Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 10 November 2025, with comparisons to the same periods in the previous two years.

	6 months to 10 Nov 2025	Same period 2024	Same period 2023
Rank	470	432	412
Rank change year-on-year	-38	-20	+125
Permanent jobs citing Penetration Testing	192	361	353
As % of all permanent jobs in the UK	0.37%	0.54%	0.66%
As % of the Processes & Methodologies category	0.43%	0.65%	0.70%
Number of salaries quoted	160	197	316
10^th Percentile	£47,750	£47,500	£42,500
25^th Percentile	£52,500	£55,000	£51,625
Median annual salary (50^th Percentile)	£69,384	£65,000	£62,500
Median % change year-on-year	+6.74%	+4.00%	-9.68%
75^th Percentile	£85,063	£87,500	£76,563
90^th Percentile	£90,000	£100,000	£90,000
UK excluding London median annual salary	£63,750	£60,000	£59,250
% change year-on-year	+6.25%	+1.27%	-8.85%

All Process and Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	44,404	55,778	50,322
As % of all permanent jobs advertised in the UK	86.64%	82.84%	93.88%
Number of salaries quoted	26,555	29,039	38,573
10^th Percentile	£28,250	£34,000	£32,500
25^th Percentile	£35,500	£45,000	£43,867
Median annual salary (50^th Percentile)	£53,700	£60,000	£60,000
Median % change year-on-year	-10.50%	-	-
75^th Percentile	£75,000	£78,750	£80,000
90^th Percentile	£95,000	£97,500	£97,500
UK excluding London median annual salary	£46,750	£54,000	£52,500
% change year-on-year	-13.43%	+2.86%	-

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 10 November 2025.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 10 November 2025. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-24	175	£69,384	+6.74%	206
UK excluding London	-5	94	£63,750	+6.25%	146
London	-9	83	£75,000	-	64
Work from Home	-11	70	£65,000	-	129
South East	+14	23	£57,500	-3.36%	51
North of England	+10	23	£58,750	-2.08%	40
South West	+27	20	£78,750	+23.05%	27
Midlands	+31	19	£54,000	-6.09%	22
Yorkshire	+31	18	£55,000	+4.76%	10
West Midlands	+16	12	£55,000	-6.38%	18
East Midlands	+27	7	£51,058	-11.20%	2
Scotland	-29	5	£90,000	+25.87%	4
North West	-3	4	£67,192	+9.70%	30
Northern Ireland	+2	3	£69,692	+16.15%	1
East of England	+23	1	£85,000	+198.25%	7
Wales	-	1	£69,384	-
North East	-	1	£69,384	-

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 10 November 2025, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	113 (58.85%)	Cybersecurity
2	77 (40.10%)	ISO/IEC 27001
3	76 (39.58%)	Incident Response
4	64 (33.33%)	Microsoft
5	63 (32.81%)	Azure
6	62 (32.29%)	Python
7	60 (31.25%)	Firewall
7	60 (31.25%)	SIEM
8	58 (30.21%)	NIST
9	57 (29.69%)	Vulnerability Management
10	42 (21.88%)	Security Cleared
11	41 (21.35%)	Vulnerability Scanning
12	40 (20.83%)	Network Security
12	40 (20.83%)	PowerShell
12	40 (20.83%)	Windows

13	39 (20.31%)	CISSP
13	39 (20.31%)	Degree
13	39 (20.31%)	Information Security
14	38 (19.79%)	AWS
14	38 (19.79%)	Vulnerability Assessment
15	36 (18.75%)	Bash
15	36 (18.75%)	SC Cleared
16	33 (17.19%)	DevOps
16	33 (17.19%)	Security Operations
17	32 (16.67%)	Security Testing
18	29 (15.10%)	Cyber Essentials
18	29 (15.10%)	Linux
19	28 (14.58%)	Cloud Security
20	27 (14.06%)	Problem-Solving
21	26 (13.54%)	CI/CD

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	6 (3.13%)	Microsoft Exchange
2	3 (1.56%)	SharePoint
3	1 (0.52%)	Confluence

Applications
1	7 (3.65%)	Microsoft Excel
1	7 (3.65%)	Microsoft Office
2	1 (0.52%)	GNU Octave

Cloud Services
1	63 (32.81%)	Azure
2	38 (19.79%)	AWS
3	22 (11.46%)	Microsoft 365
4	17 (8.85%)	Entra ID
5	15 (7.81%)	Slack
6	12 (6.25%)	Azure Sentinel
6	12 (6.25%)	GitHub
7	9 (4.69%)	Microsoft Purview
7	9 (4.69%)	Power Platform
8	8 (4.17%)	GitHub Actions
9	7 (3.65%)	GCP
10	4 (2.08%)	Azure Key Vault
10	4 (2.08%)	SaaS
11	3 (1.56%)	Azure DevOps
11	3 (1.56%)	Azure Logic Apps
11	3 (1.56%)	IBM Cloud
11	3 (1.56%)	Mimecast
11	3 (1.56%)	PaaS
12	2 (1.04%)	Azure Stack
12	2 (1.04%)	Rubrik

Communications & Networking
1	60 (31.25%)	Firewall
2	40 (20.83%)	Network Security
3	15 (7.81%)	TCP/IP
4	12 (6.25%)	VPN
5	9 (4.69%)	Intrusion Detection
6	8 (4.17%)	Wi-Fi
6	8 (4.17%)	Wireless
6	8 (4.17%)	Wireshark
7	6 (3.13%)	VLAN
8	5 (2.60%)	BGP
8	5 (2.60%)	OSPF
9	4 (2.08%)	Ethernet
9	4 (2.08%)	HTTP
10	3 (1.56%)	Cisco ISE
10	3 (1.56%)	DNS
10	3 (1.56%)	Modbus
10	3 (1.56%)	Spanning Tree
10	3 (1.56%)	SSL
10	3 (1.56%)	WAN
11	2 (1.04%)	Cisco Nexus

Database & Business Intelligence
1	9 (4.69%)	Power BI
2	7 (3.65%)	Tableau
3	2 (1.04%)	Elasticsearch
3	2 (1.04%)	SQL Server

Development Applications
1	19 (9.90%)	JIRA
2	15 (7.81%)	Burp Suite
3	14 (7.29%)	Metasploit
4	8 (4.17%)	Jenkins
5	3 (1.56%)	Git
6	2 (1.04%)	GitLab
6	2 (1.04%)	IDA Disassembler

General
1	89 (46.35%)	Social Skills
2	26 (13.54%)	Finance
3	23 (11.98%)	Analytical Skills
4	19 (9.90%)	Inclusion and Diversity
4	19 (9.90%)	Influencing Skills
5	16 (8.33%)	Presentation Skills
6	9 (4.69%)	Law
7	6 (3.13%)	Public Sector
7	6 (3.13%)	Retail
8	5 (2.60%)	Banking
8	5 (2.60%)	Manufacturing
9	4 (2.08%)	Documentation Skills
9	4 (2.08%)	Electronics
9	4 (2.08%)	Military
10	3 (1.56%)	Legal
10	3 (1.56%)	Mandarin Language
10	3 (1.56%)	Marketing
11	2 (1.04%)	Organisational Skills
12	1 (0.52%)	Advertising
12	1 (0.52%)	Financial Institution

Job Titles
1	52 (27.08%)	Security Engineer
2	36 (18.75%)	Analyst
3	31 (16.15%)	Security Analyst
4	26 (13.54%)	Senior
5	20 (10.42%)	Lead
6	19 (9.90%)	Cybersecurity Engineer
7	18 (9.38%)	Tester
8	17 (8.85%)	Penetration Tester
8	17 (8.85%)	Senior Security Engineer
9	13 (6.77%)	Architect
10	12 (6.25%)	Security Specialist
11	11 (5.73%)	IT Manager
11	11 (5.73%)	Network Engineer
11	11 (5.73%)	Security Architect
12	10 (5.21%)	Applications Engineer
13	9 (4.69%)	Cybersecurity Analyst
13	9 (4.69%)	Cybersecurity Specialist
13	9 (4.69%)	Lead Architect
13	9 (4.69%)	Lead Security Architect
14	8 (4.17%)	Cloud Engineer

Libraries, Frameworks & Software Standards
1	5 (2.60%)	JSON
2	2 (1.04%)	Elastic Stack
3	1 (0.52%)	ModSecurity
3	1 (0.52%)	PyTorch
3	1 (0.52%)	TensorFlow
3	1 (0.52%)	YAML

Miscellaneous
1	28 (14.58%)	Management Information System
2	22 (11.46%)	Security Posture
3	15 (7.81%)	Cyber Threat
3	15 (7.81%)	Security Operations Centre
4	10 (5.21%)	Operational Technology
5	9 (4.69%)	Cyber Defence
6	8 (4.17%)	Mobile App
6	8 (4.17%)	Self-Motivation
7	7 (3.65%)	Analytical Mindset
7	7 (3.65%)	Data Centre
7	7 (3.65%)	PKI
8	6 (3.13%)	Cloud Native
8	6 (3.13%)	Cyber Kill Chain
8	6 (3.13%)	SCADA
9	4 (2.08%)	Cyberattack
9	4 (2.08%)	Distributed Systems
9	4 (2.08%)	Enterprise Software
9	4 (2.08%)	Linux Command Line
9	4 (2.08%)	Onboarding
10	3 (1.56%)	Public Cloud

Operating Systems
1	40 (20.83%)	Windows
2	29 (15.10%)	Linux
3	7 (3.65%)	Unix
4	6 (3.13%)	Kali Linux
4	6 (3.13%)	Windows Server
5	3 (1.56%)	VMS
6	2 (1.04%)	Android
6	2 (1.04%)	Apple iOS
7	1 (0.52%)	Debian
7	1 (0.52%)	Ubuntu
7	1 (0.52%)	Windows 10
7	1 (0.52%)	Windows Server 2016
7	1 (0.52%)	Windows Server 2019

Processes & Methodologies
1	113 (58.85%)	Cybersecurity
2	76 (39.58%)	Incident Response
3	60 (31.25%)	SIEM
4	57 (29.69%)	Vulnerability Management
5	41 (21.35%)	Vulnerability Scanning
6	39 (20.31%)	Information Security
7	38 (19.79%)	Vulnerability Assessment
8	33 (17.19%)	DevOps
8	33 (17.19%)	Security Operations
9	32 (16.67%)	Security Testing
10	28 (14.58%)	Cloud Security
11	27 (14.06%)	Problem-Solving
12	26 (13.54%)	CI/CD
12	26 (13.54%)	Security Architecture
12	26 (13.54%)	Threat Modelling
13	25 (13.02%)	Application Security
13	25 (13.02%)	Vulnerability Remediation
14	23 (11.98%)	Technology Transformation
15	21 (10.94%)	Red Team
16	19 (9.90%)	ITIL

Programming Languages
1	62 (32.29%)	Python
2	40 (20.83%)	PowerShell
3	36 (18.75%)	Bash
4	18 (9.38%)	Go
5	12 (6.25%)	SQL
6	7 (3.65%)	JavaScript
6	7 (3.65%)	R
7	6 (3.13%)	C
7	6 (3.13%)	C++
8	4 (2.08%)	C#
9	3 (1.56%)	Java
9	3 (1.56%)	Perl
10	1 (0.52%)	Kusto Query Language
10	1 (0.52%)	Scala

Qualifications
1	42 (21.88%)	Security Cleared
2	39 (20.31%)	CISSP
2	39 (20.31%)	Degree
3	36 (18.75%)	SC Cleared
4	22 (11.46%)	Cisco Certification
5	21 (10.94%)	CREST Certified
5	21 (10.94%)	OSCP
6	19 (9.90%)	SANS
7	17 (8.85%)	CCNA
8	16 (8.33%)	DV Cleared
9	15 (7.81%)	CompTIA Security+
10	12 (6.25%)	CCNP
10	12 (6.25%)	GCIA
10	12 (6.25%)	GIAC
11	9 (4.69%)	CEH
11	9 (4.69%)	CHECK Team Leader
11	9 (4.69%)	CISA
12	8 (4.17%)	CHECK Team Member
13	7 (3.65%)	ACCA
13	7 (3.65%)	CIMA

Quality Assurance & Compliance
1	77 (40.10%)	ISO/IEC 27001
2	58 (30.21%)	NIST
3	29 (15.10%)	Cyber Essentials
4	23 (11.98%)	Accessibility
5	18 (9.38%)	GDPR
6	16 (8.33%)	NCSC
7	5 (2.60%)	NIST 800
7	5 (2.60%)	QA
8	4 (2.08%)	GRC
9	3 (1.56%)	Actionable Recommendations
9	3 (1.56%)	PCI DSS
9	3 (1.56%)	RMADS
10	2 (1.04%)	Cyber Essentials PLUS
10	2 (1.04%)	ISO/IEC 27005
10	2 (1.04%)	ITGC
11	1 (0.52%)	COBIT
11	1 (0.52%)	ISO/IEC 27002 (supersedes ISO/IEC 17799)
11	1 (0.52%)	ISO/IEC 42001
11	1 (0.52%)	Sarbanes-Oxley
11	1 (0.52%)	SOC 2

System Software
1	15 (7.81%)	Virtual Machines
2	14 (7.29%)	Active Directory
3	5 (2.60%)	VMware Infrastructure
4	4 (2.08%)	VMware ESXi
5	3 (1.56%)	Firmware
6	2 (1.04%)	EMC RecoverPoint
6	2 (1.04%)	Hyper-V
6	2 (1.04%)	pfSense
6	2 (1.04%)	Squid

Systems Management
1	11 (5.73%)	Nessus
1	11 (5.73%)	Nmap
2	7 (3.65%)	QRadar
2	7 (3.65%)	Single Sign-On
3	6 (3.13%)	Microsoft Intune
4	5 (2.60%)	Kubernetes
5	3 (1.56%)	Proxmox
6	2 (1.04%)	ArcSight ESM
6	2 (1.04%)	Cisco CUCM
6	2 (1.04%)	Jamf Pro
6	2 (1.04%)	Kibana
6	2 (1.04%)	Progress Chef
6	2 (1.04%)	Terraform
6	2 (1.04%)	VxRail
7	1 (0.52%)	Ansible
7	1 (0.52%)	CASB
7	1 (0.52%)	SCCM
7	1 (0.52%)	ZENworks

Vendors
1	64 (33.33%)	Microsoft
2	17 (8.85%)	Tenable
3	16 (8.33%)	Cisco
4	15 (7.81%)	ServiceNow
5	11 (5.73%)	Splunk
6	8 (4.17%)	Oracle
7	7 (3.65%)	VMware
8	6 (3.13%)	Fortinet
9	5 (2.60%)	Palo Alto
10	4 (2.08%)	CheckPoint
10	4 (2.08%)	LogRhythm
10	4 (2.08%)	Sophos
10	4 (2.08%)	Zscaler
11	3 (1.56%)	CyberArk
11	3 (1.56%)	IBM
11	3 (1.56%)	Meraki
12	2 (1.04%)	ArcSight
12	2 (1.04%)	Google
12	2 (1.04%)	LogLogic
12	2 (1.04%)	Trend Micro

Penetration TestingUK

All Process and Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 17 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category