Penetration Testing Job Trends

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 15 July 2026, with comparisons to the same periods in the previous two years.

6 months to
15 Jul 2026
Same period 2025 Same period 2024
Rank 418 468 476
Rank change year-on-year +50 +8 -17
Permanent jobs citing Penetration Testing 371 211 470
As % of all permanent jobs in the UK 0.38% 0.43% 0.46%
As % of the Processes & Methodologies category 0.51% 0.48% 0.57%
Number of salaries quoted 246 174 369
10th Percentile £42,500 £46,000 £38,750
25th Percentile £50,000 £54,063 £47,500
Median annual salary (50th Percentile) £70,000 £67,500 £64,000
Median % change year-on-year +3.70% +5.47% +2.40%
75th Percentile £88,625 £79,875 £78,750
90th Percentile £100,000 £95,000 £100,000
UK excluding London median annual salary £55,000 £67,500 £60,000
% change year-on-year -18.52% +12.50% +9.09%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills 72,817 44,332 83,106
As % of all permanent jobs advertised in the UK 73.70% 90.20% 82.17%
Number of salaries quoted 50,259 24,803 58,175
10th Percentile £30,250 £28,750 £29,750
25th Percentile £41,250 £38,000 £40,000
Median annual salary (50th Percentile) £60,000 £57,500 £55,000
Median % change year-on-year +4.35% +4.55% -8.84%
75th Percentile £78,750 £77,500 £72,500
90th Percentile £100,000 £98,750 £92,500
UK excluding London median annual salary £55,000 £50,000 £50,000
% change year-on-year +10.00% - -9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing job vacancy trend in the UK

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Salary distribution trend for jobs in the UK citing Penetration Testing

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 15 July 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 15 July 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Jobs
England +40 327 £70,000 +3.70% 130
UK excluding London +11 189 £55,000 -18.52% 105
London +9 143 £82,500 +13.79% 45
Work from Home +43 125 £75,000 +1.35% 87
South East +23 71 £72,500 +20.83% 29
South West -22 48 £50,000 -27.27% 21
Midlands -27 27 £65,000 -3.70% 9
North of England -47 23 £61,750 +7.39% 22
West Midlands -32 19 £70,000 +3.70% 5
Yorkshire -36 12 £55,000 - 9
Scotland +23 11 £85,000 +21.43% 8
East Midlands -17 8 £46,743 +16.86% 4
North East -55 6 £75,000 +3.18% 1
East of England - 6 £32,500 - 10
North West -20 5 £67,500 +17.39% 12
Wales -50 5 £55,000 -27.22% 2

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1 9 (2.43%) Microsoft Exchange
2 7 (1.89%) SharePoint
3 5 (1.35%) Confluence
4 3 (0.81%) Apache Spark
4 3 (0.81%) IIS
5 1 (0.27%) Apache
5 1 (0.27%) CMS
5 1 (0.27%) Drupal
5 1 (0.27%) nginx
5 1 (0.27%) NServiceBus
5 1 (0.27%) WordPress
Applications
1 2 (0.54%) Spreadsheet
Business Applications
1 1 (0.27%) Exchequer
1 1 (0.27%) Magento
1 1 (0.27%) SAP EHS
1 1 (0.27%) SAP S/4HANA
Cloud Services
1 85 (22.91%) AWS
2 84 (22.64%) Azure
3 33 (8.89%) Microsoft 365
4 28 (7.55%) GCP
5 16 (4.31%) Entra ID
6 14 (3.77%) GitHub
7 10 (2.70%) SaaS
8 9 (2.43%) Azure Sentinel
8 9 (2.43%) GitHub Actions
9 6 (1.62%) Cloud Computing
9 6 (1.62%) Microsoft Purview
10 5 (1.35%) Amazon Bedrock
10 5 (1.35%) Azure DevOps
10 5 (1.35%) Mimecast
11 4 (1.08%) Amazon EKS
11 4 (1.08%) Amazon GuardDuty
11 4 (1.08%) AWS CloudFormation
11 4 (1.08%) Azure Key Vault
11 4 (1.08%) Nutanix
11 4 (1.08%) Rubrik
Communications & Networking
1 88 (23.72%) Firewall
2 32 (8.63%) Cisco Nexus
3 30 (8.09%) Wi-Fi
4 29 (7.82%) Network Security
5 28 (7.55%) Internet
6 20 (5.39%) LAN
6 20 (5.39%) VPN
6 20 (5.39%) WAN
7 15 (4.04%) Wireless
8 12 (3.23%) DNS
9 10 (2.70%) TCP/IP
10 9 (2.43%) Cisco ISE
11 7 (1.89%) VLAN
12 6 (1.62%) Intrusion Detection
13 4 (1.08%) DHCP
13 4 (1.08%) HTTPS
13 4 (1.08%) Kerberos
14 3 (0.81%) DMARC
14 3 (0.81%) VoIP
15 2 (0.54%) Wireshark
Database & Business Intelligence
1 9 (2.43%) SQL Server
2 4 (1.08%) MongoDB
3 3 (0.81%) Amazon RDS
3 3 (0.81%) Hadoop
3 3 (0.81%) NoSQL
4 2 (0.54%) KNIME
4 2 (0.54%) Redis
5 1 (0.27%) InterSystems Cache
5 1 (0.27%) Power BI
Development Applications
1 20 (5.39%) Burp Suite
2 19 (5.12%) Metasploit
3 13 (3.50%) JIRA
4 8 (2.16%) Jenkins
5 6 (1.62%) Bitbucket
6 4 (1.08%) Git
7 3 (0.81%) Yeoman
8 2 (0.54%) Cucumber
8 2 (0.54%) Gatling
8 2 (0.54%) JMeter
8 2 (0.54%) NUnit
8 2 (0.54%) Selenium
8 2 (0.54%) Snyk
9 1 (0.27%) Cypress.io
9 1 (0.27%) GitLab
9 1 (0.27%) IDA Disassembler
9 1 (0.27%) JUnit
9 1 (0.27%) Postman
9 1 (0.27%) SonarQube
9 1 (0.27%) Vagrant
General
1 113 (30.46%) Social Skills
2 77 (20.75%) Finance
3 44 (11.86%) Public Sector
4 41 (11.05%) Analytical Skills
5 33 (8.89%) Law
6 20 (5.39%) Inclusion and Diversity
7 18 (4.85%) Banking
8 17 (4.58%) Retail
9 8 (2.16%) Legal
10 7 (1.89%) Marketing
11 6 (1.62%) Influencing Skills
11 6 (1.62%) Pharmaceutical
12 4 (1.08%) Financial Institution
13 3 (0.81%) Back Office
13 3 (0.81%) Digital Health
13 3 (0.81%) Digital Healthcare
13 3 (0.81%) Military
13 3 (0.81%) Telecoms
14 2 (0.54%) Organisational Skills
14 2 (0.54%) Social Housing
Job Titles
1 86 (23.18%) Senior
2 64 (17.25%) Analyst
3 61 (16.44%) Penetration Tester
3 61 (16.44%) Tester
4 53 (14.29%) Security Analyst
5 46 (12.40%) Consultant
6 41 (11.05%) Senior Analyst
7 37 (9.97%) Security Consultant
7 37 (9.97%) Senior Security Analyst
8 34 (9.16%) Lead
9 32 (8.63%) Security Engineer
10 30 (8.09%) Cybersecurity Analyst
11 25 (6.74%) Senior Cybersecurity Analyst
12 21 (5.66%) Security Specialist
13 20 (5.39%) Security Manager
13 20 (5.39%) Team Leader
14 19 (5.12%) Network Analyst
14 19 (5.12%) Senior Network Analyst
15 16 (4.31%) Cybersecurity Consultant
16 15 (4.04%) Network Security Analyst
Libraries, Frameworks & Software Standards
1 5 (1.35%) .NET
1 5 (1.35%) RESTful
2 4 (1.08%) LDAP
2 4 (1.08%) OAuth
3 3 (0.81%) .NET Framework
3 3 (0.81%) ASP.NET
3 3 (0.81%) Kafka
4 2 (0.54%) AngularJS
4 2 (0.54%) ASP.NET Core
4 2 (0.54%) Entity Framework
4 2 (0.54%) OAuth2
4 2 (0.54%) OpenAPI
4 2 (0.54%) OpenID
4 2 (0.54%) Playwright
4 2 (0.54%) RxJS
4 2 (0.54%) Swagger
4 2 (0.54%) Vitest
5 1 (0.27%) ARM Templates
5 1 (0.27%) Gherkin
5 1 (0.27%) Memcached
Miscellaneous
1 80 (21.56%) Security Posture
2 33 (8.89%) Cyber Threat
3 26 (7.01%) Cyber Defence
3 26 (7.01%) Mobile App
4 25 (6.74%) Management Information System
5 14 (3.77%) Security Operations Centre
6 13 (3.50%) Self-Motivation
7 12 (3.23%) Onboarding
8 9 (2.43%) Blog
8 9 (2.43%) Cloud Native
8 9 (2.43%) Data Centre
9 8 (2.16%) Operational Technology
10 7 (1.89%) Cyberattack
10 7 (1.89%) Enterprise Software
10 7 (1.89%) Hybrid Cloud
11 6 (1.62%) Cyber Security Posture
12 4 (1.08%) Insider Threat
12 4 (1.08%) NHS
12 4 (1.08%) Public Cloud
13 3 (0.81%) PKI
Operating Systems
1 53 (14.29%) Windows
2 45 (12.13%) Linux
3 17 (4.58%) Android
3 17 (4.58%) Apple iOS
3 17 (4.58%) Windows Server
4 4 (1.08%) Kali Linux
4 4 (1.08%) Red Hat Enterprise Linux
4 4 (1.08%) Unix
5 3 (0.81%) Mac OS
6 2 (0.54%) Windows Server 2016
Processes & Methodologies
1 265 (71.43%) Cybersecurity
2 110 (29.65%) Incident Response
3 109 (29.38%) Vulnerability Management
4 83 (22.37%) SIEM
5 79 (21.29%) Red Team
5 79 (21.29%) Security Testing
6 74 (19.95%) Security Operations
7 67 (18.06%) Cloud Security
8 64 (17.25%) Application Security
9 63 (16.98%) Offensive Security
10 58 (15.63%) Information Security
11 56 (15.09%) Problem-Solving
12 53 (14.29%) Mentoring
13 50 (13.48%) Disaster Recovery
14 47 (12.67%) Continuous Improvement
15 46 (12.40%) Threat Modelling
16 44 (11.86%) Threat Intelligence
17 40 (10.78%) Risk Management
18 39 (10.51%) Cyber Threat Intelligence
18 39 (10.51%) Vulnerability Remediation
Programming Languages
1 51 (13.75%) PowerShell
2 50 (13.48%) Python
3 24 (6.47%) Bash
4 17 (4.58%) Java
5 12 (3.23%) Go
6 7 (1.89%) SQL
7 6 (1.62%) Bicep
7 6 (1.62%) C#
8 5 (1.35%) C
8 5 (1.35%) C++
9 4 (1.08%) Perl
9 4 (1.08%) Ruby
10 3 (0.81%) JavaScript
10 3 (0.81%) Objective-C
10 3 (0.81%) PHP
10 3 (0.81%) Rust
11 2 (0.54%) Kusto Query Language
11 2 (0.54%) TypeScript
Qualifications
1 81 (21.83%) CREST Certified
2 69 (18.60%) Security Cleared
3 67 (18.06%) CISSP
4 58 (15.63%) OSCP
5 53 (14.29%) SC Cleared
6 44 (11.86%) CISM
7 31 (8.36%) Degree
8 30 (8.09%) CHECK Team Member
9 26 (7.01%) CHECK Team Leader
10 22 (5.93%) Cisco Certification
11 21 (5.66%) CEH
12 16 (4.31%) CompTIA Security+
13 15 (4.04%) CCNP
14 14 (3.77%) DV Cleared
15 13 (3.50%) CCNA
15 13 (3.50%) CCSAM
15 13 (3.50%) GIAC
16 12 (3.23%) SANS
17 8 (2.16%) OSCE
18 7 (1.89%) AWS Certification
Quality Assurance & Compliance
1 102 (27.49%) ISO/IEC 27001
2 56 (15.09%) NIST
3 52 (14.02%) GDPR
4 42 (11.32%) Cyber Essentials
5 26 (7.01%) PCI DSS
6 18 (4.85%) Cyber Essentials PLUS
7 17 (4.58%) GRC
8 16 (4.31%) NCSC
9 14 (3.77%) Accessibility
10 12 (3.23%) Actionable Recommendations
11 8 (2.16%) Sarbanes-Oxley
12 7 (1.89%) SOC 2
13 6 (1.62%) QA
14 4 (1.08%) Data Quality
14 4 (1.08%) Def Stans
14 4 (1.08%) NIST 800
15 3 (0.81%) COBIT
15 3 (0.81%) SLA
16 1 (0.27%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
16 1 (0.27%) WCAG
System Software
1 39 (10.51%) Active Directory
2 10 (2.70%) VMware Infrastructure
3 4 (1.08%) Docker
3 4 (1.08%) EMC RecoverPoint
3 4 (1.08%) Virtual Machines
4 2 (0.54%) VMware ESXi
5 1 (0.27%) Virtual Desktop
Systems Management
1 21 (5.66%) Kubernetes
2 14 (3.77%) Nessus
3 12 (3.23%) Nmap
4 11 (2.96%) Terraform
5 10 (2.70%) Microsoft Intune
6 5 (1.35%) Ansible
7 4 (1.08%) Red Hat Satellite
7 4 (1.08%) VxRail
8 3 (0.81%) CSIRT
8 3 (0.81%) SCCM
8 3 (0.81%) Single Sign-On
9 2 (0.54%) CASB
9 2 (0.54%) FortiGate
9 2 (0.54%) Jamf Pro
10 1 (0.27%) Computer Emergency Response Teams
10 1 (0.27%) Consul
10 1 (0.27%) OpenVAS
10 1 (0.27%) Packer
10 1 (0.27%) Progress Chef
10 1 (0.27%) Puppet
Vendors
1 70 (18.87%) Microsoft
2 38 (10.24%) Cisco
3 37 (9.97%) Qualys
4 34 (9.16%) Palo Alto
5 28 (7.55%) Aruba
6 23 (6.20%) Splunk
7 14 (3.77%) Sophos
8 12 (3.23%) CrowdStrike
8 12 (3.23%) VMware
8 12 (3.23%) Zscaler
9 9 (2.43%) CheckPoint
10 8 (2.16%) Fortinet
10 8 (2.16%) Tenable
11 7 (1.89%) Rapid7
12 6 (1.62%) ServiceNow
13 5 (1.35%) TOWER Software
14 4 (1.08%) Google
14 4 (1.08%) Ivanti
14 4 (1.08%) Oracle
14 4 (1.08%) Red Hat