Penetration Testing Job Trends, Salaries & Related Skills

Penetration Testing
UK

The table below provides summary statistics and salary benchmarking for jobs requiring Penetration Testing skills. It covers permanent job vacancies from the 6 months leading up to 19 April 2026, with comparisons to the same periods in the previous two years.

	6 months to 19 Apr 2026	Same period 2025	Same period 2024
Rank	443	401	416
Rank change year-on-year	-42	+15	+67
Permanent jobs citing Penetration Testing	288	255	539
As % of all permanent jobs in the UK	0.33%	0.61%	0.57%
As % of the Processes & Methodologies category	0.44%	0.66%	0.66%
Number of salaries quoted	199	200	423
10^th Percentile	£42,900	£45,000	£38,750
25^th Percentile	£50,000	£58,750	£47,500
Median annual salary (50^th Percentile)	£65,000	£67,500	£62,500
Median % change year-on-year	-3.70%	+8.00%	-8.56%
75^th Percentile	£89,500	£85,313	£82,500
90^th Percentile	£97,500	£98,000	£95,000
UK excluding London median annual salary	£65,000	£67,500	£55,000
% change year-on-year	-3.70%	+22.73%	-4.35%

All Process & Methodology Skills
UK

Penetration Testing falls under the Processes and Methodologies category. For comparison with the information above, the following table provides summary statistics for all permanent job vacancies requiring process or methodology skills.

Permanent vacancies with a requirement for process or methodology skills	65,473	38,805	81,335
As % of all permanent jobs advertised in the UK	75.33%	92.93%	85.93%
Number of salaries quoted	40,444	22,598	59,573
10^th Percentile	£30,000	£31,250	£29,000
25^th Percentile	£40,000	£42,500	£40,000
Median annual salary (50^th Percentile)	£57,500	£60,000	£55,000
Median % change year-on-year	-4.17%	+9.09%	-10.57%
75^th Percentile	£77,500	£80,000	£72,500
90^th Percentile	£97,500	£102,500	£92,500
UK excluding London median annual salary	£50,000	£52,600	£50,000
% change year-on-year	-4.94%	+5.20%	-8.90%

Penetration Testing
Job Vacancy Trend

Historical trend showing the proportion of permanent IT job postings citing Penetration Testing relative to all permanent IT jobs advertised.

Penetration Testing
Salary Trend

Salary distribution trend for jobs in the UK citing Penetration Testing.

Penetration Testing
Salary Histogram

Salary distribution for jobs citing Penetration Testing over the 6 months to 19 April 2026.

Salary histogram for Penetration Testing in the UK

Penetration Testing
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing Penetration Testing within the UK over the 6 months to 19 April 2026. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location	Rank Change on Same Period Last Year	Matching Permanent IT Job Ads	Median Salary Past 6 Months	Median Salary % Change on Same Period Last Year	Live Jobs
England	-53	250	£65,000	-3.70%	84
UK excluding London	-37	148	£65,000	-3.70%	61
London	-18	106	£78,750	+8.62%	40
Work from Home	+1	97	£60,000	-17.24%	43
South West	-10	52	£55,000	-18.52%	20
South East	-69	29	£72,500	+16.00%	20
North of England	-61	26	£58,000	-2.11%	6
Midlands	-43	25	£52,500	-22.22%	5
West Midlands	-34	16	£65,000	-3.70%	5
Yorkshire	-39	14	£55,000	+7.32%	2
Scotland	-23	13	£90,000	+21.21%	5
East Midlands	-50	9	£51,058	+27.65%
North West	-35	7	£56,000	-8.20%	3
North East	-29	5	£75,000	+12.36%	1
East of England	-31	4	£32,500	-	2

Penetration Testing
Top 30 Co-Occurring Skills & Capabilities

For the 6 months to 19 April 2026, job vacancies citing Penetration Testing also mentioned the following skills and capabilities in order of popularity. The figures indicate the absolute number of co-occurrences and as a proportion of all permanent job ads with a requirement for Penetration Testing.

1	175 (60.76%)	Cybersecurity
2	101 (35.07%)	CREST Certified
3	90 (31.25%)	ISO/IEC 27001
4	84 (29.17%)	Incident Response
4	84 (29.17%)	Red Team
5	73 (25.35%)	CISSP
5	73 (25.35%)	OSCP
6	66 (22.92%)	Azure
7	65 (22.57%)	Application Security
8	63 (21.88%)	AWS
8	63 (21.88%)	Information Security
9	60 (20.83%)	Microsoft
10	57 (19.79%)	Security Testing
11	56 (19.44%)	Mentoring
12	55 (19.10%)	Offensive Security

12	55 (19.10%)	Security Cleared
13	54 (18.75%)	Python
14	53 (18.40%)	SIEM
15	50 (17.36%)	Firewall
15	50 (17.36%)	NIST
16	48 (16.67%)	Problem-Solving
16	48 (16.67%)	Vulnerability Management
17	47 (16.32%)	Degree
17	47 (16.32%)	PowerShell
18	45 (15.63%)	Agile
18	45 (15.63%)	SC Cleared
19	44 (15.28%)	GDPR
20	41 (14.24%)	Bash
21	39 (13.54%)	Cloud Security
21	39 (13.54%)	Threat Modelling

Penetration Testing
Co-Occurring Skills & Capabilities by Category

The following tables expand on the one above by listing co-occurrences grouped by category. They cover the same employment type, locality and period, with up to 20 co-occurrences shown in each category:

Application Platforms
1	5 (1.74%)	SharePoint
2	3 (1.04%)	Confluence
2	3 (1.04%)	IIS
2	3 (1.04%)	Microsoft Exchange
3	1 (0.35%)	Apache
3	1 (0.35%)	Drupal
3	1 (0.35%)	nginx
3	1 (0.35%)	WordPress

Applications
1	2 (0.69%)	Weka

Business Applications
1	1 (0.35%)	Exchequer
1	1 (0.35%)	Magento

Cloud Services
1	66 (22.92%)	Azure
2	63 (21.88%)	AWS
3	22 (7.64%)	GCP
4	19 (6.60%)	GitHub
5	18 (6.25%)	Microsoft 365
6	15 (5.21%)	GitHub Actions
7	12 (4.17%)	Azure Sentinel
8	11 (3.82%)	Entra ID
9	9 (3.13%)	Microsoft Purview
10	7 (2.43%)	SaaS
11	4 (1.39%)	Amazon EKS
11	4 (1.39%)	AWS CloudFormation
11	4 (1.39%)	Azure DevOps
11	4 (1.39%)	Azure Key Vault
11	4 (1.39%)	Mimecast
12	3 (1.04%)	IaaS
12	3 (1.04%)	PaaS
13	2 (0.69%)	Cloudflare
13	2 (0.69%)	Dynamics 365
13	2 (0.69%)	OneDrive

Communications & Networking
1	50 (17.36%)	Firewall
2	28 (9.72%)	Network Security
3	21 (7.29%)	TCP/IP
4	20 (6.94%)	Wireless
5	18 (6.25%)	VPN
6	13 (4.51%)	DNS
7	9 (3.13%)	Intrusion Detection
8	8 (2.78%)	VLAN
9	7 (2.43%)	Cisco ISE
10	6 (2.08%)	Internet
11	4 (1.39%)	Cisco Nexus
11	4 (1.39%)	HTTPS
11	4 (1.39%)	VoIP
12	3 (1.04%)	DHCP
12	3 (1.04%)	DMZ
12	3 (1.04%)	HTTP
12	3 (1.04%)	LAN
12	3 (1.04%)	Modbus
12	3 (1.04%)	SSL
12	3 (1.04%)	WAN

Database & Business Intelligence
1	4 (1.39%)	SQL Server
2	3 (1.04%)	Amazon RDS
3	2 (0.69%)	Power BI
4	1 (0.35%)	InterSystems Cache
4	1 (0.35%)	MongoDB
4	1 (0.35%)	Redis

Development Applications
1	28 (9.72%)	Burp Suite
1	28 (9.72%)	Metasploit
2	14 (4.86%)	Jenkins
3	7 (2.43%)	JIRA
4	6 (2.08%)	Bitbucket
5	2 (0.69%)	Git
5	2 (0.69%)	NUnit
6	1 (0.35%)	Gatling
6	1 (0.35%)	IDA Disassembler
6	1 (0.35%)	JMeter
6	1 (0.35%)	Vagrant

General
1	86 (29.86%)	Finance
2	85 (29.51%)	Social Skills
3	33 (11.46%)	Public Sector
4	26 (9.03%)	Inclusion and Diversity
5	24 (8.33%)	Banking
6	22 (7.64%)	Law
7	20 (6.94%)	Retail
8	17 (5.90%)	Analytical Skills
9	9 (3.13%)	Legal
9	9 (3.13%)	Pharmaceutical
10	7 (2.43%)	Marketing
11	5 (1.74%)	Influencing Skills
11	5 (1.74%)	Telecoms
12	4 (1.39%)	Financial Institution
13	3 (1.04%)	Aerospace
13	3 (1.04%)	Back Office
13	3 (1.04%)	Manufacturing
13	3 (1.04%)	Military
14	2 (0.69%)	Documentation Skills
14	2 (0.69%)	Public Speaking

Job Titles
1	50 (17.36%)	Consultant
2	45 (15.63%)	Security Consultant
3	41 (14.24%)	Penetration Tester
3	41 (14.24%)	Tester
4	38 (13.19%)	Analyst
4	38 (13.19%)	Senior
5	31 (10.76%)	Security Analyst
6	28 (9.72%)	Security Engineer
7	26 (9.03%)	Cybersecurity Consultant
8	25 (8.68%)	Lead
8	25 (8.68%)	Security Manager
9	17 (5.90%)	Security Specialist
10	16 (5.56%)	Applications Engineer
11	15 (5.21%)	Senior Analyst
11	15 (5.21%)	Senior Security Analyst
12	14 (4.86%)	Team Leader
13	12 (4.17%)	Test Team Leader
14	11 (3.82%)	Information Analyst
14	11 (3.82%)	Information Security Analyst
15	10 (3.47%)	Head of Security

Libraries, Frameworks & Software Standards
1	4 (1.39%)	.NET
2	3 (1.04%)	.NET Framework
3	2 (0.69%)	AngularJS
3	2 (0.69%)	ASP.NET
3	2 (0.69%)	ASP.NET Core
3	2 (0.69%)	Entity Framework
3	2 (0.69%)	OAuth
3	2 (0.69%)	OAuth2
3	2 (0.69%)	OpenAPI
3	2 (0.69%)	OpenID
3	2 (0.69%)	RESTful
3	2 (0.69%)	RxJS
3	2 (0.69%)	Swagger
3	2 (0.69%)	Vitest
4	1 (0.35%)	ARM Templates
4	1 (0.35%)	LDAP
4	1 (0.35%)	Memcached

Miscellaneous
1	67 (23.26%)	Security Posture
2	33 (11.46%)	Mobile App
3	25 (8.68%)	Cyber Defence
4	23 (7.99%)	Cyber Threat
5	20 (6.94%)	Management Information System
6	9 (3.13%)	Self-Motivation
7	8 (2.78%)	Blog
7	8 (2.78%)	Operational Technology
8	7 (2.43%)	Data Centre
9	6 (2.08%)	Cloud Native
9	6 (2.08%)	Insider Threat
9	6 (2.08%)	PKI
10	5 (1.74%)	Cyber Security Posture
10	5 (1.74%)	Enterprise Software
10	5 (1.74%)	Public Cloud
10	5 (1.74%)	Security Operations Centre
11	4 (1.39%)	Data Protection Act
12	3 (1.04%)	Cyberattack
12	3 (1.04%)	Renewable Energy
12	3 (1.04%)	SCADA

Operating Systems
1	33 (11.46%)	Linux
1	33 (11.46%)	Windows
2	13 (4.51%)	Android
2	13 (4.51%)	Apple iOS
3	4 (1.39%)	Unix
3	4 (1.39%)	Windows Server
4	2 (0.69%)	Windows Server 2016
5	1 (0.35%)	Kali Linux
5	1 (0.35%)	Mac OS
5	1 (0.35%)	Red Hat Enterprise Linux

Processes & Methodologies
1	175 (60.76%)	Cybersecurity
2	84 (29.17%)	Incident Response
2	84 (29.17%)	Red Team
3	65 (22.57%)	Application Security
4	63 (21.88%)	Information Security
5	57 (19.79%)	Security Testing
6	56 (19.44%)	Mentoring
7	55 (19.10%)	Offensive Security
8	53 (18.40%)	SIEM
9	48 (16.67%)	Problem-Solving
9	48 (16.67%)	Vulnerability Management
10	45 (15.63%)	Agile
11	39 (13.54%)	Cloud Security
11	39 (13.54%)	Threat Modelling
12	35 (12.15%)	Security Operations
13	31 (10.76%)	Business Strategy
14	30 (10.42%)	Vulnerability Assessment
15	29 (10.07%)	Business Transformation
15	29 (10.07%)	Coaching
15	29 (10.07%)	Internal Audit

Programming Languages
1	54 (18.75%)	Python
2	47 (16.32%)	PowerShell
3	41 (14.24%)	Bash
4	15 (5.21%)	Java
5	14 (4.86%)	Go
6	8 (2.78%)	C#
6	8 (2.78%)	Perl
7	7 (2.43%)	C
7	7 (2.43%)	C++
8	6 (2.08%)	Ruby
8	6 (2.08%)	SQL
9	4 (1.39%)	Bicep
10	3 (1.04%)	Objective-C
10	3 (1.04%)	Rust
11	2 (0.69%)	Kusto Query Language
11	2 (0.69%)	TypeScript
12	1 (0.35%)	PHP

Qualifications
1	101 (35.07%)	CREST Certified
2	73 (25.35%)	CISSP
2	73 (25.35%)	OSCP
3	55 (19.10%)	Security Cleared
4	47 (16.32%)	Degree
5	45 (15.63%)	SC Cleared
6	36 (12.50%)	CHECK Team Member
7	32 (11.11%)	CISM
8	30 (10.42%)	CEH
9	29 (10.07%)	Cisco Certification
10	27 (9.38%)	CHECK Team Leader
11	21 (7.29%)	CCSAM
12	20 (6.94%)	CCNA
13	18 (6.25%)	CompTIA Security+
13	18 (6.25%)	SANS
14	16 (5.56%)	GIAC
15	15 (5.21%)	DV Cleared
16	13 (4.51%)	CCNP
16	13 (4.51%)	GPEN
17	11 (3.82%)	Cyber Scheme

Quality Assurance & Compliance
1	90 (31.25%)	ISO/IEC 27001
2	50 (17.36%)	NIST
3	44 (15.28%)	GDPR
4	32 (11.11%)	Cyber Essentials
5	19 (6.60%)	PCI DSS
6	18 (6.25%)	Actionable Recommendations
7	16 (5.56%)	Accessibility
8	13 (4.51%)	NCSC
9	11 (3.82%)	Cyber Essentials PLUS
9	11 (3.82%)	GRC
10	7 (2.43%)	SOC 2
11	4 (1.39%)	ITGC
12	3 (1.04%)	COBIT
12	3 (1.04%)	Data Quality
12	3 (1.04%)	GxP
12	3 (1.04%)	NIST 800
12	3 (1.04%)	QA
12	3 (1.04%)	RMADS
12	3 (1.04%)	Sarbanes-Oxley
13	2 (0.69%)	ISO/IEC 27005

System Software
1	25 (8.68%)	Active Directory
2	7 (2.43%)	VMware Infrastructure
3	3 (1.04%)	Docker
3	3 (1.04%)	VMware ESXi
4	2 (0.69%)	EMC RecoverPoint
4	2 (0.69%)	Hyper-V
4	2 (0.69%)	Virtual Machines
4	2 (0.69%)	vSphere
5	1 (0.35%)	Virtual Desktop

Systems Management
1	21 (7.29%)	Nessus
2	18 (6.25%)	Nmap
3	15 (5.21%)	Kubernetes
4	8 (2.78%)	Microsoft Intune
4	8 (2.78%)	Terraform
5	5 (1.74%)	Ansible
5	5 (1.74%)	CSIRT
5	5 (1.74%)	Single Sign-On
6	3 (1.04%)	ArcSight ESM
6	3 (1.04%)	FortiGate
6	3 (1.04%)	QRadar
7	2 (0.69%)	Jamf Pro
7	2 (0.69%)	VxRail
8	1 (0.35%)	CASB
8	1 (0.35%)	Consul
8	1 (0.35%)	Packer
8	1 (0.35%)	Progress Chef
8	1 (0.35%)	Puppet
8	1 (0.35%)	Red Hat Satellite

Vendors
1	60 (20.83%)	Microsoft
2	14 (4.86%)	Splunk
3	13 (4.51%)	Cisco
4	11 (3.82%)	Sophos
5	10 (3.47%)	VMware
6	9 (3.13%)	Zscaler
7	7 (2.43%)	CheckPoint
7	7 (2.43%)	Fortinet
8	5 (1.74%)	CrowdStrike
8	5 (1.74%)	Qualys
8	5 (1.74%)	TOWER Software
9	4 (1.39%)	Okta
10	3 (1.04%)	ArcSight
10	3 (1.04%)	CyberArk
10	3 (1.04%)	Dell
10	3 (1.04%)	LogLogic
10	3 (1.04%)	McAfee
10	3 (1.04%)	Palo Alto
10	3 (1.04%)	Veeam
11	2 (0.69%)	DevExpress

Penetration TestingUK

All Process & Methodology SkillsUK

Penetration TestingJob Vacancy Trend

Penetration TestingSalary Trend

Penetration TestingSalary Histogram

Penetration TestingTop 15 Job Locations

Penetration TestingTop 30 Co-Occurring Skills & Capabilities

Penetration TestingCo-Occurring Skills & Capabilities by Category