Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 1 February 2026, with comparisons to the same periods in the previous two years.

	6 months to 1 Feb 2026	Same period 2025	Same period 2024
Rank	444	391	399
Rank change year-on-year	-53	+8	+109
Permanent jobs citing Penetration Testing	217	342	483
As % of all permanent jobs in the UK	0.34%	0.66%	0.68%
As % of the Processes & Methodologies category	0.42%	0.72%	0.77%
Number of salaries quoted	164	193	399
10^th Percentile	£42,500	£45,000	£41,850
25^th Percentile	£51,141	£56,250	£51,250
Median annual salary (50^th Percentile)	£70,000	£67,500	£65,000
Median % change year-on-year	+3.70%	+3.85%	-5.80%
75^th Percentile	£87,500	£88,750	£82,500
90^th Percentile	£90,000	£102,000	£90,000
UK excluding London median annual salary	£63,750	£62,500	£58,000
% change year-on-year	+2.00%	+7.76%	-9.02%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	51,122	47,498	63,102
As % of all permanent jobs advertised in the UK	80.11%	91.58%	88.88%
Number of salaries quoted	30,201	22,816	49,001
10^th Percentile	£28,697	£35,000	£30,000
25^th Percentile	£37,500	£45,628	£41,024
Median annual salary (50^th Percentile)	£55,000	£60,000	£55,751
Median % change year-on-year	-8.33%	+7.62%	-10.80%
75^th Percentile	£75,000	£80,000	£75,000
90^th Percentile	£95,000	£100,000	£95,000
UK excluding London median annual salary	£50,000	£55,000	£50,000
% change year-on-year	-9.09%	+10.00%	-9.09%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 1 February 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 1 February 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-33	190	£70,000	+3.70%	93
UK excluding London	-62	105	£63,750	+2.00%	74
London	+3	91	£77,500	+3.33%	34
Work from Home	-10	73	£60,000	-12.73%	62
South West	+34	42	£72,500	+7.41%	21
Midlands	+9	27	£52,500	-22.22%	13
South East	-15	17	£65,000	+4.00%	19
East Midlands	+4	14	£51,058	+27.65%	6
West Midlands	+15	13	£57,500	-14.81%	7
Scotland	-30	10	£90,000	+21.21%	5
North of England	-29	9	£55,000	-3.30%	15
Yorkshire	-12	6	£56,250	+7.14%	2
North West	-2	3	£55,000	-9.84%	11
East of England	+18	1	£85,000	+198.25%	2

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 1 February 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	110 (50.69%)	Cybersecurity
2	75 (34.56%)	ISO/IEC 27001
3	68 (31.34%)	Incident Response
4	66 (30.41%)	CREST Certified
5	63 (29.03%)	Python
6	62 (28.57%)	CISSP
7	60 (27.65%)	Red Team
8	57 (26.27%)	Azure
9	56 (25.81%)	Microsoft
10	53 (24.42%)	NIST
11	52 (23.96%)	Application Security
11	52 (23.96%)	OSCP
12	49 (22.58%)	Degree
13	48 (22.12%)	Vulnerability Management
14	43 (19.82%)	Bash

14	43 (19.82%)	SIEM
15	42 (19.35%)	PowerShell
15	42 (19.35%)	Problem-Solving
16	41 (18.89%)	Information Security
17	39 (17.97%)	Security Cleared
18	36 (16.59%)	Agile
18	36 (16.59%)	Offensive Security
19	35 (16.13%)	Security Testing
20	34 (15.67%)	AWS
20	34 (15.67%)	Threat Modelling
20	34 (15.67%)	Vulnerability Assessment
21	33 (15.21%)	Mentoring
22	32 (14.75%)	Firewall
23	31 (14.29%)	SC Cleared
24	30 (13.82%)	Vulnerability Scanning

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	4 (1.84%)	Microsoft Exchange
1	4 (1.84%)	SharePoint
2	1 (0.46%)	Confluence

Applications
1	5 (2.30%)	Microsoft Excel
1	5 (2.30%)	Microsoft Office
2	2 (0.92%)	Weka
3	1 (0.46%)	GNU Octave

Business Applications
1	1 (0.46%)	Exchequer

Cloud Services
1	57 (26.27%)	Azure
2	34 (15.67%)	AWS
3	20 (9.22%)	GitHub
4	18 (8.29%)	Microsoft 365
5	16 (7.37%)	GitHub Actions
6	15 (6.91%)	Entra ID
7	14 (6.45%)	Azure Sentinel
8	13 (5.99%)	Microsoft Purview
9	12 (5.53%)	Slack
10	10 (4.61%)	GCP
11	8 (3.69%)	Power Platform
12	3 (1.38%)	IBM Cloud
12	3 (1.38%)	SaaS
13	1 (0.46%)	Cloud Computing
13	1 (0.46%)	Datadog
13	1 (0.46%)	Dynamics 365
13	1 (0.46%)	IaaS
13	1 (0.46%)	OpenShift
13	1 (0.46%)	PaaS
13	1 (0.46%)	Power Automate

Communications & Networking
1	32 (14.75%)	Firewall
2	21 (9.68%)	Network Security
2	21 (9.68%)	TCP/IP
3	15 (6.91%)	Wireless
4	14 (6.45%)	VPN
5	9 (4.15%)	Wireshark
6	8 (3.69%)	VLAN
7	7 (3.23%)	DNS
7	7 (3.23%)	Wi-Fi
8	5 (2.30%)	HTTP
9	4 (1.84%)	Ethernet
9	4 (1.84%)	Intrusion Detection
10	3 (1.38%)	DHCP
10	3 (1.38%)	DMARC
10	3 (1.38%)	DMZ
10	3 (1.38%)	Internet
10	3 (1.38%)	LAN
10	3 (1.38%)	Modbus
10	3 (1.38%)	SSL
10	3 (1.38%)	WAN

Database & Business Intelligence
1	8 (3.69%)	Power BI
2	5 (2.30%)	Tableau

Development Applications
1	27 (12.44%)	Burp Suite
1	27 (12.44%)	Metasploit
2	16 (7.37%)	Jenkins
3	15 (6.91%)	JIRA
4	2 (0.92%)	IDA Disassembler
5	1 (0.46%)	Git
5	1 (0.46%)	GitLab

General
1	77 (35.48%)	Social Skills
2	63 (29.03%)	Finance
3	20 (9.22%)	Inclusion and Diversity
4	19 (8.76%)	Analytical Skills
5	15 (6.91%)	Influencing Skills
6	13 (5.99%)	Banking
6	13 (5.99%)	Presentation Skills
6	13 (5.99%)	Retail
7	12 (5.53%)	Public Sector
8	8 (3.69%)	Law
8	8 (3.69%)	Legal
9	6 (2.76%)	Marketing
10	4 (1.84%)	Electronics
11	3 (1.38%)	Aerospace
11	3 (1.38%)	Documentation Skills
11	3 (1.38%)	Manufacturing
11	3 (1.38%)	Military
11	3 (1.38%)	Pharmaceutical
11	3 (1.38%)	Telecoms
12	2 (0.92%)	Public Speaking

Job Titles
1	40 (18.43%)	Security Engineer
2	34 (15.67%)	Analyst
3	32 (14.75%)	Consultant
3	32 (14.75%)	Security Consultant
3	32 (14.75%)	Senior
4	30 (13.82%)	Security Analyst
5	27 (12.44%)	Tester
6	26 (11.98%)	Penetration Tester
7	19 (8.76%)	Applications Engineer
8	18 (8.29%)	Security Manager
9	17 (7.83%)	IT Manager
10	16 (7.37%)	Cybersecurity Consultant
11	12 (5.53%)	Cybersecurity Engineer
11	12 (5.53%)	Security Specialist
12	11 (5.07%)	Senior Security Engineer
13	10 (4.61%)	Information Analyst
13	10 (4.61%)	Information Security Analyst
14	9 (4.15%)	Lead
14	9 (4.15%)	Senior Analyst
14	9 (4.15%)	Senior Security Analyst

Libraries, Frameworks & Software Standards
1	5 (2.30%)	JSON
2	1 (0.46%)	.NET
2	1 (0.46%)	PyTorch
2	1 (0.46%)	TensorFlow
2	1 (0.46%)	YAML

Miscellaneous
1	51 (23.50%)	Security Posture
2	23 (10.60%)	Management Information System
2	23 (10.60%)	Mobile App
3	21 (9.68%)	Cyber Defence
4	13 (5.99%)	Cyber Threat
5	8 (3.69%)	PKI
5	8 (3.69%)	Security Operations Centre
6	7 (3.23%)	Insider Threat
6	7 (3.23%)	Self-Motivation
7	6 (2.76%)	Analytical Mindset
7	6 (2.76%)	Enterprise Software
7	6 (2.76%)	Operational Technology
8	5 (2.30%)	Data Centre
9	4 (1.84%)	Cloud Native
9	4 (1.84%)	Cyber Kill Chain
9	4 (1.84%)	Cyber Security Posture
10	3 (1.38%)	Cyberattack
10	3 (1.38%)	Linux Command Line
10	3 (1.38%)	Onboarding
10	3 (1.38%)	Renewable Energy

Operating Systems
1	23 (10.60%)	Linux
1	23 (10.60%)	Windows
2	7 (3.23%)	Android
2	7 (3.23%)	Apple iOS
3	5 (2.30%)	Unix
4	4 (1.84%)	Windows Server
5	3 (1.38%)	Kali Linux
6	1 (0.46%)	Debian
6	1 (0.46%)	Mac OS
6	1 (0.46%)	Ubuntu
6	1 (0.46%)	Windows 10
6	1 (0.46%)	Windows Server 2016
6	1 (0.46%)	Windows Server 2019

Processes & Methodologies
1	110 (50.69%)	Cybersecurity
2	68 (31.34%)	Incident Response
3	60 (27.65%)	Red Team
4	52 (23.96%)	Application Security
5	48 (22.12%)	Vulnerability Management
6	43 (19.82%)	SIEM
7	42 (19.35%)	Problem-Solving
8	41 (18.89%)	Information Security
9	36 (16.59%)	Agile
9	36 (16.59%)	Offensive Security
10	35 (16.13%)	Security Testing
11	34 (15.67%)	Threat Modelling
11	34 (15.67%)	Vulnerability Assessment
12	33 (15.21%)	Mentoring
13	30 (13.82%)	Vulnerability Scanning
14	29 (13.36%)	Security Operations
15	28 (12.90%)	Technology Transformation
16	26 (11.98%)	Business Strategy
16	26 (11.98%)	Internal Audit
17	23 (10.60%)	Vulnerability Remediation

Programming Languages
1	63 (29.03%)	Python
2	43 (19.82%)	Bash
3	42 (19.35%)	PowerShell
4	16 (7.37%)	Go
5	9 (4.15%)	C
5	9 (4.15%)	C#
5	9 (4.15%)	C++
6	7 (3.23%)	SQL
7	6 (2.76%)	Java
8	5 (2.30%)	JavaScript
8	5 (2.30%)	Perl
8	5 (2.30%)	R
9	3 (1.38%)	Ruby
10	1 (0.46%)	Kusto Query Language
10	1 (0.46%)	Scala

Qualifications
1	66 (30.41%)	CREST Certified
2	62 (28.57%)	CISSP
3	52 (23.96%)	OSCP
4	49 (22.58%)	Degree
5	39 (17.97%)	Security Cleared
6	31 (14.29%)	SC Cleared
7	28 (12.90%)	CHECK Team Member
8	26 (11.98%)	Cisco Certification
9	23 (10.60%)	SANS
10	20 (9.22%)	CEH
11	19 (8.76%)	GIAC
12	18 (8.29%)	CCNA
12	18 (8.29%)	CHECK Team Leader
13	16 (7.37%)	CompTIA Security+
14	15 (6.91%)	DV Cleared
15	14 (6.45%)	CISM
16	13 (5.99%)	CCSAM
17	12 (5.53%)	CISA
17	12 (5.53%)	GCIH
18	11 (5.07%)	GPEN

Quality Assurance & Compliance
1	75 (34.56%)	ISO/IEC 27001
2	53 (24.42%)	NIST
3	28 (12.90%)	Accessibility
4	27 (12.44%)	Cyber Essentials
5	22 (10.14%)	GDPR
6	10 (4.61%)	Actionable Recommendations
6	10 (4.61%)	GRC
7	7 (3.23%)	NCSC
8	5 (2.30%)	Cyber Essentials PLUS
9	4 (1.84%)	NIST 800
9	4 (1.84%)	QA
10	3 (1.38%)	COBIT
10	3 (1.38%)	GxP
10	3 (1.38%)	ITGC
10	3 (1.38%)	PCI DSS
10	3 (1.38%)	RMADS
11	2 (0.92%)	ISO/IEC 27005
12	1 (0.46%)	HIPAA
12	1 (0.46%)	ISO/IEC 42001
12	1 (0.46%)	SOC 2

System Software
1	16 (7.37%)	Active Directory
2	12 (5.53%)	Virtual Machines
3	7 (3.23%)	VMware ESXi
4	5 (2.30%)	VMware Infrastructure
5	2 (0.92%)	Docker
5	2 (0.92%)	Hyper-V
5	2 (0.92%)	vSphere
6	1 (0.46%)	Virtual Desktop

Systems Management
1	22 (10.14%)	Nessus
2	19 (8.76%)	Nmap
3	8 (3.69%)	Kubernetes
3	8 (3.69%)	Microsoft Intune
4	7 (3.23%)	QRadar
5	5 (2.30%)	Single Sign-On
6	3 (1.38%)	ArcSight ESM
6	3 (1.38%)	FortiGate
6	3 (1.38%)	Proxmox
6	3 (1.38%)	Terraform
7	2 (0.92%)	CSIRT
8	1 (0.46%)	Ansible
8	1 (0.46%)	CASB
8	1 (0.46%)	Progress Chef

Vendors
1	56 (25.81%)	Microsoft
2	12 (5.53%)	ServiceNow
2	12 (5.53%)	Tenable
3	11 (5.07%)	Cisco
4	8 (3.69%)	Splunk
4	8 (3.69%)	VMware
5	5 (2.30%)	Oracle
6	4 (1.84%)	CrowdStrike
6	4 (1.84%)	Qualys
7	3 (1.38%)	ArcSight
7	3 (1.38%)	Dell
7	3 (1.38%)	IBM
7	3 (1.38%)	LogLogic
7	3 (1.38%)	McAfee
7	3 (1.38%)	Veeam
8	2 (0.92%)	CheckPoint
8	2 (0.92%)	CyberArk
8	2 (0.92%)	LogRhythm
8	2 (0.92%)	SonicWALL
8	2 (0.92%)	Trend Micro

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 14 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category