How much do penetration testers make? Is there a demand for penetration testers? What are my career salary expectations? You will want to know the answer to these questions before diving head-first into the cyber world and learning how to become a master penetration tester.
This article will answer all these questions by examining how much a pentester makes. It details factors influencing your salary, the average salary ranges based on your experience level, and the potential benefits and perks you may be offered as a pentester.
Let’s start unmasking the salary secrets of being a professional penetration tester and discover where this role sits in the cyber world.
Demand for Penetration Testers
A major factor that determines how much money you can make is the demand for your expertise. Penetration testers are no exception. The need for skilled penetration testers in the current market will heavily influence your salary.
Are penetration testers needed? Yes. As of February 2022, there were nearly 600,000 job openings in cyber security, and only 68 percent of total jobs were being filled. Many managers find these positions difficult to fill due to a lack of skilled security professionals. This issue is only expected to increase to a staggering 3.5 million unfilled jobs by 2025!
The growth in threats and cyber attacks over the last several years fuels the high demand for penetration testers. In 2020 the global cost of cybercrime was $2 trillion, and by 2025 it is predicted to rise to $10.5 trillion. This makes the need to discover how hackers exploit security vulnerabilities and extort companies higher than ever.
This need for skilled penetration testers is global and across industries. The COVID-19 pandemic has spurred many companies to shift their operations online, which has led to even more potential victims who could be affected by cybercrime in terms of customers and remote employees. There is an increasing need for pentesters to help protect these companies by testing their security measures and ensuring they are not vulnerable to cyber attacks.
Average Penetration Tester Salary Ranges
Based on this demand for skilled penetration testers, let’s look at the average salaries for pentesting roles.
A penetration tester's global average base salary range is around $75,083. However, you should consider what you can make based on the country you work in.
To understand how well the role of a pentester is compensated, you can compare these salaries to the average base salary range of other cyber security roles.
|Cyber Security Role||Average Salary|
|Cyber Security Analyst (SOC)||$55,000 to $116,000|
|System Administrator||$46,000 to $90,000|
|Information Technology Manager||$56,000 to $134,000|
|Security Engineer||$65,000 to $140,000|
Market demand is not the only thing influencing your salary as a penetration tester. Let’s look at what those other factors are.
What Factors Influence Pentester Salary?
Various other factors will influence your penetration testing salary. They include:
Let’s look at these factors and how you can take control of them as you progress through your career and look to maximize your salary.
Experience and Skill
The main factor that will influence your potential penetration tester salary is your years of experience and skill level. A penetration tester just starting can never expect to have higher pay than someone with years of experience honing their skills. The more years of experience, and the wider range of skills you develop over time, the more money you can expect to make.
Employers will look for employees who can match their job requirements. If you have more years of experience, you are more likely to have worked with different technologies, developed a wider skill set, and have a better understanding of penetration testing. As such, you are more likely to match their job requirements and land the role.
Education and Certifications
Employers will first filter candidates by their education level and industry-specific certifications. Employers will check your CV to see if you have a University or Master’s degree, look for any pentesting certifications, and often immediately dismiss you as a potential candidate if you fail to meet these base requirements.
As you progress in your career and obtain advanced penetration testing certifications, you can demand a higher salary. Advanced certifications and training show you possess a specialized set of pentesting skills specific to a certain domain (e.g., network, application, red team, etc.). With these skills, you can qualify for more challenging technical roles or move into a management position.
The article Top Entry-Level Cyber Security Certifications for You in 2023 provides a detailed guide on which pentesting certifications you should start with to land a role as a penetration tester. However, if you’re looking for more advanced certifications to progress your career, read The Very Best Ethical Hacking Certifications for You in 2023.
How much you get paid as a penetration tester will vary dramatically based on location. This will be true depending on what country you are working in (e.g., USA vs India), as well as what state. For example, the living wage in San Francisco differs substantially from Arkansas, and your employer will factor this into the package they offer you.
You can typically expect a higher salary in developed countries like the US, UK, and Europe. Higher-paid pentester roles will also be more prevalent in larger and more affluent cities, such as San Francisco, New York, and London. However, remote work has bridged this divide in recent years because you no longer need to live in a major city with a higher cost of living to qualify for a high-paid pentester role.
As you progress in your pentester career, you can specialize. You may focus on performing network-based penetration tests or only test web applications. The specialization you choose to explore will also influence the salary you can expect based on the demand and skill required to perform that specialty.
For example, a WebApp pentester can expect to command a higher salary than a network pentester because there is more demand to test web applications. Similarly, a red team operator can expect to be paid more than a WebApp pentester because the role requires more years of experience and a more advanced skill set. You can discover why this is true in Red Teaming vs Penetration Testing: What Is Best for Me?
Salary By Experience Level
The salary you can expect to demand as a penetration tester will be strongly influenced by your years of experience in the field. Let’s look at the salary range you can expect in the US at each stage of your pentesting career, from your first entry-level job to when you reach a senior-level position.
An entry-level pentester usually has 1-3 years of experience and an entry-level certification like the Pentest+ or CEH. They will often have few responsibilities and will shadow a more experienced pentester who will assign them basic tasks that allow them to develop their skill set. An entry-level pentester can expect a starting salary of $76,042.
A mid-level pentester will have 3-7 years of experience that is bolstered by several penetration testing certifications like the OSCP, CRTO, and GPEN. They will often take the technical lead on testing activities and be responsible for overseeing a team of penetration testers. A mid-level pentester can expect an average salary range of $108,860.
A senior-level pentester will have 8+ years of experience and either be in a management position or a technical expert in a penetration testing specialization, such as application, mobile, or red teaming. They will lead entire penetration testing engagements, manage all facets of the team (e.g., training and development, research, etc.), and interact with the organization's C-suite. A senior-level pentester can expect an average salary of $133,759 and can even make $200,000+.
Benefits and Perks
Salary is not everything. To remain competitive in the employment market, prospective employers will offer you benefits and perks alongside your base penetration tester's salary to make their offerings more attractive. These benefits and perks can take several forms, so let’s look at each and discuss what you can expect when looking for a job as a penetration tester.
Bonuses and Incentives
This form of additional compensation motivates and rewards you for your performance, achievements, and contributions to the organization. Your prospective employer will add these to their job offer to say, “If you do your job well, here are all the other things we will give you.” Bonuses often come as extra cash that boosts your total pay, while incentives can include awards, perks, stock options, or extra recognition.
Common bonuses and incentives for pentesters:
- Performance bonuses - A bonus when an individual or team meets a predefined performance goal (e.g., performing X number of pentests a quarter).
- Annual bonuses - A bonus given at the end of the financial year. This can be based on company or individual performance as a flat amount or percentage of your salary.
- Signing bonuses - A one-time payment for accepting a company’s job offer.
- Recognition program - Public acknowledgment of your achievements through awards, certificates, or praise from leadership.
- Benefits program - Exclusive benefits you get for working at a company. This can include discounts at stores, paid time off (PTO), onsite facilities, gym memberships, healthcare, dental cover, pension schemes, and many more.
- Stock options and profit sharing - Companies often let you buy company shares at a discounted rate or as an annual bonus.
Training and Professional Development
When looking for an entry-level role as a penetration tester, you should consider the company’s training and development program. These programs allow you to enhance your technical pentesting skills and develop the long-term professional skills needed to progress in your career.
Companies often boast about their high-quality training and professional development programs to entice you to accept their job offer. Access to these programs can be a great benefit if you want to focus on leveling up your skills.
You don’t have to rely on a company's training and professional development program to level up your skills. Look at The Very Best Books on Ethical Hacking for You in 2023 to raise your pentesting game today!
Remote Work and Flexible Hours
After the COVID-19 pandemic, there has been a big shift in professionals having the option of working from home. This has led many employers to invest in their work-from-home programs and offer remote work or flexible hours as an incentive to accept a position.
There are advantages and challenges to working from home. However, if you favor remote work's freedom and flexibility, this can be a key factor when choosing between roles. You can find out the best way to set up your work-from-home workstation in Working From Home? Here’s Your Cyber Security Checklist…
Job Growth and Future Prospects
Many companies will try to make their job offer more appealing by boasting about the potential job growth and future prospects available at their company. This can provide you with career stability over the long run, the potential to command higher earnings as you move up the corporate ladder, and the ability to explore other job roles.
It is important to remember that this is a potential possibility. The company’s objectives and structure change over time, and the opportunities available when you sign may not be available when you are ready to progress. Additionally, you will often make more money switching jobs every couple of years than staying at the same company.
A lot of factors can have an influence on your salary as a pentester. Experience and skill, education and certifications, location, and specialization all have a say in what you can expect to get paid. Using these factors to your advantage can help you get the maximum return during your career.
This article highlighted how these factors affect the average salaries in the US, UK, India, and Europe, as well as details on what penetration tester salary you can expect at various points in your career. That said, salary is not the only thing a company might offer you. Many companies will try to entice you to accept their job offer by including various benefits and perks.
Using the information in this article, you should know how much pentesters make and what to expect, given your circumstances. To learn how to land a role as a penetration tester, take a look at these courses:
Frequently Asked Questions
On average, penetration testers' salaries in the US are $116,452; in the UK £61,828; in India ₹1,842,432; and in Europe €74,523. This is well above the average base salary in these countries (US is $76,370, UK is £38,380, India is ₹197,851, and Europe is €45,793). So it is fair to say pentesters are well compensated for their role.
Pentesting can be a stressful job. You must learn a wide range of complex topics, meet tight deadlines, and often have a high level of responsibility as you need to identify any vulnerability an attacker can exploit.
That said, penetration testing can be an incredibly rewarding career if you are up for an intellectual challenge, take pleasure in performing impactful work, and enjoy continuously learning the latest cyber trends. You can read more about the challenges of a career in cyber security in Is Cyber Security Hard To Learn?
There is no better time to start your career as a pentester. A Varonis article looking at cyber security trends and statistics showed a growing demand for penetration testers as more companies invest in cyber.
This indicates the future is looking good for pentesters. However, you should always look to sharpen your skills and stay up-to-date with the current trends so you don’t become stagnant. You can learn this in How to Become a Penetration Tester: The Ultimate 2023 Guide.
Comptia’s Pentest+ and EC-Council’s Certificate Ethical Hacker (CEH) are entry-level hacking certifications popular among those looking to start their penetration testing careers. Both certifications have strengths and weaknesses, which you can learn about in Pentest+ vs CEH 2023: Which Certification Is Best for You?
You can also discover how the CEH stacks up against the Offensive Security Certified Professional (OSCP) certification in CEH vs OSCP 2023: Which One Should You Pursue?
AI will play a key role in augmenting some of the work pentesters do, such as automating certain tasks and improving the efficiency of detecting vulnerabilities. However, it is unlikely to replace penetration testers in the foreseeable future as it cannot replicate a human tester's technical expertise, critical thinking, creativity, and adaptability.
To keep up to date with AI, you should focus on integrating it with your current pentesting workflow and using it to your advantage. You can start doing this with the popular AI tool ChatGPT by reading Unlock ChatGPT for Hacking: Jailbreaking Ethical Restrictions.
from StationX https://bit.ly/3R556fw