Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 8 March 2026, with comparisons to the same periods in the previous two years.

	6 months to 8 Mar 2026	Same period 2025	Same period 2024
Rank	450	380	396
Rank change year-on-year	-70	+16	+84
Permanent jobs citing Penetration Testing	238	309	523
As % of all permanent jobs in the UK	0.33%	0.68%	0.63%
As % of the Processes & Methodologies category	0.42%	0.73%	0.72%
Number of salaries quoted	167	207	423
10^th Percentile	£42,300	£45,000	£40,650
25^th Percentile	£51,250	£58,750	£48,750
Median annual salary (50^th Percentile)	£72,500	£70,000	£64,902
Median % change year-on-year	+3.57%	+7.85%	-6.21%
75^th Percentile	£90,000	£87,500	£82,500
90^th Percentile	£95,000	£95,000	£92,500
UK excluding London median annual salary	£65,000	£67,500	£55,000
% change year-on-year	-3.70%	+22.73%	-8.33%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	56,516	42,516	72,551
As % of all permanent jobs advertised in the UK	78.36%	93.70%	87.81%
Number of salaries quoted	34,044	22,349	55,477
10^th Percentile	£29,270	£32,500	£29,000
25^th Percentile	£39,000	£45,000	£40,000
Median annual salary (50^th Percentile)	£55,000	£60,000	£55,000
Median % change year-on-year	-8.33%	+9.09%	-12.00%
75^th Percentile	£76,262	£80,000	£74,000
90^th Percentile	£97,500	£102,500	£95,000
UK excluding London median annual salary	£50,000	£55,000	£50,000
% change year-on-year	-9.09%	+10.00%	-9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 8 March 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 8 March 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-82	205	£71,184	+5.46%	61
UK excluding London	-62	113	£65,000	-3.70%	49
London	-18	97	£77,500	+6.16%	22
Work from Home	-7	85	£60,000	-14.29%	50
South West	+17	44	£76,250	+8.93%	12
Midlands	-19	26	£52,500	-22.22%	2
South East	-46	18	£72,500	+3.57%	17
West Midlands	-15	14	£60,000	-11.11%	2
Scotland	-23	13	£90,000	+20.00%	5
East Midlands	-12	12	£51,058	+27.65%
North of England	-52	11	£55,000	-10.93%	9
Yorkshire	-30	6	£56,250	+9.76%	2
North West	-29	3	£55,000	-12.00%	6
East of England	+7	2	£57,500	-	3
North East	-13	2	£75,000	-1.32%	1

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 8 March 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	122 (51.26%)	Cybersecurity
2	82 (34.45%)	CREST Certified
3	80 (33.61%)	Incident Response
4	78 (32.77%)	ISO/IEC 27001
5	70 (29.41%)	Red Team
6	68 (28.57%)	CISSP
6	68 (28.57%)	Python
7	64 (26.89%)	OSCP
8	62 (26.05%)	Application Security
9	59 (24.79%)	Microsoft
10	56 (23.53%)	Azure
11	50 (21.01%)	Bash
11	50 (21.01%)	Degree
11	50 (21.01%)	PowerShell
12	49 (20.59%)	NIST

12	49 (20.59%)	Problem-Solving
13	47 (19.75%)	Offensive Security
14	46 (19.33%)	Agile
14	46 (19.33%)	Information Security
14	46 (19.33%)	Vulnerability Management
15	45 (18.91%)	SIEM
16	42 (17.65%)	Security Testing
16	42 (17.65%)	Threat Modelling
17	41 (17.23%)	Security Cleared
18	40 (16.81%)	Mentoring
19	39 (16.39%)	AWS
20	38 (15.97%)	Firewall
21	35 (14.71%)	Vulnerability Assessment
22	34 (14.29%)	Business Strategy
22	34 (14.29%)	GDPR

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	5 (2.10%)	Microsoft Exchange
1	5 (2.10%)	SharePoint
2	1 (0.42%)	Confluence

Applications
1	4 (1.68%)	Microsoft Excel
1	4 (1.68%)	Microsoft Office
2	2 (0.84%)	Weka
3	1 (0.42%)	GNU Octave

Business Applications
1	1 (0.42%)	Exchequer

Cloud Services
1	56 (23.53%)	Azure
2	39 (16.39%)	AWS
3	25 (10.50%)	GitHub
4	20 (8.40%)	GitHub Actions
5	17 (7.14%)	Microsoft 365
6	14 (5.88%)	GCP
7	12 (5.04%)	Azure Sentinel
7	12 (5.04%)	Entra ID
8	11 (4.62%)	Microsoft Purview
9	8 (3.36%)	Slack
10	7 (2.94%)	Power Platform
11	5 (2.10%)	SaaS
12	3 (1.26%)	IBM Cloud
12	3 (1.26%)	Mimecast
13	2 (0.84%)	Dynamics 365
14	1 (0.42%)	Amazon EKS
14	1 (0.42%)	AWS CloudFormation
14	1 (0.42%)	Azure DevOps
14	1 (0.42%)	Datadog
14	1 (0.42%)	OneDrive

Communications & Networking
1	38 (15.97%)	Firewall
2	22 (9.24%)	Network Security
3	21 (8.82%)	TCP/IP
4	20 (8.40%)	Wireless
5	14 (5.88%)	VPN
6	10 (4.20%)	DNS
7	8 (3.36%)	VLAN
8	7 (2.94%)	Intrusion Detection
8	7 (2.94%)	Wi-Fi
9	5 (2.10%)	Cisco ISE
9	5 (2.10%)	HTTP
9	5 (2.10%)	Wireshark
10	4 (1.68%)	Ethernet
11	3 (1.26%)	DHCP
11	3 (1.26%)	DMZ
11	3 (1.26%)	HTTPS
11	3 (1.26%)	LAN
11	3 (1.26%)	SSL
11	3 (1.26%)	VoIP
11	3 (1.26%)	WAN

Database & Business Intelligence
1	7 (2.94%)	Power BI
2	4 (1.68%)	Tableau
3	1 (0.42%)	SQL Server

Development Applications
1	29 (12.18%)	Burp Suite
1	29 (12.18%)	Metasploit
2	20 (8.40%)	Jenkins
3	12 (5.04%)	JIRA
4	3 (1.26%)	Bitbucket
5	2 (0.84%)	IDA Disassembler
6	1 (0.42%)	Git
6	1 (0.42%)	GitLab

General
1	83 (34.87%)	Social Skills
2	79 (33.19%)	Finance
3	22 (9.24%)	Inclusion and Diversity
4	20 (8.40%)	Analytical Skills
5	16 (6.72%)	Banking
5	16 (6.72%)	Retail
6	13 (5.46%)	Law
6	13 (5.46%)	Public Sector
7	11 (4.62%)	Influencing Skills
8	9 (3.78%)	Presentation Skills
9	8 (3.36%)	Legal
10	6 (2.52%)	Marketing
11	4 (1.68%)	Electronics
11	4 (1.68%)	Telecoms
12	3 (1.26%)	Aerospace
12	3 (1.26%)	Documentation Skills
12	3 (1.26%)	Manufacturing
12	3 (1.26%)	Military
12	3 (1.26%)	Pharmaceutical
13	2 (0.84%)	Public Speaking

Job Titles
1	40 (16.81%)	Security Engineer
2	38 (15.97%)	Analyst
3	35 (14.71%)	Consultant
3	35 (14.71%)	Security Consultant
4	31 (13.03%)	Senior
4	31 (13.03%)	Tester
5	30 (12.61%)	Penetration Tester
6	29 (12.18%)	Security Analyst
7	25 (10.50%)	Security Manager
8	23 (9.66%)	Applications Engineer
9	17 (7.14%)	Cybersecurity Consultant
10	16 (6.72%)	Security Specialist
11	14 (5.88%)	IT Manager
12	11 (4.62%)	Senior Analyst
12	11 (4.62%)	Senior Security Analyst
13	10 (4.20%)	Lead
14	9 (3.78%)	Digital Analyst
14	9 (3.78%)	Senior Digital Analyst
15	8 (3.36%)	Cybersecurity Analyst
15	8 (3.36%)	Cybersecurity Engineer

Libraries, Frameworks & Software Standards
1	3 (1.26%)	JSON
2	1 (0.42%)	.NET
2	1 (0.42%)	PyTorch
2	1 (0.42%)	TensorFlow
2	1 (0.42%)	YAML

Miscellaneous
1	58 (24.37%)	Security Posture
2	29 (12.18%)	Mobile App
3	27 (11.34%)	Cyber Defence
4	20 (8.40%)	Cyber Threat
4	20 (8.40%)	Management Information System
5	8 (3.36%)	PKI
6	7 (2.94%)	Insider Threat
6	7 (2.94%)	Operational Technology
7	6 (2.52%)	Analytical Mindset
7	6 (2.52%)	Data Centre
7	6 (2.52%)	Enterprise Software
7	6 (2.52%)	Self-Motivation
8	5 (2.10%)	Cloud Native
8	5 (2.10%)	Security Operations Centre
9	4 (1.68%)	Cyber Security Posture
9	4 (1.68%)	Data Protection Act
10	3 (1.26%)	Cyberattack
10	3 (1.26%)	Renewable Energy
10	3 (1.26%)	SCADA
11	2 (0.84%)	Driving Licence

Operating Systems
1	21 (8.82%)	Linux
1	21 (8.82%)	Windows
2	10 (4.20%)	Android
2	10 (4.20%)	Apple iOS
3	7 (2.94%)	Unix
4	4 (1.68%)	Windows Server
5	1 (0.42%)	Kali Linux
5	1 (0.42%)	Mac OS

Processes & Methodologies
1	122 (51.26%)	Cybersecurity
2	80 (33.61%)	Incident Response
3	70 (29.41%)	Red Team
4	62 (26.05%)	Application Security
5	49 (20.59%)	Problem-Solving
6	47 (19.75%)	Offensive Security
7	46 (19.33%)	Agile
7	46 (19.33%)	Information Security
7	46 (19.33%)	Vulnerability Management
8	45 (18.91%)	SIEM
9	42 (17.65%)	Security Testing
9	42 (17.65%)	Threat Modelling
10	40 (16.81%)	Mentoring
11	35 (14.71%)	Vulnerability Assessment
12	34 (14.29%)	Business Strategy
13	32 (13.45%)	Internal Audit
14	29 (12.18%)	Coaching
15	28 (11.76%)	Business Transformation
15	28 (11.76%)	Creative Thinking
15	28 (11.76%)	Technology Transformation

Programming Languages
1	68 (28.57%)	Python
2	50 (21.01%)	Bash
2	50 (21.01%)	PowerShell
3	15 (6.30%)	Go
4	9 (3.78%)	C
4	9 (3.78%)	C++
4	9 (3.78%)	Java
5	7 (2.94%)	C#
6	6 (2.52%)	SQL
7	5 (2.10%)	Perl
8	4 (1.68%)	R
9	3 (1.26%)	JavaScript
9	3 (1.26%)	Ruby
10	1 (0.42%)	Scala

Qualifications
1	82 (34.45%)	CREST Certified
2	68 (28.57%)	CISSP
3	64 (26.89%)	OSCP
4	50 (21.01%)	Degree
5	41 (17.23%)	Security Cleared
6	33 (13.87%)	CHECK Team Member
6	33 (13.87%)	SC Cleared
7	27 (11.34%)	Cisco Certification
8	25 (10.50%)	CEH
9	24 (10.08%)	CHECK Team Leader
9	24 (10.08%)	SANS
10	19 (7.98%)	CCNA
11	18 (7.56%)	CCSAM
12	16 (6.72%)	CISM
12	16 (6.72%)	CompTIA Security+
13	15 (6.30%)	DV Cleared
13	15 (6.30%)	GIAC
14	12 (5.04%)	CISA
15	11 (4.62%)	GPEN
16	10 (4.20%)	Cyber Scheme

Quality Assurance & Compliance
1	78 (32.77%)	ISO/IEC 27001
2	49 (20.59%)	NIST
3	34 (14.29%)	GDPR
4	29 (12.18%)	Accessibility
5	27 (11.34%)	Cyber Essentials
6	14 (5.88%)	Actionable Recommendations
7	12 (5.04%)	PCI DSS
8	11 (4.62%)	NCSC
9	9 (3.78%)	Cyber Essentials PLUS
9	9 (3.78%)	GRC
10	4 (1.68%)	NIST 800
11	3 (1.26%)	COBIT
11	3 (1.26%)	Data Quality
11	3 (1.26%)	GxP
11	3 (1.26%)	ITGC
11	3 (1.26%)	RMADS
12	2 (0.84%)	ISO/IEC 27005
12	2 (0.84%)	QA
12	2 (0.84%)	Sarbanes-Oxley
12	2 (0.84%)	SOC 2

System Software
1	17 (7.14%)	Active Directory
2	8 (3.36%)	Virtual Machines
3	6 (2.52%)	VMware ESXi
3	6 (2.52%)	VMware Infrastructure
4	2 (0.84%)	Docker
4	2 (0.84%)	Hyper-V
4	2 (0.84%)	vSphere
5	1 (0.42%)	EMC RecoverPoint
5	1 (0.42%)	Virtual Desktop

Systems Management
1	24 (10.08%)	Nessus
2	19 (7.98%)	Nmap
3	14 (5.88%)	Kubernetes
4	5 (2.10%)	CSIRT
4	5 (2.10%)	Microsoft Intune
5	4 (1.68%)	Terraform
6	3 (1.26%)	Ansible
6	3 (1.26%)	ArcSight ESM
6	3 (1.26%)	FortiGate
6	3 (1.26%)	Proxmox
6	3 (1.26%)	QRadar
6	3 (1.26%)	Single Sign-On
7	1 (0.42%)	CASB
7	1 (0.42%)	Progress Chef
7	1 (0.42%)	VxRail

Vendors
1	59 (24.79%)	Microsoft
2	13 (5.46%)	Cisco
3	9 (3.78%)	VMware
4	8 (3.36%)	ServiceNow
4	8 (3.36%)	Splunk
4	8 (3.36%)	Tenable
5	6 (2.52%)	CheckPoint
5	6 (2.52%)	Zscaler
6	5 (2.10%)	Sophos
7	4 (1.68%)	Fortinet
7	4 (1.68%)	Oracle
7	4 (1.68%)	Qualys
8	3 (1.26%)	ArcSight
8	3 (1.26%)	CrowdStrike
8	3 (1.26%)	Dell
8	3 (1.26%)	IBM
8	3 (1.26%)	McAfee
8	3 (1.26%)	Okta
8	3 (1.26%)	TOWER Software
8	3 (1.26%)	Veeam

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category