Penetration Testers
Evaluate network system security by conducting simulated internal and external cyberattacks using adversary tools and techniques. Attempt to breach and exploit critical systems and gain access to sensitive information to assess system security.
Median pay (national)
$108,970
$52,650–$176,800 (10th–90th)
Employed (US)
439,380
BLS OEWS, May 2024
Outlook 2024–34
+8.2%
~31,300 openings/yr
Typical entry
Bachelor's degree
What the numbers say
Refit analysis ·Pay for penetration testers shows an unusually wide range: the top 10% earn $176,800 versus $52,650 at the bottom 10% — 3.4x. The median of $108,970 leaves roughly 62% of headroom to the 90th percentile, which is where seniority, specialization, and the skills below tend to pay off.
Refit analysis ·Employment is projected to change +8.2% from 2024 to 2034 — much faster than the 3% average for all occupations. Even so, BLS projects about 31,300 openings a year, mostly to replace workers who retire or change careers.
Refit analysis ·Where you work moves the number a lot. Across the 53 states with released data, Virgin Islands pays the most for this role (median $179,830, +65% vs the national median), while Puerto Rico sits lowest at $42,250 — a 326% spread for the same job title.
Tailor your resume to Penetration Testers
Honest tailoring
See how your resume lines up with Penetration Testers
Refit re-angles your real experience toward this role using the skills above — and never invents skills you don't have. A no-fabrication gate checks every change before you see it.
Free. No account needed to see your first re-fit.
What they actually do
Core O*NET tasks for this role.
- Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
- Collect stakeholder data to evaluate risk and to develop mitigation strategies.
- Conduct network and security system audits, using established criteria.
- Configure information systems to incorporate principles of least functionality and least access.
- Design security solutions to address known device vulnerabilities.
- Develop and execute tests that simulate the techniques of known cyber threat actors.
- Develop infiltration tests that exploit device vulnerabilities.
- Develop presentations on threat intelligence.
- Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
- Discuss security solutions with information technology teams or management.
Tools & technology
- Amazon Web Services AWS software
- Bash
- C
- C#
- C++
- Firewall software
- JavaScript
- Kali Linux
- Linux
- Metasploit
- Microsoft Active Directory
- Microsoft Azure software
- Microsoft PowerShell
- MITRE ATT&CK software
- Nmap
- Oracle Java