (19.62%) Offensive Security
7 69 (18.55%) Application Security
8 65 (17.47%) Security Operations
9 64 (17.20%) Mentoring
9 64 (17.20%) Problem-Solving
10 62 (16.67%) Cloud Security
11 60 (16.13%) Information Security
12 48 (12.90%) Continuous Improvement
13 44 (11.83%) Threat Modelling
14 43 (11.56%) Disaster Recovery
15 41 (11.02%) Threat Intelligence
16 40 (10.75%) Agile
17 38 (10.22%) Vulnerability Assessment
18 37 (9.95%) Vulnerability Remediation
Programming Languages
1 52 (13.98%) PowerShell
1 52 (13.98%) Python
2 29 (7.80%) Bash
3 16 (4.30%) Java
4 12 (3.23%) Go
5 6 (1.61%) Bicep
5 6 (1.61%) C#
5 6 (1.61%) SQL
6 5 (1.34%) C
6 5 (1.34%) C++
6 5 (1.34%) Perl
7 4 (1.08%) Ruby
8 3 (0.81%) Objective-C
8 3 (0.81%) PHP
8 3 (0.81%) Rust
9 2 (0.54%) JavaScript
9 2 (0.54%) Kusto Query Language
9 2 (0.54%) TypeScript
Qualifications
1 93 (25.00%) CREST Certified
2 70 (18.82%) OSCP
3 67 (18.01%) CISSP
3 67 (18.01%) Security Cleared
4 53 (14.25%) SC Cleared
5 42 (11.29%) CISM
6 39 (10.48%) Degree
7 35 (9.41%) CHECK Team Member
8 34 (9.14%) CHECK Team Leader
9 25 (6.72%) CEH
10 23 (6.18%) Cisco Certification
11 21 (5.65%) CCSAM
12 20 (5.38%) CompTIA Security+
13 16 (4.30%) CCNA
13 16 (4.30%) CCNP
14 14 (3.76%) DV Cleared
14 14 (3.76%) GIAC
15 12 (3.23%) SANS
16 8 (2.15%) OSCE
17 7 (1.88%) Cyber Scheme
Quality Assurance & Compliance
1 104 (27.96%) ISO/IEC 27001
2 55 (14.78%) NIST
3 52 (13.98%) GDPR
4 43 (11.56%) Cyber Essentials
5 24 (6.45%) PCI DSS
6 18 (4.84%) Cyber Essentials PLUS
7 17 (4.57%) GRC
8 15 (4.03%) NCSC
9 14 (3.76%) Actionable Recommendations
10 13 (3.49%) Accessibility
11 7 (1.88%) Sarbanes-Oxley
11 7 (1.88%) SOC 2
12 6 (1.61%) QA
13 4 (1.08%) Data Quality
13 4 (1.08%) Def Stans
13 4 (1.08%) NIST 800
14 3 (0.81%) COBIT
14 3 (0.81%) SLA
15 1 (0.27%) GxP
15 1 (0.27%) WCAG
System Software
1 39 (10.48%) Active Directory
2 9 (2.42%) VMware Infrastructure
3 4 (1.08%) Docker
3 4 (1.08%) EMC RecoverPoint
4 3 (0.81%) Virtual Machines
4 3 (0.81%) VMware ESXi
5 1 (0.27%) Virtual Desktop
Systems Management
1 20 (5.38%) Kubernetes
2 16 (4.30%) Nessus
3 13 (3.49%) Nmap
4 11 (2.96%) Microsoft Intune
4 11 (2.96%) Terraform
5 5 (1.34%) Ansible
6 4 (1.08%) CSIRT
6 4 (1.08%) VxRail
7 3 (0.81%) FortiGate
7 3 (0.81%) Red Hat Satellite
7 3 (0.81%) SCCM
7 3 (0.81%) Single Sign-On
8 2 (0.54%) CASB
8 2 (0.54%) Jamf Pro
9 1 (0.27%) Computer Emergency Response Teams
9 1 (0.27%) Consul
9 1 (0.27%) OpenVAS
9 1 (0.27%) Packer
9 1 (0.27%) Progress Chef
9 1 (0.27%) Puppet
Vendors
1 73 (19.62%) Microsoft
2 33 (8.87%) Cisco
3 29 (7.80%) Qualys
4 26 (6.99%) Palo Alto
5 21 (5.65%) Aruba
5 21 (5.65%) Splunk
6 14 (3.76%) Sophos
7 12 (3.23%) CrowdStrike
7 12 (3.23%) VMware
7 12 (3.23%) Zscaler
8 9 (2.42%) CheckPoint
9 8 (2.15%) Fortinet
10 7 (1.88%) Tenable
11 6 (1.61%) Rapid7
12 5 (1.34%) ServiceNow
12 5 (1.34%) TOWER Software
13 4 (1.08%) Google
13 4 (1.08%) Okta
14 3 (0.81%) CyberArk
14 3 (0.81%) Veracode
84 Penetration Testing jobs Nationwide