Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 4 November 2025, with comparisons to the same periods in the previous two years.

	6 months to 4 Nov 2025	Same period 2024	Same period 2023
Rank	464	423	414
Rank change year-on-year	-41	-9	+138
Permanent jobs citing Penetration Testing	192	357	342
As % of all permanent jobs in the UK	0.38%	0.53%	0.64%
As % of the Processes & Methodologies category	0.44%	0.64%	0.68%
Number of salaries quoted	162	191	311
10^th Percentile	£47,792	£47,500	£42,500
25^th Percentile	£55,000	£56,250	£52,113
Median annual salary (50^th Percentile)	£70,000	£65,000	£62,500
Median % change year-on-year	+7.69%	+4.00%	-9.68%
75^th Percentile	£87,500	£87,500	£76,250
90^th Percentile	£90,000	£100,000	£90,000
UK excluding London median annual salary	£65,000	£60,000	£59,250
% change year-on-year	+8.33%	+1.27%	-8.85%

All Process and Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	43,858	55,843	50,051
As % of all permanent jobs advertised in the UK	87.24%	82.56%	93.90%
Number of salaries quoted	26,007	29,332	38,488
10^th Percentile	£28,250	£33,750	£32,500
25^th Percentile	£35,750	£45,000	£44,000
Median annual salary (50^th Percentile)	£54,285	£60,000	£60,000
Median % change year-on-year	-9.53%	-	-
75^th Percentile	£75,000	£78,750	£80,000
90^th Percentile	£95,000	£97,500	£98,750
UK excluding London median annual salary	£46,750	£54,000	£52,500
% change year-on-year	-13.43%	+2.86%	-

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 4 November 2025.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 4 November 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-13	173	£69,384	+6.74%	209
UK excluding London	-14	97	£65,000	+8.33%	156
London	-10	82	£75,000	-	90
Work from Home	+1	75	£69,384	+6.74%	108
North of England	+1	25	£62,500	+4.17%	27
South East	+11	22	£58,750	-0.42%	63
South West	+33	19	£77,500	+21.09%	33
Midlands	+27	19	£54,000	-11.84%	21
Yorkshire	+20	18	£55,000	+4.76%	4
West Midlands	+27	12	£55,000	-15.38%	18
East Midlands	+28	7	£51,058	-11.20%	3
Scotland	-38	6	£90,000	+25.87%	6
North West	-15	5	£69,384	+11.01%	22
Northern Ireland	+3	4	£70,000	+16.67%	1
Wales	-	2	£75,574	-	3
North East	-	2	£75,574	-	1
East of England	+32	1	£85,000	+198.25%	6

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 4 November 2025, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	116 (60.42%)	Cybersecurity
2	81 (42.19%)	ISO/IEC 27001
3	71 (36.98%)	Incident Response
4	62 (32.29%)	NIST
4	62 (32.29%)	Python
5	61 (31.77%)	Azure
5	61 (31.77%)	Microsoft
6	58 (30.21%)	Firewall
6	58 (30.21%)	SIEM
7	55 (28.65%)	Vulnerability Management
8	47 (24.48%)	Network Security
9	46 (23.96%)	Security Cleared
10	43 (22.40%)	Information Security
11	42 (21.88%)	SC Cleared
12	41 (21.35%)	Vulnerability Scanning

13	40 (20.83%)	PowerShell
13	40 (20.83%)	Windows
14	39 (20.31%)	CISSP
15	38 (19.79%)	AWS
15	38 (19.79%)	Vulnerability Assessment
16	36 (18.75%)	Bash
16	36 (18.75%)	Degree
17	33 (17.19%)	DevOps
18	32 (16.67%)	Security Testing
19	31 (16.15%)	Security Architecture
20	30 (15.63%)	Security Operations
21	29 (15.10%)	Cyber Essentials
21	29 (15.10%)	Linux
22	27 (14.06%)	Cloud Security
23	26 (13.54%)	CI/CD

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	6 (3.13%)	Microsoft Exchange
2	3 (1.56%)	SharePoint
3	1 (0.52%)	Confluence

Applications
1	7 (3.65%)	Microsoft Excel
1	7 (3.65%)	Microsoft Office
2	1 (0.52%)	GNU Octave

Cloud Services
1	61 (31.77%)	Azure
2	38 (19.79%)	AWS
3	20 (10.42%)	Microsoft 365
4	16 (8.33%)	Entra ID
5	15 (7.81%)	Slack
6	12 (6.25%)	Azure Sentinel
6	12 (6.25%)	GitHub
7	9 (4.69%)	Power Platform
8	8 (4.17%)	GitHub Actions
9	7 (3.65%)	GCP
9	7 (3.65%)	Microsoft Purview
10	4 (2.08%)	Azure Key Vault
11	3 (1.56%)	Azure DevOps
11	3 (1.56%)	Azure Logic Apps
11	3 (1.56%)	IBM Cloud
11	3 (1.56%)	Mimecast
11	3 (1.56%)	PaaS
11	3 (1.56%)	SaaS
12	2 (1.04%)	Azure Stack
12	2 (1.04%)	Google Workspace

Communications & Networking
1	58 (30.21%)	Firewall
2	47 (24.48%)	Network Security
3	14 (7.29%)	TCP/IP
4	12 (6.25%)	VPN
5	8 (4.17%)	Wi-Fi
5	8 (4.17%)	Wireless
5	8 (4.17%)	Wireshark
6	7 (3.65%)	Intrusion Detection
7	6 (3.13%)	VLAN
8	5 (2.60%)	BGP
8	5 (2.60%)	OSPF
9	4 (2.08%)	Ethernet
9	4 (2.08%)	HTTP
10	3 (1.56%)	Cisco ISE
10	3 (1.56%)	DNS
10	3 (1.56%)	Modbus
10	3 (1.56%)	Spanning Tree
10	3 (1.56%)	SSL
10	3 (1.56%)	WAN
11	2 (1.04%)	Cisco Nexus

Database & Business Intelligence
1	9 (4.69%)	Power BI
2	7 (3.65%)	Tableau
3	2 (1.04%)	Elasticsearch
3	2 (1.04%)	SQL Server

Development Applications
1	19 (9.90%)	JIRA
2	14 (7.29%)	Burp Suite
3	13 (6.77%)	Metasploit
4	8 (4.17%)	Jenkins
5	3 (1.56%)	Git
6	2 (1.04%)	GitLab
6	2 (1.04%)	IDA Disassembler

General
1	94 (48.96%)	Social Skills
2	27 (14.06%)	Finance
3	26 (13.54%)	Influencing Skills
4	24 (12.50%)	Inclusion and Diversity
5	23 (11.98%)	Analytical Skills
6	16 (8.33%)	Presentation Skills
7	9 (4.69%)	Legal
8	8 (4.17%)	Law
9	6 (3.13%)	Retail
10	5 (2.60%)	Manufacturing
11	4 (2.08%)	Banking
11	4 (2.08%)	Documentation Skills
11	4 (2.08%)	Electronics
11	4 (2.08%)	Public Sector
12	3 (1.56%)	Mandarin Language
12	3 (1.56%)	Marketing
12	3 (1.56%)	Military
13	2 (1.04%)	Organisational Skills
14	1 (0.52%)	Advertising
14	1 (0.52%)	Financial Institution

Job Titles
1	52 (27.08%)	Security Engineer
2	33 (17.19%)	Analyst
3	28 (14.58%)	Security Analyst
4	25 (13.02%)	Senior
5	19 (9.90%)	Architect
5	19 (9.90%)	Cybersecurity Engineer
5	19 (9.90%)	Lead
6	17 (8.85%)	Security Architect
6	17 (8.85%)	Senior Security Engineer
7	16 (8.33%)	Tester
8	15 (7.81%)	Penetration Tester
9	12 (6.25%)	Security Specialist
10	11 (5.73%)	IT Manager
10	11 (5.73%)	Network Engineer
11	10 (5.21%)	Applications Engineer
12	9 (4.69%)	Cybersecurity Specialist
13	8 (4.17%)	Cloud Engineer
13	8 (4.17%)	Cybersecurity Analyst
13	8 (4.17%)	Lead Security Architect
13	8 (4.17%)	Principal Architect

Libraries, Frameworks & Software Standards
1	5 (2.60%)	JSON
2	2 (1.04%)	Elastic Stack
3	1 (0.52%)	ModSecurity
3	1 (0.52%)	PyTorch
3	1 (0.52%)	TensorFlow
3	1 (0.52%)	YAML

Miscellaneous
1	26 (13.54%)	Management Information System
2	21 (10.94%)	Security Posture
3	15 (7.81%)	Cyber Threat
3	15 (7.81%)	Security Operations Centre
4	10 (5.21%)	Operational Technology
5	9 (4.69%)	Cyber Defence
6	8 (4.17%)	Mobile App
6	8 (4.17%)	Self-Motivation
7	7 (3.65%)	Analytical Mindset
7	7 (3.65%)	Data Centre
8	6 (3.13%)	Cloud Native
8	6 (3.13%)	Cyber Kill Chain
8	6 (3.13%)	PKI
8	6 (3.13%)	SCADA
9	4 (2.08%)	Cyberattack
9	4 (2.08%)	Distributed Systems
9	4 (2.08%)	Enterprise Software
9	4 (2.08%)	Linux Command Line
10	3 (1.56%)	Onboarding
10	3 (1.56%)	Public Cloud

Operating Systems
1	40 (20.83%)	Windows
2	29 (15.10%)	Linux
3	7 (3.65%)	Unix
4	6 (3.13%)	Kali Linux
4	6 (3.13%)	Windows Server
5	3 (1.56%)	VMS
6	2 (1.04%)	Android
6	2 (1.04%)	Apple iOS
7	1 (0.52%)	Debian
7	1 (0.52%)	Ubuntu
7	1 (0.52%)	Windows 10
7	1 (0.52%)	Windows Server 2016
7	1 (0.52%)	Windows Server 2019

Processes & Methodologies
1	116 (60.42%)	Cybersecurity
2	71 (36.98%)	Incident Response
3	58 (30.21%)	SIEM
4	55 (28.65%)	Vulnerability Management
5	43 (22.40%)	Information Security
6	41 (21.35%)	Vulnerability Scanning
7	38 (19.79%)	Vulnerability Assessment
8	33 (17.19%)	DevOps
9	32 (16.67%)	Security Testing
10	31 (16.15%)	Security Architecture
11	30 (15.63%)	Security Operations
12	27 (14.06%)	Cloud Security
13	26 (13.54%)	CI/CD
13	26 (13.54%)	Problem-Solving
14	25 (13.02%)	Threat Modelling
14	25 (13.02%)	Vulnerability Remediation
15	24 (12.50%)	Application Security
16	23 (11.98%)	Risk Management
16	23 (11.98%)	Technology Transformation
17	21 (10.94%)	Risk Assessment

Programming Languages
1	62 (32.29%)	Python
2	40 (20.83%)	PowerShell
3	36 (18.75%)	Bash
4	18 (9.38%)	Go
5	12 (6.25%)	SQL
6	7 (3.65%)	JavaScript
6	7 (3.65%)	R
7	6 (3.13%)	C
7	6 (3.13%)	C++
8	4 (2.08%)	C#
9	3 (1.56%)	Java
9	3 (1.56%)	Perl
10	1 (0.52%)	Kusto Query Language
10	1 (0.52%)	Scala

Qualifications
1	46 (23.96%)	Security Cleared
2	42 (21.88%)	SC Cleared
3	39 (20.31%)	CISSP
4	36 (18.75%)	Degree
5	21 (10.94%)	OSCP
6	19 (9.90%)	Cisco Certification
6	19 (9.90%)	CREST Certified
7	18 (9.38%)	SANS
8	15 (7.81%)	CCNA
8	15 (7.81%)	CompTIA Security+
9	14 (7.29%)	DV Cleared
10	12 (6.25%)	CCNP
10	12 (6.25%)	GCIA
11	9 (4.69%)	CEH
11	9 (4.69%)	CISA
11	9 (4.69%)	GIAC
12	8 (4.17%)	CHECK Team Leader
13	7 (3.65%)	ACCA
13	7 (3.65%)	CIMA
14	6 (3.13%)	Microsoft Certification

Quality Assurance & Compliance
1	81 (42.19%)	ISO/IEC 27001
2	62 (32.29%)	NIST
3	29 (15.10%)	Cyber Essentials
4	23 (11.98%)	Accessibility
5	22 (11.46%)	NCSC
6	14 (7.29%)	GDPR
7	12 (6.25%)	QA
8	5 (2.60%)	NIST 800
9	3 (1.56%)	Actionable Recommendations
9	3 (1.56%)	Cyber Essentials PLUS
9	3 (1.56%)	GRC
9	3 (1.56%)	PCI DSS
10	2 (1.04%)	RMADS
11	1 (0.52%)	COBIT
11	1 (0.52%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
11	1 (0.52%)	ISO/IEC 27005
11	1 (0.52%)	ISO/IEC 42001
11	1 (0.52%)	SOC 2

System Software
1	15 (7.81%)	Virtual Machines
2	14 (7.29%)	Active Directory
3	5 (2.60%)	VMware Infrastructure
4	4 (2.08%)	VMware ESXi
5	3 (1.56%)	Firmware
6	2 (1.04%)	EMC RecoverPoint
6	2 (1.04%)	Hyper-V
6	2 (1.04%)	pfSense
6	2 (1.04%)	Squid

Systems Management
1	10 (5.21%)	Nessus
1	10 (5.21%)	Nmap
2	7 (3.65%)	Single Sign-On
3	6 (3.13%)	Microsoft Intune
4	5 (2.60%)	Kubernetes
4	5 (2.60%)	QRadar
5	3 (1.56%)	Proxmox
6	2 (1.04%)	Cisco CUCM
6	2 (1.04%)	Jamf Pro
6	2 (1.04%)	Kibana
6	2 (1.04%)	Progress Chef
6	2 (1.04%)	Terraform
6	2 (1.04%)	VxRail
7	1 (0.52%)	Ansible
7	1 (0.52%)	CASB
7	1 (0.52%)	SCCM
7	1 (0.52%)	ZENworks

Vendors
1	61 (31.77%)	Microsoft
2	17 (8.85%)	Tenable
3	16 (8.33%)	Cisco
4	15 (7.81%)	ServiceNow
5	9 (4.69%)	Splunk
6	8 (4.17%)	Oracle
7	7 (3.65%)	VMware
8	6 (3.13%)	Fortinet
9	5 (2.60%)	Palo Alto
10	4 (2.08%)	CheckPoint
10	4 (2.08%)	Sophos
10	4 (2.08%)	Zscaler
11	3 (1.56%)	IBM
11	3 (1.56%)	LogRhythm
11	3 (1.56%)	Meraki
12	2 (1.04%)	CrowdStrike
12	2 (1.04%)	CyberArk
12	2 (1.04%)	Google
12	2 (1.04%)	Okta
12	2 (1.04%)	Qualys

Penetration TestingUK

All Process and Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 17 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category