Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 29 December 2025, with comparisons to the same periods in the previous two years.

	6 months to 29 Dec 2025	Same period 2024	Same period 2023
Rank	470	394	371
Rank change year-on-year	-76	-23	+147
Permanent jobs citing Penetration Testing	183	362	389
As % of all permanent jobs in the UK	0.31%	0.65%	0.75%
As % of the Processes & Methodologies category	0.38%	0.73%	0.82%
Number of salaries quoted	154	203	315
10^th Percentile	£48,165	£45,324	£43,348
25^th Percentile	£55,000	£56,250	£52,500
Median annual salary (50^th Percentile)	£70,000	£65,000	£65,000
Median % change year-on-year	+7.69%	-	-6.07%
75^th Percentile	£90,000	£88,750	£82,500
90^th Percentile	-	£100,000	£90,000
UK excluding London median annual salary	£62,500	£61,250	£60,000
% change year-on-year	+2.04%	+2.08%	-7.69%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	48,671	49,754	47,191
As % of all permanent jobs advertised in the UK	82.04%	89.85%	91.49%
Number of salaries quoted	28,569	24,792	36,014
10^th Percentile	£28,500	£35,000	£31,750
25^th Percentile	£36,500	£45,000	£42,631
Median annual salary (50^th Percentile)	£55,000	£60,000	£60,000
Median % change year-on-year	-8.33%	-	-4.00%
75^th Percentile	£75,000	£80,000	£80,000
90^th Percentile	£95,000	£100,000	£97,500
UK excluding London median annual salary	£50,000	£55,000	£52,500
% change year-on-year	-9.09%	+4.76%	-3.67%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 29 December 2025.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 29 December 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-62	165	£70,000	+7.69%	602
UK excluding London	-35	96	£62,500	+2.04%	573
London	-38	71	£76,000	+1.33%	73
Work from Home	+3	69	£60,000	-7.69%	321
South West	+32	32	£80,000	+25.00%	77
Midlands	+12	24	£53,000	-7.83%	117
South East	-6	22	£58,750	-4.08%	129
West Midlands	+8	14	£59,000	+0.43%	59
East Midlands	-3	10	£51,058	-11.20%	52
North of England	-22	10	£55,000	-3.30%	126
Scotland	-22	8	£90,000	+21.21%	29
Yorkshire	-3	6	£54,250	+3.33%	53
North West	-3	4	£55,000	-12.00%	68
East of England	+28	1	£85,000	+198.25%	80

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 29 December 2025, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	92 (50.27%)	Cybersecurity
2	74 (40.44%)	ISO/IEC 27001
3	64 (34.97%)	Incident Response
4	61 (33.33%)	Python
5	58 (31.69%)	Azure
6	56 (30.60%)	CISSP
7	54 (29.51%)	NIST
8	52 (28.42%)	Microsoft
9	48 (26.23%)	SIEM
10	44 (24.04%)	Vulnerability Management
11	41 (22.40%)	Degree
12	39 (21.31%)	Bash
13	38 (20.77%)	Information Security
13	38 (20.77%)	PowerShell
13	38 (20.77%)	Security Cleared

14	37 (20.22%)	Red Team
15	36 (19.67%)	CREST Certified
15	36 (19.67%)	Firewall
16	34 (18.58%)	Problem-Solving
17	33 (18.03%)	Application Security
17	33 (18.03%)	Vulnerability Scanning
18	32 (17.49%)	AWS
18	32 (17.49%)	SC Cleared
18	32 (17.49%)	Security Operations
19	31 (16.94%)	Vulnerability Assessment
20	29 (15.85%)	Threat Modelling
21	28 (15.30%)	Cisco Certification
21	28 (15.30%)	Cyber Essentials
21	28 (15.30%)	DevOps
21	28 (15.30%)	Linux

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	6 (3.28%)	Microsoft Exchange
2	3 (1.64%)	SharePoint
3	1 (0.55%)	Confluence

Applications
1	7 (3.83%)	Microsoft Excel
1	7 (3.83%)	Microsoft Office
2	2 (1.09%)	Weka
3	1 (0.55%)	GNU Octave

Cloud Services
1	58 (31.69%)	Azure
2	32 (17.49%)	AWS
3	16 (8.74%)	GitHub
4	15 (8.20%)	Azure Sentinel
4	15 (8.20%)	Slack
5	12 (6.56%)	Entra ID
5	12 (6.56%)	GitHub Actions
5	12 (6.56%)	Microsoft 365
6	11 (6.01%)	Microsoft Purview
7	10 (5.46%)	Power Platform
8	9 (4.92%)	GCP
9	3 (1.64%)	IBM Cloud
9	3 (1.64%)	Mimecast
9	3 (1.64%)	SaaS
10	2 (1.09%)	Rubrik
10	2 (1.09%)	SecurityScorecard
11	1 (0.55%)	Azure Key Vault
11	1 (0.55%)	Dynamics 365
11	1 (0.55%)	Power Automate
11	1 (0.55%)	Tessian

Communications & Networking
1	36 (19.67%)	Firewall
2	26 (14.21%)	Network Security
3	22 (12.02%)	TCP/IP
4	13 (7.10%)	VPN
5	9 (4.92%)	Wireshark
6	8 (4.37%)	Wi-Fi
7	7 (3.83%)	Intrusion Detection
8	6 (3.28%)	Wireless
9	5 (2.73%)	HTTP
9	5 (2.73%)	VLAN
10	4 (2.19%)	DNS
10	4 (2.19%)	Ethernet
11	3 (1.64%)	Cisco ISE
11	3 (1.64%)	Modbus
12	2 (1.09%)	BGP
12	2 (1.09%)	Cisco Nexus
12	2 (1.09%)	ICMP
12	2 (1.09%)	Internet
12	2 (1.09%)	OSPF
12	2 (1.09%)	SSH

Database & Business Intelligence
1	10 (5.46%)	Power BI
2	7 (3.83%)	Tableau
3	2 (1.09%)	SQL Server
4	1 (0.55%)	Elasticsearch

Development Applications
1	22 (12.02%)	Burp Suite
2	21 (11.48%)	Metasploit
3	17 (9.29%)	JIRA
4	12 (6.56%)	Jenkins
5	2 (1.09%)	IDA Disassembler
6	1 (0.55%)	Git
6	1 (0.55%)	GitLab

General
1	73 (39.89%)	Social Skills
2	37 (20.22%)	Finance
3	19 (10.38%)	Analytical Skills
4	18 (9.84%)	Influencing Skills
5	16 (8.74%)	Inclusion and Diversity
5	16 (8.74%)	Presentation Skills
6	11 (6.01%)	Public Sector
7	9 (4.92%)	Banking
7	9 (4.92%)	Retail
8	6 (3.28%)	Law
9	4 (2.19%)	Documentation Skills
9	4 (2.19%)	Electronics
9	4 (2.19%)	Marketing
10	3 (1.64%)	Legal
10	3 (1.64%)	Manufacturing
10	3 (1.64%)	Military
11	2 (1.09%)	Aerospace
11	2 (1.09%)	Pharmaceutical
11	2 (1.09%)	Public Speaking
11	2 (1.09%)	Telecoms

Job Titles
1	48 (26.23%)	Security Engineer
2	30 (16.39%)	Analyst
3	26 (14.21%)	Security Analyst
4	23 (12.57%)	Senior
5	22 (12.02%)	Tester
6	21 (11.48%)	Penetration Tester
7	17 (9.29%)	Cybersecurity Engineer
8	16 (8.74%)	Consultant
8	16 (8.74%)	Security Consultant
9	15 (8.20%)	Applications Engineer
9	15 (8.20%)	IT Manager
9	15 (8.20%)	Senior Security Engineer
10	11 (6.01%)	Cybersecurity Consultant
11	9 (4.92%)	Security Manager
12	8 (4.37%)	Auditor
12	8 (4.37%)	Cybersecurity Analyst
12	8 (4.37%)	Information Analyst
12	8 (4.37%)	Information Security Analyst
12	8 (4.37%)	IT Auditor
12	8 (4.37%)	Security Specialist

Libraries, Frameworks & Software Standards
1	5 (2.73%)	JSON
2	1 (0.55%)	Elastic Stack
2	1 (0.55%)	PyTorch
2	1 (0.55%)	TensorFlow
2	1 (0.55%)	YAML

Miscellaneous
1	27 (14.75%)	Security Posture
2	25 (13.66%)	Management Information System
3	15 (8.20%)	Cyber Threat
4	12 (6.56%)	Security Operations Centre
5	10 (5.46%)	Cyber Defence
6	9 (4.92%)	Self-Motivation
7	8 (4.37%)	Operational Technology
8	7 (3.83%)	Mobile App
8	7 (3.83%)	PKI
9	6 (3.28%)	Analytical Mindset
9	6 (3.28%)	Cyber Kill Chain
10	5 (2.73%)	Cloud Native
10	5 (2.73%)	Enterprise Software
10	5 (2.73%)	Insider Threat
10	5 (2.73%)	SCADA
11	4 (2.19%)	Linux Command Line
12	3 (1.64%)	Data Protection Act
12	3 (1.64%)	Onboarding
12	3 (1.64%)	Renewable Energy
12	3 (1.64%)	Virtual Team

Operating Systems
1	28 (15.30%)	Linux
2	24 (13.11%)	Windows
3	7 (3.83%)	Unix
4	6 (3.28%)	Windows Server
5	5 (2.73%)	Kali Linux
6	4 (2.19%)	Android
6	4 (2.19%)	Apple iOS
7	1 (0.55%)	Debian
7	1 (0.55%)	Ubuntu
7	1 (0.55%)	Windows 10
7	1 (0.55%)	Windows Server 2016
7	1 (0.55%)	Windows Server 2019

Processes & Methodologies
1	92 (50.27%)	Cybersecurity
2	64 (34.97%)	Incident Response
3	48 (26.23%)	SIEM
4	44 (24.04%)	Vulnerability Management
5	38 (20.77%)	Information Security
6	37 (20.22%)	Red Team
7	34 (18.58%)	Problem-Solving
8	33 (18.03%)	Application Security
8	33 (18.03%)	Vulnerability Scanning
9	32 (17.49%)	Security Operations
10	31 (16.94%)	Vulnerability Assessment
11	29 (15.85%)	Threat Modelling
12	28 (15.30%)	DevOps
13	27 (14.75%)	Security Testing
13	27 (14.75%)	Technology Transformation
13	27 (14.75%)	Vulnerability Remediation
14	23 (12.57%)	Cloud Security
15	22 (12.02%)	CI/CD
15	22 (12.02%)	ITIL
16	21 (11.48%)	SDLC

Programming Languages
1	61 (33.33%)	Python
2	39 (21.31%)	Bash
3	38 (20.77%)	PowerShell
4	17 (9.29%)	Go
5	10 (5.46%)	SQL
6	7 (3.83%)	C
6	7 (3.83%)	C++
6	7 (3.83%)	R
7	6 (3.28%)	C#
8	5 (2.73%)	JavaScript
8	5 (2.73%)	Perl
9	3 (1.64%)	Java
10	2 (1.09%)	Ruby
11	1 (0.55%)	Kusto Query Language
11	1 (0.55%)	Scala

Qualifications
1	56 (30.60%)	CISSP
2	41 (22.40%)	Degree
3	38 (20.77%)	Security Cleared
4	36 (19.67%)	CREST Certified
5	32 (17.49%)	SC Cleared
6	28 (15.30%)	Cisco Certification
7	27 (14.75%)	OSCP
8	22 (12.02%)	SANS
9	19 (10.38%)	CCNA
10	17 (9.29%)	CompTIA Security+
11	16 (8.74%)	GIAC
12	15 (8.20%)	CHECK Team Member
13	13 (7.10%)	DV Cleared
14	12 (6.56%)	CISA
14	12 (6.56%)	GCIA
14	12 (6.56%)	GCIH
15	11 (6.01%)	CCNP
15	11 (6.01%)	CEH
16	9 (4.92%)	CISM
17	8 (4.37%)	Microsoft Certification

Quality Assurance & Compliance
1	74 (40.44%)	ISO/IEC 27001
2	54 (29.51%)	NIST
3	28 (15.30%)	Cyber Essentials
4	27 (14.75%)	Accessibility
5	15 (8.20%)	GDPR
6	6 (3.28%)	GRC
6	6 (3.28%)	NCSC
7	5 (2.73%)	Actionable Recommendations
7	5 (2.73%)	NIST 800
8	4 (2.19%)	QA
9	3 (1.64%)	Cyber Essentials PLUS
9	3 (1.64%)	ITGC
9	3 (1.64%)	PCI DSS
9	3 (1.64%)	RMADS
10	2 (1.09%)	GxP
10	2 (1.09%)	ISO/IEC 27005
11	1 (0.55%)	COBIT
11	1 (0.55%)	ISO/IEC 42001
11	1 (0.55%)	Sarbanes-Oxley
11	1 (0.55%)	SOC 2

System Software
1	15 (8.20%)	Virtual Machines
2	9 (4.92%)	Active Directory
3	6 (3.28%)	VMware Infrastructure
4	4 (2.19%)	VMware ESXi
5	3 (1.64%)	Firmware
5	3 (1.64%)	Hyper-V
6	2 (1.09%)	Docker
6	2 (1.09%)	EMC RecoverPoint
6	2 (1.09%)	pfSense
6	2 (1.09%)	Squid
6	2 (1.09%)	vSphere

Systems Management
1	19 (10.38%)	Nmap
2	16 (8.74%)	Nessus
3	8 (4.37%)	QRadar
4	5 (2.73%)	Kubernetes
4	5 (2.73%)	Single Sign-On
5	4 (2.19%)	Microsoft Intune
6	3 (1.64%)	ArcSight ESM
6	3 (1.64%)	Proxmox
7	2 (1.09%)	Cisco CUCM
7	2 (1.09%)	Terraform
7	2 (1.09%)	VxRail
8	1 (0.55%)	Ansible
8	1 (0.55%)	CASB
8	1 (0.55%)	CSIRT
8	1 (0.55%)	Kibana
8	1 (0.55%)	Progress Chef
8	1 (0.55%)	SCCM
8	1 (0.55%)	ZENworks

Vendors
1	52 (28.42%)	Microsoft
2	17 (9.29%)	Tenable
3	15 (8.20%)	Cisco
3	15 (8.20%)	ServiceNow
4	11 (6.01%)	Splunk
5	8 (4.37%)	VMware
6	7 (3.83%)	Oracle
7	6 (3.28%)	Fortinet
8	5 (2.73%)	Palo Alto
9	4 (2.19%)	CheckPoint
9	4 (2.19%)	Qualys
9	4 (2.19%)	Zscaler
10	3 (1.64%)	ArcSight
10	3 (1.64%)	CyberArk
10	3 (1.64%)	IBM
10	3 (1.64%)	LogLogic
10	3 (1.64%)	LogRhythm
10	3 (1.64%)	McAfee
11	2 (1.09%)	Okta
11	2 (1.09%)	Trend Micro

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 14 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category