Learn what penetration testers typically earn, including factors that affect their yearly earnings.
If you're looking to help organizations combat hackers and cybercrime, a career as a penetration tester may be a good fit. Penetration testers explore potential vulnerabilities to aid companies, institutions, and organizations in safeguarding systems, data, and devices.
According to Statista, network intrusion constituted 45 percent of cybercrime incidents in US companies, making it the most prevalent attack type in 2022 [1]. Business email compromise ranked second at 30 percent, while 12 percent of companies reported inadvertent data disclosure instances [1]. Account takeovers, stolen records, system misconfigurations, and unauthorized access are among other cybercrimes that stood out in 2022 [1].
Taking proactive measures to find and address security vulnerabilities is essential to reducing the likelihood of a cyberattack. As a penetration tester, you’ll contribute to helping companies strengthen their security measures. Read on to learn more about this role, their salary, and job prospects.
Read more: How to Become a Penetration Tester: Career Guide
A penetration tester, also known as a white hat or an ethical hacker, actively uncovers security flaws in an organization’s critical assets, including applications and data storage systems. Typical work duties in this role include:
Performing penetration tests on IT equipment and software
Developing IT security initiatives and protocols
Setting up incident response teams to tackle security breaches
Assessing classified and sensitive data handling procedures
Evaluating the physical security of servers and network devices
Penetration testers employ tools and techniques akin to those used by bad actors to expose vulnerabilities in an organization’s data and systems. That’s not all. Post-testing, penetration testers also report their findings to the company's security team, facilitating the implementation of security enhancements to address any vulnerabilities uncovered during the test.
According to multiple job listing sites, the average annual pay for a penetration tester ranges from $92,159 to $111,612. The following table lists the salary ranges provided by Payscale, Salary.com, and Glassdoor as of February 2024.
If you wish to begin a career in penetration testing, note that various factors can influence your salary as a pen tester. Below, we explore how details like your education, experience, skills, certifications, industry, location, and company contribute to your potential yearly income.
Depending on your education level, it may influence your earning potential. According to Zippia, software testers—a job similar to pen testers—with a master’s degree earn $88,344 annually. With a bachelor’s degree, you make an average of $81,661 per year, while a doctorate offers $88,707 [5].
Employers require at least a bachelor's degree to become a penetration tester. For software testers, 68 percent have a bachelor's, 14 percent with a master's, and 12 percent have an associate [5]. Common majors include computer science, business, electrical engineering, and related subjects.
As you gain more professional experience, your earning power tends to also increase. The approximate average base salary you can anticipate, based on your years of experience, according to Glassdoor, is as follows: [6]:
0–1 year: $62,000–$111,000
1–3 years: $67,000–$119,000
4–6 years: $74,000–$131,000
7–9 years: $78,000– $137,000
10–14 years: $86,000–$147,000
15 or more years: $96,000–$163,000
Read more: Your Guide to Cybersecurity Careers
A pertinent range of skills can enhance your appeal to potential employers and significantly affect your efficiency in assessing security systems as a penetration tester, leading to higher pay. According to Payscale, penetration testers possess the following essential skills, which can affect earning potential as follows [2]:
Vulnerability assessment: $90,893
Penetration testing: $93,315
Cybersecurity: $93,181
Security testing and auditing: $96,014
Network security management: $79,047
Read more: 15 Essential Skills for Cybersecurity Analysts
Earning relevant certifications can increase your income potential, as organizations often value certified penetration testers who can significantly strengthen their cybersecurity initiatives. Below are some industry-recognized certifications worth exploring:
Certified Ethical Hacker (CEH): $84,933 [7]
GIAC Penetration Tester (GPEN): $110,000 [8]
Licensed Penetration Tester (LPT): $106,000 [9]
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN): $113,000 [10]
Read more: 4 Ethical Hacking Certifications to Boost Your Career
The industry you choose to work in can also influence your annual income. Below is a list of industries that tend to offer high salaries for penetration testers, based on Glassdoor as of February 2024 [6]:
Information technology: $115,148
Financial services: $121,866
Management and consulting: $111,612
Health care: $105,262
Your income can vary considerably based on your geographic location, with certain cities offering salaries above average. If you're open to relocating, exploring location-specific salary data can help you make an informed decision. However, keep in mind, if you live in a location with a high cost of living, you’ll require a higher salary than you would in a location with a lower cost of living to afford the same lifestyle.
The following are top-paying cities for penetration testers in the US [11]:
Arlington, VA: $136,307
Seattle, WA: $127,557
San Francisco, CA: 126,939
Austin, TX: $126,771
Dallas, TX: $125,980
Los Angeles, CA: $124,063
Denver, CO: $122,487
Pay varies between firms based on several factors, including company size, financial health, and your level of experience and expertise. Company policies can further impact pay variations. In essence, the differences in pay between companies are influenced by a combination of factors, and it's vital to consider these elements when evaluating job offers and negotiating your compensation.
The following list highlights top-paying companies for penetration testers in the US as of February 2024, according to Glassdoor [6]:
IBM: $153,861
Schellman: $110,810
RSM: 107,551
A-Lign: $104,883
Booz Allen Hamilton: $102,922
According to the US Bureau of Labor Statistics (BLS), employment opportunities for the closely related role of information security analyst will increase by 32 percent in the decade spanning from 2022 to 2032 [12]. This growth is significantly faster than the average for all jobs and equates to an average of 16,800 job openings each year throughout the decade [12].
If you’re interested in starting a career in cybersecurity, consider the Google Cybersecurity Professional Certificate on Coursera. This program is designed to help individuals with no previous experience find their first job in the field of cybersecurity, all at their own pace. The courses cover topics such as security models, tools that are used to access and address threats, networks, and more.
Statista. “Most common types of cyber attacks experienced by companies in the United States in 2022, https://www.statista.com/statistics/293256/cyber-crime-attacks-experienced-by-us-companies/.” Accessed February 29, 2024.
Payscale. “Average Penetration Tester Salary, https://www.payscale.com/research/US/Job=Penetration_Tester/Salary.” Accessed February 29, 2024.
Salary.com. “Pen Tester Salary, https://www.salary.com/research/salary/recruiting/pen-tester-salary.” Accessed February 29, 2024.
Glassdoor. “Penetration Tester Overview, https://www.glassdoor.com/Career/penetration-tester-career_KO0,18.htm.” Accessed February 29, 2024.
Zippia. “BEST COLLEGES FOR SOFTWARE TESTERS, https://www.zippia.com/software-tester-jobs/education/?src=chatbot_popout_displayed.” Accessed February 29, 2024.Glassdoor. “Penetration Tester Salaries, https://www.glassdoor.com/Salaries/penetration-tester-salary-SRCH_KO0,18.htm.” Accessed February 29, 2024.
Payscale. “Average Certified Ethical Hacker (CEH) Salary, https://www.payscale.com/research/US/Job=Certified_Ethical_Hacker_(CEH)/Salary.” Accessed November 27, 2023.
Payscale. “Salary for Certification: SANS/GIAC Penetration Tester (GPEN), https://www.payscale.com/research/US/Certification=SANS%2FGIAC_Penetration_Tester_(GPEN)/Salary.” Accessed February 28, 2024.
Payscale. “Salary for Certification: Licensed Penetration Tester (LPT), https://www.payscale.com/research/US/Certification=Licensed_Penetration_Tester_(LPT)/Salary.” Accessed February 28, 2024.
Payscale. “Salary for Certification: SANS/GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), https://www.payscale.com/research/US/Certification=SANS%2FGIAC_Exploit_Researcher_and_Advanced_Penetration_Tester_(GXPN)/Salary.” Accessed February 28, 2024.
Indeed. “Penetration tester salary in United States, https://www.indeed.com/career/penetration-tester/salaries.” Accessed February 28, 2024.
US Bureau of Labor Statistics. “Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm.” Accessed February 28, 2024.
Editorial Team
Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.