18 Realistic Pen Testing Salaries in the US: 2024 Edition
Penetration testing, or ethical hacking, has become one of the most in-demand skills in the cybersecurity field. Pen testers, or those who identify vulnerabilities in systems before malicious hackers do, play a vital role in safeguarding digital infrastructure.
As companies become more aware of the need for robust security measures, salaries for pen testers continue to rise. However, salary figures can sometimes be misleading, especially when averages are inflated by high-cost areas.
To help you gain a better understanding of what penetration testers can realistically expect to earn in different parts of the US, we’ve compiled salary data across 18 cities.
Ready to break into this exciting field? Enroll in QuickStart's Cybersecurity Bootcamp as a foundation for Penetration Testing.
Learn penetration testing in months, not years, with our Certified Penetration Testing Professional online course.
Whether you're a seasoned IT professional or considering leaping into the cybersecurity field, understanding regional salary trends can help you map out a successful career.
What Does a Penetration Tester Do?
A penetration tester helps find and exploit vulnerabilities in a company’s digital systems, networks, and applications. By simulating cyberattacks, they identify weak points that malicious hackers could exploit.
Think of it this way: Penetration testers are essentially just company-sponsored hackers. That’s why they’re also known as white hat hackers or ethical hackers, which implies they have the company’s permission to gain otherwise unauthorized access to their systems. Since pentesters are just hackers, they need the same experience as a hacker, which means knowledge, tools, and methods.
Once these vulnerabilities are exposed, the tester provides detailed reports and recommendations to enhance the company's security measures. Their work ensures that organizations can better protect their sensitive data and infrastructure from real-world threats.
Common Tasks
By mimicking the actions of malicious hackers, penetration testers help companies uncover weaknesses in their digital infrastructure. Below are some of the most common tasks a penetration tester undertakes to protect sensitive data and strengthen defenses:
- Conducting physical security tests, such as accessing restricted areas or devices.
- Exploiting and documenting vulnerabilities to inform future security improvements.
- Identifying security gaps in systems, applications, and networks.
- Performing social engineering tests to evaluate how easily employees can be manipulated into giving access to sensitive information.
- Providing detailed reports with recommendations for enhancing security measures.
- Testing network defenses to simulate real-world cyberattacks.
Penetration testers are essential in today’s digital landscape, where cyber threats are constantly evolving. By performing a wide range of security tests and assessments, these professionals help organizations stay ahead of attackers and fortify their defenses.
Read More: How to Become a Penetration Tester
18 Honest Penetration Tester Salaries in the US
Let's examine a variety of realistic penetration tester salaries. Remember, salaries for penetration tester positions vary based on factors like experience, education, and active certifications. Your income can also vary based on your location*:
|
City |
State |
Minimum Salary |
Average Salary |
Maximum Salary |
|
CA |
$88,029 |
$112,066 |
$140,526 |
|
|
DC |
$78,381 |
$100,674 |
$125,125 |
|
|
TX |
$90,165 |
$100,823 |
$113,663 |
|
|
CO |
$92,715 |
$103,674 |
$116,878 |
|
|
WA |
$100,456 |
$112,331 |
$126,637 |
|
|
NY |
$82,254 |
$105,648 |
$131,308 |
|
|
MN |
$96,631 |
$108,053 |
$121,815 |
|
|
OR |
$94,901 |
$106,118 |
$119,633 |
|
|
NC |
$88,343 |
$98,786 |
$111,367 |
|
|
UT |
$68,310 |
$87,739 |
$109,048 |
|
|
IA |
$68,310 |
$87,739 |
$109,048 |
|
|
PA |
$69,367 |
$89,096 |
$110,735 |
|
|
OH |
$69,155 |
$88,825 |
$110,397 |
|
|
AZ |
$66,831 |
$85,840 |
$106,688 |
|
|
GA |
$68,944 |
$88,553 |
$110,060 |
|
|
MO |
$68,944 |
$88,553 |
$110,060 |
*Salary data sourced from Salary.com for 2024.
Penetration tester salaries fluctuate based on location, with larger metropolitan areas such as San Francisco, Washington, D.C., and Austin providing the highest earning potential.
In contrast, mid-sized cities like Tucson and Cleveland offer lower salaries, though they can still be competitive depending on experience and industry demand.
Salary Considerations for Penetration Testers
When evaluating compensation for penetration testers, it's essential to consider several factors beyond just location, including experience, certifications, and industry demand.
Experience and Education
Penetration testers generally require six to eight years of overall experience to command higher salaries, with three to five years spent in non-security roles before transitioning into cybersecurity.
Common prior positions include network engineer, sysadmin, or software engineer, all of which provide a solid technical foundation for penetration testing. This blend of experience and technical expertise is crucial for excelling in the cybersecurity field.
High Demand for Penetration Testers
In 2024, the cybersecurity industry faces a significant workforce shortage, with over 750,000 unfilled positions in the U.S. alone and a global shortfall of 3.5 million roles. This critical gap emphasizes the growing demand for skilled professionals, particularly as organizations across various sectors continue to bolster their defenses against cyber threats.
The rise in high-profile data breaches and the implementation of stringent regulations like GDPR have further escalated the need for experienced penetration testers. These professionals are essential for identifying and mitigating vulnerabilities, helping companies prevent cybercrime, and meeting compliance standards in an increasingly complex digital landscape.
Tools and Methods for Penetration Testing: Kali Linux
Penetration testers rely on a variety of advanced tools and methods to identify, exploit, and document vulnerabilities in systems, ensuring comprehensive security assessments.
Hackers are both looking for open doors (like open ports, weak passwords, or un-updated software) — and also cracks in your system. Cracks may include user input fields unprotected from SQL injections. To find these open doors and cracks, penetration testers and hackers alike will use the Kali Linux operating system.
Kali Linux is a widely-used operating system specifically designed for penetration testing, offering over 600 security tools to assess system vulnerabilities. Among its most popular tools are Nmap, used for network discovery and security auditing, and Metasploit, a powerful framework for identifying and exploiting weaknesses.
These tools allow penetration testers to simulate real-world attacks and uncover critical security flaws across networks and applications.
Hackers and penetration testers mix and match the 600+ tools available to them in Kali Linux into methods that match the system types, vulnerabilities they unearth, and their goals. But, ultimately, a penetration tester can actually be boiled down into a simple formula:
- Find vulnerabilities
- Exploit the vulnerability
- Document the vulnerability
Once vulnerabilities are uncovered, they exploit them in controlled environments to assess the potential impact of real-world attacks.
Finally, testers document their findings in detailed reports, providing recommendations to enhance security and mitigate future risks.
Enroll in our Cybersecurity Bootcamp program to launch your career in cybersecurity.
Pen Testing Education: PenTest+, CEH, OSCP
Obtaining the right education and certifications is essential for penetration testers to build the necessary skills and demonstrate their expertise in cybersecurity.
CompTIA PenTest+
The CompTIA PenTest+ is a beginner to intermediate-level certification that equips individuals with the essential tools and methodologies needed for entry-level penetration testing roles. It offers a solid foundation for those entering the field, validating their skills in identifying and addressing system vulnerabilities.
However, while it opens doors to entry-level positions, it may not significantly impact earning potential for more advanced or senior roles.
EC-Council CEH (Certified Ethical Hacker)
The EC-Council Certified Ethical Hacker (CEH) certification is a hands-on exam that evaluates a candidate's ethical hacking abilities in a virtual lab environment. This certification is highly regarded, particularly for those looking to advance into senior-level cybersecurity positions. It significantly boosts earning potential, especially in government and defense sectors where ethical hacking skills are in high demand.
Take our CEH Course to become an ethical hacker today!
Offensive Security Certified Professional (OSCP)
The Offensive Security Certified Professional (OSCP) is a rigorous 24-hour practical exam that tests advanced penetration testing skills in real-world scenarios. It is highly respected within the cybersecurity community, as it demonstrates both technical expertise and problem-solving abilities.
Earning the OSCP certification can significantly boost a professional's earning potential, often leading to top-range salaries in the field.
Company Type and Penetration Testing
Company type plays a crucial role in determining the scope and focus of penetration testing, as different industries face unique security challenges and regulatory requirements.
Working for Large Companies vs. Security Firms
Working for large companies versus security firms can offer vastly different experiences and career trajectories for penetration testers. In large corporations like Microsoft, pen testers often work within dedicated security teams, focusing solely on the company’s internal systems.
These positions typically come with stable, high-paying salaries, along with the benefit of working on long-term security initiatives specific to the company’s infrastructure.
On the other hand, penetration testers employed by security firms often have the opportunity to work across a wide variety of industries and systems. This can provide a more dynamic work environment, as they are tasked with assessing the security of multiple organizations with diverse security needs.
The variety of projects allows testers to build a broader skill set, although the pay may vary depending on the size and scope of each contract.
Government Demand
Penetration testers are increasingly sought after by federal and state governments due to the rise in state-sponsored hacking and cybersecurity threats. Governments prioritize robust security measures, and pen testers working in this sector are essential for identifying vulnerabilities and safeguarding critical infrastructure from foreign and domestic cyberattacks.
Government roles also provide competitive compensation, with the added focus on national security and compliance with strict regulations.
Make Penetration Testing Your Career Choice
With the increasing demand for cybersecurity professionals and the large number of unfilled roles, now is an ideal time to pursue a career in penetration testing. Pen testers are critical in defending organizations from cyber threats, and the field offers competitive salaries across various industries.
For those interested in a dynamic and rewarding career, penetration testing presents an excellent opportunity for growth and financial success.
Start your penetration testing career with our Cybersecurity Bootcamp as a foundation for Penetration Testing.
If you are an IT professional, enroll in our Certified Penetration Testing Professional online course to learn critical skills in security performance metrics, network monitoring, security threat analysis, and more from professional penetration testers.