Penetration Testing Job Trends

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 22 March 2026, with comparisons to the same periods in the previous two years.

 6 months to
22 Mar 2026		 Same period 2025 Same period 2024
Rank 460 387 416
Rank change year-on-year -73 +29 +63
Permanent jobs citing Penetration Testing 250 277 521
As % of all permanent jobs in the UK 0.33% 0.65% 0.60%
As % of the Processes & Methodologies category 0.42% 0.70% 0.69%
Number of salaries quoted 177 205 417
10th Percentile £42,500 £45,400 £38,987
25th Percentile £50,813 £58,750 £47,725
Median annual salary (50th Percentile) £72,367 £69,500 £62,500
Median % change year-on-year +4.13% +11.20% -9.68%
75th Percentile £90,000 £87,500 £82,500
90th Percentile £96,750 £95,000 £93,500
UK excluding London median annual salary £66,250 £67,500 £55,000
% change year-on-year -1.85% +22.73% -8.33%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills 59,378 39,636 75,467
As % of all permanent jobs advertised in the UK 77.65% 93.47% 86.94%
Number of salaries quoted 35,975 22,340 56,751
10th Percentile £29,750 £31,750 £29,079
25th Percentile £40,000 £43,830 £40,000
Median annual salary (50th Percentile) £55,000 £60,000 £55,000
Median % change year-on-year -8.33% +9.09% -11.29%
75th Percentile £77,500 £80,000 £73,750
90th Percentile £97,500 £102,500 £93,750
UK excluding London median annual salary £50,000 £55,000 £50,000
% change year-on-year -9.09% +10.00% -8.90%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing job vacancy trend in the UK

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Salary distribution trend for jobs in the UK citing Penetration Testing

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 22 March 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 22 March 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year		 Matching
Permanent
IT Job Ads		 Median Salary
Past 6 Months		 Median Salary
% Change
on Same Period
Last Year		 Live
Jobs
England -55 216 £70,000 +3.70% 100
UK excluding London -67 121 £66,250 -1.85% 84
London -25 98 £78,000 +7.59% 31
Work from Home -5 92 £60,000 -15.79% 69
South West +10 48 £68,750 -1.79% 19
Midlands -41 25 £52,500 -22.22% 11
South East -55 20 £72,500 +3.57% 19
North of England -68 15 £67,500 +9.31% 22
West Midlands -17 14 £60,000 -11.11% 8
Scotland -22 12 £87,500 +17.85% 7
East Midlands -32 11 £51,058 +27.65% 3
North East -24 5 £75,000 -1.32% 1
Yorkshire -38 5 £60,000 +17.07% 12
North West -42 5 £55,000 -12.00% 9
East of England -13 2 £57,500 - 5

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1 4 (1.60%) Microsoft Exchange
2 3 (1.20%) SharePoint
3 2 (0.80%) Confluence
4 1 (0.40%) Apache
4 1 (0.40%) Drupal
4 1 (0.40%) IIS
4 1 (0.40%) nginx
4 1 (0.40%) WordPress
Applications
1 3 (1.20%) Microsoft Excel
1 3 (1.20%) Microsoft Office
2 2 (0.80%) Weka
Business Applications
1 1 (0.40%) Exchequer
1 1 (0.40%) Magento
Cloud Services
1 64 (25.60%) Azure
2 48 (19.20%) AWS
3 24 (9.60%) GitHub
4 19 (7.60%) GitHub Actions
5 18 (7.20%) GCP
6 15 (6.00%) Microsoft 365
7 13 (5.20%) Azure Sentinel
8 10 (4.00%) Entra ID
8 10 (4.00%) Microsoft Purview
9 6 (2.40%) Slack
10 5 (2.00%) Power Platform
10 5 (2.00%) SaaS
11 4 (1.60%) Mimecast
12 3 (1.20%) Azure DevOps
13 2 (0.80%) Amazon EKS
13 2 (0.80%) AWS CloudFormation
13 2 (0.80%) Azure Key Vault
13 2 (0.80%) Dynamics 365
13 2 (0.80%) Rubrik
14 1 (0.40%) Azure Monitor
Communications & Networking
1 42 (16.80%) Firewall
2 25 (10.00%) Network Security
3 20 (8.00%) TCP/IP
3 20 (8.00%) Wireless
4 15 (6.00%) VPN
5 12 (4.80%) DNS
6 9 (3.60%) Intrusion Detection
7 7 (2.80%) Cisco ISE
7 7 (2.80%) VLAN
7 7 (2.80%) Wi-Fi
8 5 (2.00%) HTTP
8 5 (2.00%) Wireshark
9 4 (1.60%) Cisco Nexus
9 4 (1.60%) Ethernet
9 4 (1.60%) HTTPS
9 4 (1.60%) Internet
10 3 (1.20%) DMZ
10 3 (1.20%) LAN
10 3 (1.20%) SSL
10 3 (1.20%) VoIP
Database & Business Intelligence
1 5 (2.00%) Power BI
2 3 (1.20%) Tableau
3 2 (0.80%) SQL Server
4 1 (0.40%) Amazon RDS
4 1 (0.40%) InterSystems Cache
4 1 (0.40%) Redis
Development Applications
1 29 (11.60%) Burp Suite
1 29 (11.60%) Metasploit
2 18 (7.20%) Jenkins
3 12 (4.80%) JIRA
4 5 (2.00%) Bitbucket
5 2 (0.80%) Git
5 2 (0.80%) IDA Disassembler
6 1 (0.40%) Gatling
6 1 (0.40%) GitLab
6 1 (0.40%) JMeter
6 1 (0.40%) NUnit
6 1 (0.40%) Vagrant
General
1 83 (33.20%) Social Skills
2 79 (31.60%) Finance
3 21 (8.40%) Analytical Skills
3 21 (8.40%) Inclusion and Diversity
4 19 (7.60%) Public Sector
5 16 (6.40%) Banking
5 16 (6.40%) Law
5 16 (6.40%) Retail
6 9 (3.60%) Legal
7 8 (3.20%) Influencing Skills
8 7 (2.80%) Presentation Skills
9 6 (2.40%) Marketing
10 4 (1.60%) Electronics
10 4 (1.60%) Telecoms
11 3 (1.20%) Aerospace
11 3 (1.20%) Documentation Skills
11 3 (1.20%) Manufacturing
11 3 (1.20%) Military
11 3 (1.20%) Pharmaceutical
12 2 (0.80%) Financial Institution
Job Titles
1 40 (16.00%) Consultant
2 39 (15.60%) Analyst
3 38 (15.20%) Security Consultant
4 35 (14.00%) Security Engineer
5 32 (12.80%) Tester
6 31 (12.40%) Penetration Tester
7 29 (11.60%) Security Analyst
7 29 (11.60%) Senior
8 24 (9.60%) Security Manager
9 21 (8.40%) Applications Engineer
10 20 (8.00%) Cybersecurity Consultant
11 18 (7.20%) Security Specialist
12 12 (4.80%) IT Manager
13 11 (4.40%) Lead
13 11 (4.40%) Senior Analyst
13 11 (4.40%) Senior Security Analyst
14 9 (3.60%) Digital Analyst
14 9 (3.60%) Senior Digital Analyst
15 8 (3.20%) Head of Security
15 8 (3.20%) Senior Tester
Libraries, Frameworks & Software Standards
1 3 (1.20%) .NET
2 2 (0.80%) .NET Framework
2 2 (0.80%) JSON
3 1 (0.40%) AngularJS
3 1 (0.40%) ARM Templates
3 1 (0.40%) ASP.NET
3 1 (0.40%) ASP.NET Core
3 1 (0.40%) Entity Framework
3 1 (0.40%) Memcached
3 1 (0.40%) OAuth
3 1 (0.40%) OAuth2
3 1 (0.40%) OpenAPI
3 1 (0.40%) OpenID
3 1 (0.40%) RESTful
3 1 (0.40%) RxJS
3 1 (0.40%) Swagger
3 1 (0.40%) Vitest
3 1 (0.40%) YAML
Miscellaneous
1 64 (25.60%) Security Posture
2 29 (11.60%) Mobile App
3 28 (11.20%) Cyber Defence
4 20 (8.00%) Cyber Threat
5 19 (7.60%) Management Information System
6 7 (2.80%) Data Centre
6 7 (2.80%) Insider Threat
6 7 (2.80%) Operational Technology
6 7 (2.80%) PKI
7 6 (2.40%) Analytical Mindset
7 6 (2.40%) Blog
7 6 (2.40%) Self-Motivation
8 5 (2.00%) Cloud Native
8 5 (2.00%) Enterprise Software
9 4 (1.60%) Cyber Security Posture
9 4 (1.60%) Data Protection Act
9 4 (1.60%) Security Operations Centre
10 3 (1.20%) Public Cloud
10 3 (1.20%) Renewable Energy
10 3 (1.20%) SCADA
Operating Systems
1 31 (12.40%) Linux
2 29 (11.60%) Windows
3 10 (4.00%) Android
3 10 (4.00%) Apple iOS
4 7 (2.80%) Unix
5 4 (1.60%) Windows Server
6 1 (0.40%) Kali Linux
6 1 (0.40%) Mac OS
Processes & Methodologies
1 131 (52.40%) Cybersecurity
2 83 (33.20%) Incident Response
3 74 (29.60%) Red Team
4 62 (24.80%) Application Security
5 50 (20.00%) Problem-Solving
6 48 (19.20%) Offensive Security
6 48 (19.20%) SIEM
7 47 (18.80%) Information Security
8 46 (18.40%) Agile
9 45 (18.00%) Vulnerability Management
10 44 (17.60%) Mentoring
11 42 (16.80%) Threat Modelling
12 41 (16.40%) Security Testing
13 32 (12.80%) Business Strategy
13 32 (12.80%) Security Operations
13 32 (12.80%) Vulnerability Assessment
14 31 (12.40%) Cloud Security
14 31 (12.40%) Internal Audit
15 29 (11.60%) Business Transformation
15 29 (11.60%) Coaching
Programming Languages
1 65 (26.00%) Python
2 50 (20.00%) PowerShell
3 48 (19.20%) Bash
4 14 (5.60%) Go
5 10 (4.00%) C
5 10 (4.00%) C++
5 10 (4.00%) Java
6 7 (2.80%) C#
7 6 (2.40%) Perl
7 6 (2.40%) SQL
8 4 (1.60%) Ruby
9 3 (1.20%) R
10 2 (0.80%) Bicep
10 2 (0.80%) JavaScript
11 1 (0.40%) Kusto Query Language
11 1 (0.40%) Objective-C
11 1 (0.40%) PHP
11 1 (0.40%) Rust
11 1 (0.40%) Scala
11 1 (0.40%) TypeScript
Qualifications
1 87 (34.80%) CREST Certified
2 66 (26.40%) CISSP
3 65 (26.00%) OSCP
4 51 (20.40%) Degree
5 47 (18.80%) Security Cleared
6 38 (15.20%) SC Cleared
7 34 (13.60%) CHECK Team Member
8 28 (11.20%) CEH
8 28 (11.20%) Cisco Certification
9 23 (9.20%) CHECK Team Leader
10 20 (8.00%) SANS
11 19 (7.60%) CCNA
11 19 (7.60%) CCSAM
11 19 (7.60%) CISM
12 18 (7.20%) DV Cleared
13 17 (6.80%) CompTIA Security+
13 17 (6.80%) GIAC
14 12 (4.80%) GPEN
15 11 (4.40%) CISA
16 10 (4.00%) CCNP
Quality Assurance & Compliance
1 80 (32.00%) ISO/IEC 27001
2 50 (20.00%) NIST
3 36 (14.40%) GDPR
4 25 (10.00%) Accessibility
5 24 (9.60%) Cyber Essentials
6 17 (6.80%) PCI DSS
7 16 (6.40%) Actionable Recommendations
8 12 (4.80%) NCSC
9 9 (3.60%) Cyber Essentials PLUS
9 9 (3.60%) GRC
10 3 (1.20%) Data Quality
10 3 (1.20%) GxP
10 3 (1.20%) ITGC
10 3 (1.20%) NIST 800
10 3 (1.20%) RMADS
10 3 (1.20%) SOC 2
11 2 (0.80%) COBIT
11 2 (0.80%) ISO/IEC 27005
11 2 (0.80%) Sarbanes-Oxley
12 1 (0.40%) HIPAA
System Software
1 21 (8.40%) Active Directory
2 6 (2.40%) Virtual Machines
3 5 (2.00%) VMware Infrastructure
4 4 (1.60%) VMware ESXi
5 3 (1.20%) Docker
6 2 (0.80%) EMC RecoverPoint
6 2 (0.80%) Hyper-V
6 2 (0.80%) vSphere
7 1 (0.40%) Virtual Desktop
Systems Management
1 22 (8.80%) Nessus
2 19 (7.60%) Nmap
3 14 (5.60%) Kubernetes
4 7 (2.80%) Microsoft Intune
5 6 (2.40%) Terraform
6 5 (2.00%) Ansible
6 5 (2.00%) CSIRT
7 4 (1.60%) Single Sign-On
8 3 (1.20%) ArcSight ESM
8 3 (1.20%) FortiGate
8 3 (1.20%) QRadar
9 2 (0.80%) Progress Chef
9 2 (0.80%) VxRail
10 1 (0.40%) CASB
10 1 (0.40%) Consul
10 1 (0.40%) Jamf Pro
10 1 (0.40%) Packer
10 1 (0.40%) Proxmox
10 1 (0.40%) Puppet
Vendors
1 61 (24.40%) Microsoft
2 15 (6.00%) Cisco
3 12 (4.80%) Splunk
4 9 (3.60%) Zscaler
5 8 (3.20%) CheckPoint
5 8 (3.20%) Sophos
5 8 (3.20%) VMware
6 6 (2.40%) Fortinet
6 6 (2.40%) ServiceNow
6 6 (2.40%) Tenable
7 5 (2.00%) TOWER Software
8 4 (1.60%) CrowdStrike
8 4 (1.60%) Okta
8 4 (1.60%) Qualys
9 3 (1.20%) ArcSight
9 3 (1.20%) Dell
9 3 (1.20%) LogLogic
9 3 (1.20%) McAfee
9 3 (1.20%) Oracle
9 3 (1.20%) Veeam
125 Penetration Testing jobs Nationwide