Penetration Tester Salary: Your 2024 Guide

If you're looking to help organizations combat hackers and cybercrime, a career as a penetration tester may be a good fit. Penetration testers explore potential vulnerabilities to aid companies, institutions, and organizations in safeguarding systems, data, and devices.

According to Statista, network intrusion constituted 45 percent of cybercrime incidents in US companies, making it the most prevalent attack type in 2022 [1]. Business email compromise ranked second at 30 percent, while 12 percent of companies reported inadvertent data disclosure instances [1]. Account takeovers, stolen records, system misconfigurations, and unauthorized access are among other cybercrimes that stood out in 2022 [1].  

Taking proactive measures to find and address security vulnerabilities is essential to reducing the likelihood of a cyberattack. As a penetration tester, you’ll contribute to helping companies strengthen their security measures. Read on to learn more about this role, their salary, and job prospects.

Read more: How to Become a Penetration Tester: Career Guide

What is a penetration tester?

A penetration tester, also known as a white hat or an ethical hacker, actively uncovers security flaws in an organization’s critical assets, including applications and data storage systems. Typical work duties in this role include:

• Performing penetration tests on IT equipment and software

• Developing IT security initiatives and protocols

• Setting up incident response teams to tackle security breaches

• Assessing classified and sensitive data handling procedures

• Evaluating the physical security of servers and network devices

Penetration testers employ tools and techniques akin to those used by bad actors to expose vulnerabilities in an organization’s data and systems. That’s not all. Post-testing, penetration testers also report their findings to the company's security team, facilitating the implementation of security enhancements to address any vulnerabilities uncovered during the test.

How much does a penetration tester make? 

According to multiple job listing sites, the average annual pay for a penetration tester ranges from $92,159 to $111,612. The following table lists the salary ranges provided by Payscale, Salary.com, and Glassdoor as of February 2024. 

Factors impacting penetration testers' salary

If you wish to begin a career in penetration testing, note that various factors can influence your salary as a pen tester. Below, we explore how details like your education, experience, skills, certifications, industry, location, and company contribute to your potential yearly income.

Education

Depending on your education level, it may influence your earning potential. According to Zippia, software testers—a job similar to pen testers—with a master’s degree earn $88,344 annually. With a bachelor’s degree, you make an average of $81,661 per year, while a doctorate offers $88,707 [5]. 

Employers require at least a bachelor's degree to become a penetration tester. For software testers, 68 percent have a bachelor's, 14 percent with a master's, and 12 percent have an associate [5]. Common majors include computer science, business, electrical engineering, and related subjects.

Experience

As you gain more professional experience, your earning power tends to also increase. The approximate average base salary you can anticipate, based on your years of experience, according to Glassdoor, is as follows: [6]: 

• 0–1 year: $62,000–$111,000

• 1–3 years: $67,000–$119,000

• 4–6 years: $74,000–$131,000

• 7–9 years: $78,000– $137,000

• 10–14 years: $86,000–$147,000

• 15 or more years: $96,000–$163,000

Read more: Your Guide to Cybersecurity Careers

Skills

A pertinent range of skills can enhance your appeal to potential employers and significantly affect your efficiency in assessing security systems as a penetration tester, leading to higher pay. According to Payscale, penetration testers possess the following essential skills, which can affect earning potential as follows [2]:

• Vulnerability assessment: $90,893

• Penetration testing: $93,315

• Cybersecurity: $93,181

• Security testing and auditing: $96,014

• Network security management: $79,047

Read more: 15 Essential Skills for Cybersecurity Analysts

Certifications

Earning relevant certifications can increase your income potential, as organizations often value certified penetration testers who can significantly strengthen their cybersecurity initiatives. Below are some industry-recognized certifications worth exploring: 

• Certified Ethical Hacker (CEH): $84,933 [7]

• GIAC Penetration Tester (GPEN): $110,000 [8]

• Licensed Penetration Tester (LPT): $106,000 [9]

• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN): $113,000 [10]

Read more: 4 Ethical Hacking Certifications to Boost Your Career

Industry

The industry you choose to work in can also influence your annual income. Below is a list of industries that tend to offer high salaries for penetration testers, based on Glassdoor as of February 2024 [6]:

• Information technology: $115,148

• Financial services: $121,866

• Management and consulting: $111,612

• Health care: $105,262

Location

Your income can vary considerably based on your geographic location, with certain cities offering salaries above average. If you're open to relocating, exploring location-specific salary data can help you make an informed decision. However, keep in mind, if you live in a location with a high cost of living, you’ll require a higher salary than you would in a location with a lower cost of living to afford the same lifestyle.

Highest-paying cities for penetration testers 

The following are top-paying cities for penetration testers in the US [11]:

• Arlington, VA: $136,307 

• Seattle, WA: $127,557 

• San Francisco, CA: 126,939

• Austin, TX: $126,771 

• Dallas, TX: $125,980 

• Los Angeles, CA: $124,063

• Denver, CO: $122,487 

Company 

Pay varies between firms based on several factors, including company size, financial health, and your level of experience and expertise. Company policies can further impact pay variations. In essence, the differences in pay between companies are influenced by a combination of factors, and it's vital to consider these elements when evaluating job offers and negotiating your compensation.

Highest-paying companies for penetration testers

The following list highlights top-paying companies for penetration testers in the US as of February 2024, according to Glassdoor [6]:

• IBM: $153,861

• Schellman: $110,810

• RSM: 107,551

• A-Lign: $104,883

• Booz Allen Hamilton: $102,922

Job outlook

According to the US Bureau of Labor Statistics (BLS), employment opportunities for the closely related role of information security analyst will increase by 32 percent in the decade spanning from 2022 to 2032 [12]. This growth is significantly faster than the average for all jobs and equates to an average of 16,800 job openings each year throughout the decade [12]. 

Get started with Coursera. 

If you’re interested in starting a career in cybersecurity, consider the Google Cybersecurity Professional Certificate on Coursera. This program is designed ​​to help individuals with no previous experience find their first job in the field of cybersecurity, all at their own pace. The courses cover topics such as security models, tools that are used to access and address threats, networks, and more.