Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 18 March 2026, with comparisons to the same periods in the previous two years.

	6 months to 18 Mar 2026	Same period 2025	Same period 2024
Rank	460	380	411
Rank change year-on-year	-80	+31	+74
Permanent jobs citing Penetration Testing	247	279	516
As % of all permanent jobs in the UK	0.33%	0.65%	0.61%
As % of the Processes & Methodologies category	0.42%	0.70%	0.70%
Number of salaries quoted	174	206	414
10^th Percentile	£42,500	£45,000	£40,725
25^th Percentile	£50,922	£58,750	£48,750
Median annual salary (50^th Percentile)	£71,184	£68,500	£64,951
Median % change year-on-year	+3.92%	+5.46%	-6.14%
75^th Percentile	£90,000	£87,500	£82,500
90^th Percentile	£95,875	£95,000	£92,500
UK excluding London median annual salary	£65,000	£67,500	£55,000
% change year-on-year	-3.70%	+22.73%	-8.33%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	58,218	39,990	74,105
As % of all permanent jobs advertised in the UK	77.81%	93.48%	87.20%
Number of salaries quoted	35,252	22,229	56,158
10^th Percentile	£29,750	£31,750	£29,035
25^th Percentile	£40,000	£44,000	£40,000
Median annual salary (50^th Percentile)	£55,000	£60,000	£55,000
Median % change year-on-year	-8.33%	+9.09%	-11.29%
75^th Percentile	£77,424	£80,000	£73,750
90^th Percentile	£97,500	£102,410	£93,750
UK excluding London median annual salary	£50,000	£55,000	£50,000
% change year-on-year	-9.09%	+10.00%	-8.90%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 18 March 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 18 March 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-62	213	£70,000	+3.70%	90
UK excluding London	-65	119	£65,000	-3.70%	78
London	-19	97	£77,500	+6.90%	33
Work from Home	-11	92	£60,000	-14.29%	73
South West	+9	46	£72,500	+3.57%	18
Midlands	-29	25	£52,500	-22.22%	13
South East	-38	20	£72,500	+3.57%	19
North of England	-61	15	£60,000	-1.64%	16
West Midlands	-18	14	£60,000	-11.11%	10
Scotland	-20	12	£87,500	+17.85%	8
East Midlands	-28	11	£51,058	+27.65%	3
Yorkshire	-40	6	£56,250	+9.76%	7
North West	-40	5	£55,000	-10.93%	7
North East	-17	4	£75,000	-1.32%	2
East of England	-16	2	£57,500	-	2

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 18 March 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	130 (52.63%)	Cybersecurity
2	84 (34.01%)	CREST Certified
2	84 (34.01%)	Incident Response
3	83 (33.60%)	ISO/IEC 27001
4	73 (29.55%)	Red Team
5	66 (26.72%)	CISSP
6	65 (26.32%)	Python
7	64 (25.91%)	OSCP
8	63 (25.51%)	Azure
9	61 (24.70%)	Application Security
9	61 (24.70%)	Microsoft
10	51 (20.65%)	Degree
11	50 (20.24%)	NIST
11	50 (20.24%)	PowerShell
12	49 (19.84%)	Problem-Solving

12	49 (19.84%)	SIEM
13	48 (19.43%)	Bash
13	48 (19.43%)	Offensive Security
14	47 (19.03%)	Vulnerability Management
15	46 (18.62%)	Agile
15	46 (18.62%)	AWS
15	46 (18.62%)	Information Security
16	45 (18.22%)	Security Cleared
17	43 (17.41%)	Firewall
18	42 (17.00%)	Mentoring
18	42 (17.00%)	Threat Modelling
19	39 (15.79%)	Security Testing
20	37 (14.98%)	SC Cleared
21	36 (14.57%)	GDPR
22	34 (13.77%)	CHECK Team Member

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	5 (2.02%)	Microsoft Exchange
2	4 (1.62%)	SharePoint
3	1 (0.40%)	Confluence

Applications
1	3 (1.21%)	Microsoft Excel
1	3 (1.21%)	Microsoft Office
2	2 (0.81%)	Weka

Business Applications
1	1 (0.40%)	Exchequer

Cloud Services
1	63 (25.51%)	Azure
2	46 (18.62%)	AWS
3	23 (9.31%)	GitHub
4	18 (7.29%)	GitHub Actions
5	16 (6.48%)	Microsoft 365
6	15 (6.07%)	GCP
7	13 (5.26%)	Azure Sentinel
8	11 (4.45%)	Entra ID
9	10 (4.05%)	Microsoft Purview
10	7 (2.83%)	Slack
11	6 (2.43%)	Power Platform
12	5 (2.02%)	SaaS
13	4 (1.62%)	Mimecast
14	2 (0.81%)	Azure DevOps
14	2 (0.81%)	Azure Key Vault
14	2 (0.81%)	Dynamics 365
14	2 (0.81%)	IBM Cloud
14	2 (0.81%)	Rubrik
15	1 (0.40%)	Cloudflare
15	1 (0.40%)	Datadog

Communications & Networking
1	43 (17.41%)	Firewall
2	25 (10.12%)	Network Security
3	21 (8.50%)	TCP/IP
4	20 (8.10%)	Wireless
5	16 (6.48%)	VPN
6	12 (4.86%)	DNS
7	9 (3.64%)	Intrusion Detection
8	8 (3.24%)	VLAN
9	7 (2.83%)	Cisco ISE
9	7 (2.83%)	Wi-Fi
10	5 (2.02%)	HTTP
10	5 (2.02%)	Wireshark
11	4 (1.62%)	Cisco Nexus
11	4 (1.62%)	Ethernet
11	4 (1.62%)	HTTPS
11	4 (1.62%)	Internet
12	3 (1.21%)	DMZ
12	3 (1.21%)	LAN
12	3 (1.21%)	SSL
12	3 (1.21%)	VoIP

Database & Business Intelligence
1	6 (2.43%)	Power BI
2	3 (1.21%)	Tableau
3	1 (0.40%)	SQL Server

Development Applications
1	29 (11.74%)	Burp Suite
1	29 (11.74%)	Metasploit
2	18 (7.29%)	Jenkins
3	12 (4.86%)	JIRA
4	5 (2.02%)	Bitbucket
5	2 (0.81%)	Git
5	2 (0.81%)	IDA Disassembler
6	1 (0.40%)	GitLab
6	1 (0.40%)	NUnit

General
1	85 (34.41%)	Social Skills
2	79 (31.98%)	Finance
3	21 (8.50%)	Inclusion and Diversity
4	20 (8.10%)	Analytical Skills
5	18 (7.29%)	Public Sector
6	16 (6.48%)	Banking
6	16 (6.48%)	Retail
7	15 (6.07%)	Law
8	9 (3.64%)	Influencing Skills
8	9 (3.64%)	Legal
9	8 (3.24%)	Presentation Skills
10	6 (2.43%)	Marketing
11	4 (1.62%)	Electronics
11	4 (1.62%)	Telecoms
12	3 (1.21%)	Aerospace
12	3 (1.21%)	Documentation Skills
12	3 (1.21%)	Manufacturing
12	3 (1.21%)	Military
12	3 (1.21%)	Pharmaceutical
13	2 (0.81%)	Financial Institution

Job Titles
1	40 (16.19%)	Consultant
2	38 (15.38%)	Analyst
2	38 (15.38%)	Security Consultant
3	37 (14.98%)	Security Engineer
4	31 (12.55%)	Tester
5	30 (12.15%)	Penetration Tester
5	30 (12.15%)	Senior
6	28 (11.34%)	Security Analyst
7	25 (10.12%)	Security Manager
8	21 (8.50%)	Applications Engineer
9	20 (8.10%)	Cybersecurity Consultant
10	18 (7.29%)	Security Specialist
11	12 (4.86%)	IT Manager
12	11 (4.45%)	Senior Analyst
12	11 (4.45%)	Senior Security Analyst
13	10 (4.05%)	Lead
14	9 (3.64%)	Digital Analyst
14	9 (3.64%)	Senior Digital Analyst
15	8 (3.24%)	Senior Penetration Tester
15	8 (3.24%)	Senior Tester

Libraries, Frameworks & Software Standards
1	2 (0.81%)	.NET
1	2 (0.81%)	JSON
2	1 (0.40%)	.NET Framework
2	1 (0.40%)	AngularJS
2	1 (0.40%)	ASP.NET
2	1 (0.40%)	ASP.NET Core
2	1 (0.40%)	Entity Framework
2	1 (0.40%)	OAuth
2	1 (0.40%)	OAuth2
2	1 (0.40%)	OpenAPI
2	1 (0.40%)	OpenID
2	1 (0.40%)	RESTful
2	1 (0.40%)	RxJS
2	1 (0.40%)	Swagger
2	1 (0.40%)	Vitest
2	1 (0.40%)	YAML

Miscellaneous
1	62 (25.10%)	Security Posture
2	29 (11.74%)	Mobile App
3	28 (11.34%)	Cyber Defence
4	21 (8.50%)	Cyber Threat
5	19 (7.69%)	Management Information System
6	8 (3.24%)	PKI
7	7 (2.83%)	Data Centre
7	7 (2.83%)	Insider Threat
7	7 (2.83%)	Operational Technology
8	6 (2.43%)	Analytical Mindset
8	6 (2.43%)	Blog
8	6 (2.43%)	Enterprise Software
8	6 (2.43%)	Self-Motivation
9	5 (2.02%)	Cloud Native
9	5 (2.02%)	Security Operations Centre
10	4 (1.62%)	Cyber Security Posture
10	4 (1.62%)	Data Protection Act
11	3 (1.21%)	Cyberattack
11	3 (1.21%)	Renewable Energy
11	3 (1.21%)	SCADA

Operating Systems
1	28 (11.34%)	Linux
2	27 (10.93%)	Windows
3	10 (4.05%)	Android
3	10 (4.05%)	Apple iOS
4	7 (2.83%)	Unix
5	4 (1.62%)	Windows Server
6	1 (0.40%)	Kali Linux
6	1 (0.40%)	Mac OS

Processes & Methodologies
1	130 (52.63%)	Cybersecurity
2	84 (34.01%)	Incident Response
3	73 (29.55%)	Red Team
4	61 (24.70%)	Application Security
5	49 (19.84%)	Problem-Solving
5	49 (19.84%)	SIEM
6	48 (19.43%)	Offensive Security
7	47 (19.03%)	Vulnerability Management
8	46 (18.62%)	Agile
8	46 (18.62%)	Information Security
9	42 (17.00%)	Mentoring
9	42 (17.00%)	Threat Modelling
10	39 (15.79%)	Security Testing
11	33 (13.36%)	Business Strategy
11	33 (13.36%)	Vulnerability Assessment
12	31 (12.55%)	Internal Audit
12	31 (12.55%)	Security Operations
13	30 (12.15%)	Cloud Security
14	29 (11.74%)	Business Transformation
14	29 (11.74%)	Coaching

Programming Languages
1	65 (26.32%)	Python
2	50 (20.24%)	PowerShell
3	48 (19.43%)	Bash
4	14 (5.67%)	Go
5	9 (3.64%)	C
5	9 (3.64%)	C++
5	9 (3.64%)	Java
6	6 (2.43%)	C#
6	6 (2.43%)	SQL
7	5 (2.02%)	Perl
8	3 (1.21%)	R
8	3 (1.21%)	Ruby
9	2 (0.81%)	Bicep
9	2 (0.81%)	JavaScript
10	1 (0.40%)	Kusto Query Language
10	1 (0.40%)	Scala
10	1 (0.40%)	TypeScript

Qualifications
1	84 (34.01%)	CREST Certified
2	66 (26.72%)	CISSP
3	64 (25.91%)	OSCP
4	51 (20.65%)	Degree
5	45 (18.22%)	Security Cleared
6	37 (14.98%)	SC Cleared
7	34 (13.77%)	CHECK Team Member
8	29 (11.74%)	Cisco Certification
9	27 (10.93%)	CEH
10	23 (9.31%)	CHECK Team Leader
11	21 (8.50%)	SANS
12	20 (8.10%)	CCNA
13	18 (7.29%)	CCSAM
13	18 (7.29%)	CISM
13	18 (7.29%)	DV Cleared
14	17 (6.88%)	CompTIA Security+
15	16 (6.48%)	GIAC
16	11 (4.45%)	CCNP
16	11 (4.45%)	CISA
16	11 (4.45%)	GPEN

Quality Assurance & Compliance
1	83 (33.60%)	ISO/IEC 27001
2	50 (20.24%)	NIST
3	36 (14.57%)	GDPR
4	26 (10.53%)	Accessibility
4	26 (10.53%)	Cyber Essentials
5	17 (6.88%)	PCI DSS
6	15 (6.07%)	Actionable Recommendations
7	11 (4.45%)	NCSC
8	9 (3.64%)	Cyber Essentials PLUS
8	9 (3.64%)	GRC
9	3 (1.21%)	Data Quality
9	3 (1.21%)	GxP
9	3 (1.21%)	ITGC
9	3 (1.21%)	NIST 800
9	3 (1.21%)	RMADS
9	3 (1.21%)	SOC 2
10	2 (0.81%)	COBIT
10	2 (0.81%)	ISO/IEC 27005
10	2 (0.81%)	Sarbanes-Oxley
11	1 (0.40%)	HIPAA

System Software
1	21 (8.50%)	Active Directory
2	7 (2.83%)	Virtual Machines
3	6 (2.43%)	VMware Infrastructure
4	5 (2.02%)	VMware ESXi
5	2 (0.81%)	Docker
5	2 (0.81%)	EMC RecoverPoint
5	2 (0.81%)	Hyper-V
5	2 (0.81%)	vSphere
6	1 (0.40%)	Virtual Desktop

Systems Management
1	23 (9.31%)	Nessus
2	19 (7.69%)	Nmap
3	14 (5.67%)	Kubernetes
4	7 (2.83%)	Microsoft Intune
5	5 (2.02%)	CSIRT
5	5 (2.02%)	Terraform
6	4 (1.62%)	Ansible
6	4 (1.62%)	Single Sign-On
7	3 (1.21%)	ArcSight ESM
7	3 (1.21%)	FortiGate
7	3 (1.21%)	QRadar
8	2 (0.81%)	Proxmox
8	2 (0.81%)	VxRail
9	1 (0.40%)	CASB
9	1 (0.40%)	Jamf Pro
9	1 (0.40%)	Progress Chef

Vendors
1	61 (24.70%)	Microsoft
2	15 (6.07%)	Cisco
3	11 (4.45%)	Splunk
4	9 (3.64%)	VMware
4	9 (3.64%)	Zscaler
5	8 (3.24%)	CheckPoint
5	8 (3.24%)	Sophos
6	7 (2.83%)	ServiceNow
6	7 (2.83%)	Tenable
7	6 (2.43%)	Fortinet
8	4 (1.62%)	CrowdStrike
8	4 (1.62%)	Okta
8	4 (1.62%)	Qualys
8	4 (1.62%)	TOWER Software
9	3 (1.21%)	ArcSight
9	3 (1.21%)	Dell
9	3 (1.21%)	LogLogic
9	3 (1.21%)	McAfee
9	3 (1.21%)	Oracle
9	3 (1.21%)	Veeam

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category