Credit: Hinterhaus Productions / DigitalVision / Getty Images
Penetration testers, also called pen testers, help organizations detect potential security risks in computer systems and networks. A career in penetration testing offers higher-than-average salaries in an in-demand field.
Information security analysts perform similar duties to pen testers. The Bureau of Labor Statistics (BLS) reports that information security analysts earned a median annual salary of $103,590 as of May 2020.
This guide discusses how to become a pen tester, what to expect from this field, and salary and career outlook data.
What Does a Penetration Tester Do?
In comparison to other computer science professionals, a penetration tester specializes in a narrow area of cybersecurity. They help protect their organizations' digital information from attack by finding system weaknesses before an attack occurs, otherwise known as vulnerability testing.
Penetration testers can save their employers from financial damage and loss of public trust that occurs after major data breaches. These professionals think like malicious hackers to find potential vulnerabilities and prevent future attacks.
Penetration testers often work within cybersecurity or information technology (IT) teams. Important penetration testing skills include experience using hacking tools, coding and scripting, and an advanced understanding of vulnerabilities and operating systems.
Strong communication, interpersonal, and report writing abilities also help penetration testers excel in their careers.
How Much Can You Earn as a Pen Tester?
Pen testers can earn high salaries. Payscale reports an average penetration tester salary of $87,440 as of September 2021. This figure significantly exceeds the national median salary for all occupations of $41,950 reported by the BLS as of May 2020.
Entry-level penetration testers make less than experienced professionals. Compensation also varies by education, with penetration testers with higher degrees typically earning more. Other factors that can influence salary include location, industry, and specialization area.
Penetration Tester Salary by Experience
Penetration tester salaries vary based on level of experience. Penetration testers with 20 or more years of experience make an average of $124,610 annually — about $57,000 more than the average salary for entry-level professionals.
Just gaining 1-4 years of experience can increase a penetration tester's salary significantly, from an average of $67,950 for an entry-level penetration tester to $81,230 for an early career professional.
The table below notes the average base annual salary by years of experience as of August 2021, according to Payscale.
Top Online Programs
Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.
Penetration Tester Salary by Education
Penetration tester salaries typically increase with education level. For example, advancing from a bachelor's in information security to a master's degree can increase average earnings by $19,000 a year.
Consider the pros and cons of additional education by weighing potential higher salaries with the time and money it takes to earn another degree. Less expensive options include certifications or bootcamps.
Academic programs that cover penetration testing typically offer degrees in computer science, cybersecurity, or information security. The following data represents all respondents who hold these degrees, rather than penetration testers alone.
Discover Which Education Path Is Right for You
- Associate in Cybersecurity Programs
- Bachelor’s in Cybersecurity Programs
- Best Master’s in Cybersecurity Degree Programs
- Cybersecurity Bootcamps
- Computer Science Degree Programs
- Degrees in Information Systems Security
Penetration Tester Salary by Location
In addition to education and experience levels, location can also affect your salary. Factors like job demand, cost of living, and population density can all affect a penetration tester's salary. To maximize earning potential, consider jobs in higher-paying areas with lower-than-average cost of living figures.
The following table includes information on the top-paying cities, metropolitan areas, and states for penetration testers and information security analysts. The data for top-paying metro areas and states does not solely represent penetration testers but includes other cybersecurity professionals.
Top-Paying Cities for Penetration Testers
| City | Average Annual Wage | Percent Above the National Average |
|---|---|---|
| Washington, D.C. | $119,790 | 38% |
| Arlington, VA | $106,390 | 23% |
| Dallas, TX | $98,453 | 14% |
| Seattle, WA | $98,260 | 13% |
| Austin, TX | $93,700 | 8% |
Top-Paying Metropolitan Areas for Information Security Analysts
| Metropolitan Area | Number of Penetration Testers Employed | Annual Mean Wage |
|---|---|---|
| San Jose-Sunnyvale-Santa Clara, CA | 1,870 | $147,160 |
| San Francisco-Oakland-Hayward, CA | 2,590 | $136,910 |
| Idaho Falls, ID | 210 | $130,620 |
| New York-Newark-Jersey City, NY-NJ-PA | 8,280 | $130,000 |
| Bridgeport-Stamford-Norwalk, CT | 160 | $128,750 |
Top-Paying States for Information Security Analysts
| State | Employment | Annual Mean Wage |
|---|---|---|
| California | 10,470 | $125,990 |
| New York | 6,450 | $125,920 |
| New Jersey | 4,000 | $123,280 |
| Washington, D.C. | 1,810 | $119,460 |
| Virginia | 16,160 | $116,920 |
Match me with a bootcamp.
Find programs with your skills, schedule, and goals in mind.
Job Outlook and Career Prospects for Pen Testers
Penetration testers face an excellent job outlook with growing demand in many industries. The data below is not specific to penetration testers but represents information security analysts — a similar career that encompasses penetration testing.
The BLS projects employment for information security analysts to grow by 33% from 2020-2030. The agency attributes the projected strong demand for penetration testers to the increasing frequency of cyberattacks.
Many businesses, especially banking and healthcare organizations, will need to improve their cybersecurity to protect sensitive customer financial data and patient health information.
Education and experience requirements vary by employer, but most entry-level penetration tester positions require a bachelor's degree at minimum. Penetration testers with relevant work experience can pursue the highest-paying opportunities. Professional certifications can also help candidates stand out.
Best Locations for Penetration Testers
While penetration testers can find career opportunities throughout the U.S., location can impact your career prospects. Some states, metro areas, and cities offer more relevant positions and higher pay than others. For example, Washington, D.C., and Arlington, Virginia, pay pen testers significantly more than the national average.
Generally, prospective penetration testers can find more cybersecurity jobs in urban areas than rural ones. Below, we discuss the best states for pen testers.
Top States for Pen Testers
Some states offer better opportunities for pen testers than others. Consider salary, population density, cost of living, and job demand in any potential states.
The table below highlights some of the top-employing states for pen testers. We also included states with the greatest projected increase in employment for this field. Virginia and Texas rank in the top two states for both categories. The data below refers to information security analysts, a career that encompasses penetration testing.
Top-Employing States for Information Security Analysts
| Top-Employing States | Number of Penetration Testers Employed | Annual Mean Wage |
|---|---|---|
| Virgina | 16,160 | $116,920 |
| Texas | 13,410 | $113,400 |
| California | 10,470 | $125,990 |
| Florida | 7,600 | $95,190 |
| Maryland | 7,090 | $111,310 |
States With the Greatest Projected Increase in Employment for Information Security Analysts
| State | Percent Projected Change, 2018-28 | Average Annual Openings |
|---|---|---|
| Greatest Projected Percentage Increase | ||
| Utah | 59% | 80 |
| District of Columbia | 53% | 220 |
| Colorado | 50% | 510 |
| Virginia | 45% | 1,930 |
| Nevada | 44% | 70 |
| Most Projected Average Annual Openings | ||
| Virginia | 45% | 1,930 |
| Texas | 38% | 1,040 |
| New York | 34% | 830 |
| Florida | 44% | 750 |
| California | 33% | 630 |
Top Cities for Pen Testers
Some cities and metropolitan regions employ many penetration testers and offer higher-than-average wages. Washington, D.C.-Arlington-Alexandria employs the most information security professionals of any metro area. Other top-employing areas include New York-Newark-Jersey City and Dallas-Fort Worth-Arlington.
When choosing where to apply for pen tester jobs, consider average salary, demand for the profession, cost of living, and population demographics and density. The data below is not specific to penetration testers but represents a career that includes penetration testing.
Top-Employing Metropolitan Areas for Information Security Analysts
| Metropolitan Area | Number of Information Security Analysts Employed | Annual Mean Wage |
|---|---|---|
| Washington-Arlington-Alexandria, D.C.-VA-MD-WV | 15,750 | $117,920 |
| New York-Newark-Jersey City, NY-NJ-PA | 8,280 | $130,000 |
| Dallas-Fort Worth-Arlington, TX | 6,130 | $117,480 |
| Boston-Cambridge-Nashua, MA-NH | 4,520 | $109,220 |
| Baltimore-Columbia-Towson, MD | 4,370 | $112,870 |
Best Industries for Penetration Testers
Major industries that employ penetration testers include computer systems design, management, credit intermediation, and management consulting services. Top-paying industries include electronic shopping and mail-order houses, information services, semiconductor and other electronic component manufacturing, and auto repair and maintenance.
The data below refers to information security analysts, a similar cybersecurity career.
Top-Paying Industries for Information Security Analysts
| Top-Paying Industries | Employment | Annual Mean Wage |
|---|---|---|
| Electronic Shopping and Mail-Order Houses | 330 | $132,150 |
| Other Information Services | 680 | $131,050 |
| Semiconductor and Other Electronic Component Manufacturing | 790 | $128,330 |
| Automotive Repair and Maintenance | 40 | $127,150 |
| Legal Services | 660 | $125,980 |
Employment by Industry for Information Security Analysts
| Industries With Highest Employment | Employment | Annual Mean Wage |
|---|---|---|
| Computer Systems Design and Related Services | 36,280 | $108,910 |
| Management of Companies and Enterprises | 13,330 | $104,960 |
| Credit Intermediation and Related Activities (5221 and 5223 only) | 10,880 | $110,490 |
| Management, Scientific, and Technical Consulting Services | 7,410 | $110,440 |
| Insurance Carriers | 5,450 | $103,230 |
Upward Mobility for Penetration Testers
Penetration testers can advance into positions with greater responsibilities and higher salaries over time. Penetration tester salaries and job opportunities can also increase with higher education and professional certifications.
The certified information systems security professional certification can help pen testers qualify for better pay and higher positions. Many penetration testers shift from entry-level support positions to more advanced roles to plan and oversee penetration testing projects.
Some pen testers move into other cybersecurity and IT positions as security managers, security architects, and security directors. These roles manage or oversee an organizations' broader cybersecurity efforts.
Learn More About Penetration Testers
What Is a Penetration Tester?
Learn about what penetration testers do, including daily tasks, required skills, and who they work with on this page.
How to Become a Penetration Tester
This page explains the requirements for becoming a penetration tester, including typical education and experience.
Day in the Life of a Penetration Tester
Look at a day in the life of one penetration tester to understand typical responsibilities in this field.
Certifications for Penetration Testers
This guide explains different certification options for penetration testers and outlines some benefits of earning these credentials.
Frequently Asked Questions About Penetration Testers
How much does a pen tester make?
Penetration tester salaries vary with education level, experience, location, and industry. Payscale reports that penetration testers made an average annual salary of $87,440 as of August 2021.
How much does an entry-level penetration tester make?
Payscale reports that entry-level penetration testers made an average annual salary of $67,950 as of September 2021. Penetration testers earn higher salaries as they gain professional experience.
Is penetration testing a good career?
Penetration testing can be an excellent career choice for individuals with strong computer, IT, and problem-solving skills. The BLS projects much-faster-than-average growth for information security analysts, including penetration testers, from 2020-2030.
What are the education requirements for penetration testing?
Penetration testing requirements usually include relevant experience and education. Employers typically seek candidates with bachelor's degrees in cybersecurity or computer science.
Recommended Reading
View hand-picked degree programs
Tell us what you’d like to specialize in, and discover which schools offer a degree program that can help you make an impact on the world.