Penetration tester

Penetration tester salary [Updated 2021]

January 4, 2021 by Greg Belding


For some, aiming for one of the most glamorous or cool jobs is their cup of tea, and for many in information security their equivalent role is penetration tester. Much like an action movie in the vein of “Mission Impossible,” you’ll get to hack into computer systems for a legitimate purpose. 

The question then remains — how much can you expect to earn as a pentester? This article will address how much you can make as a pentester, what factors you can expect to impact your salary, and tips to boost your salary if you are hungry to earn more.


What is a penetration tester?

For those still wondering what a penetration tester is, I’ve got you covered. Pentesters use an array of ethical hacking, general hacking knowledge and other information security skills to test computers, information systems, networks and IT systems for exploitable vulnerabilities that attackers can take advantage of. After finding these vulnerabilities, they simulate real-life cyberattacks with a variety of tools and methods. Simply put, pentesters get paid to legally hack with the goal of improving organizational information security. 

To better understand what this role does, below is a list of common pentester responsibilities:

  • Performing formal penetration tests on networks, computer systems and Web applications
  • Performing physical security assessments on systems, servers and network devices
  • Probing for vulnerabilities in a variety of applications including fat/thin client, Web and standard applications
  • Designing and creating new pentesting tests and tools

Required education

Organizations generally require pentesters to at least have a Bachelor of Science degree in computer science, computer information systems, information technology or a related field. Some organizations require specialized education (if they use Linux or Unix, for example) and certifications before they will hand over the reins of their pentesting role to you. If this sounds like your situation, make sure you invest in learning the operating systems the organization uses.

There are different options for pentester certifications, but some are better than others. The most on-point pentesting certification is the Certified Ethical Hacker certification, or CEH. This certification will provide enough of a verification of your pentesting skills for most organizations. 

If you want to start stacking your certifications for pentesting roles, another good certification is the Certified Information Systems Security Professional (CISSP). This certification will be of value, but it should be noted that only part of the covered material concerns pentesting.

Penetration tester national average salary

Aside from being one of the most attractive information security roles, the salary you can expect as a national average is appealing as well. According to PayScale, the U.S. national average for pentesters salaries is $82,257, which is a comfortable annual take by any stretch. What’s more, this figure also outshines the national average for all jobs in the United States, which stands at only $47,060. Pentesters clearly have a pay advantage over the average job.

The most important thing to remember here is that this figure is a median and does not represent your earning potential for the lifespan of this role, as it can vary significantly based on many factors. Below, we will explore different factors that can affect how much you can earn as a pentester.


Possibly the largest factor affecting a pentester salary is your professional pentesting experience. To fully explain this, it is best to look at how much you can expect to earn at different experience levels. For entry-level pentesters, they can expect to earn $66,624. A little later in your career, but still early level, you can expect to earn $76,494. This is where it gets good — at the mid-level of your career, you can expect $101,167. As an experienced pentester you can expect $117,620 and in the late stage it dips a bit to $108,572. 

The most interesting takeaway is that you will be earning more in the experienced part of your career than in the late stage. This discrepancy may be attributed to the fact that only 2.4% of all pentesters are in the late stage of their career.


Another impactful factor on this role’s salary is what skills you possess as a pentester. Having a broader skill set will reap bigger rewards in your salary, and this is clearly shown in the numbers themselves. For example, a pentester that has black-box testing skills can expect to earn 14% more than if he/she did not. Less on-point skills, including encryption, will only boost your pentester salary by 4%. 

Metropolitan area

Where you live has a major impact on your pentester salary, and it is counterintuitive in some cases. Pentesters in Washington, D.C. can expect an increase of 22% over the national average, those in Chicago can expect a 17% increase, Seattle pentesters get 12% more than the national average and in Atlanta, Georgia you will take home an extra 9%. The interesting point here is that pentesters are paid relatively low in New York City, where they will take home 6% less than the national average. It looks like not everything is quite as big in the Big Apple!


Pentesting is a cool information security role that is rewarded handsomely compared to the national average of all jobs in the United States. This healthy figure can be bolstered by factors such as experience, skills and even the metropolitan area that you live in. 

Not all cool jobs have a pay rate that match their “cool” levels but given that pentesting is an appealing role with appealing pay, it should be appealing to any ethical hacker/hacking enthusiast.



  1. Average Penetration Tester Salary, PayScale
  2. Become a Penetration Tester, Cyber Degrees
  3. Penetration Tester: Requirements, Training & Certification,
  4. So You Want To Be A Penetration Tester, Dark Reading
Posted: January 4, 2021
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.