How much do penetration testers make?

Penetration testers earn $85,000–$185,000+ at the mid-to-senior level. Entry-level junior pentesters typically earn $65,000–$90,000. Mid-level pentesters with OSCP certification earn $100,000–$145,000. Senior pentesters and red team leads earn $145,000–$200,000+. Independent freelance pentesters charge $150–$400/hour for engagement-based work. Big 4 consulting and boutique pentesting firms like Rapid7, NCC Group, and Bishop Fox pay competitive salaries with less volatility than startups.

What is the difference between a penetration tester and a red teamer?

Penetration testing is typically scoped, time-limited (1–4 weeks), and follows a defined methodology with clear deliverables (written report with findings and recommendations). Red team operations are broader, longer (weeks to months), simulate full advanced persistent threat (APT) scenarios, test organizational detection and response capabilities, and may include physical access attempts and social engineering. Red teamers typically earn 15–30% more than pentesters due to greater scope and sophistication required.

Is OSCP required for penetration testing jobs?

OSCP is not technically required, but it is heavily preferred by hiring managers. Multiple surveys of penetration testing job postings show OSCP appears in 40–60% of mid-to-senior level requirements. Employers specifically value OSCP because the 24-hour practical exam cannot be passed by memorization — it requires actual hands-on exploitation skills. Without OSCP, candidates need to demonstrate ability through HackTheBox or TryHackMe rankings, CTF accomplishments, or a strong GitHub portfolio with security tools.

What types of penetration testing pay the most?

By specialty: Red team operations pay the highest full-time salaries ($145,000–$220,000). Hardware and IoT penetration testing commands premiums ($120,000–$185,000) due to specialized knowledge. ICS/SCADA penetration testing for industrial infrastructure pays $130,000–$200,000. Mobile application penetration testing is high-demand ($110,000–$165,000). Cloud penetration testing (AWS, Azure, GCP) is fastest-growing (+25% YoY demand). Web application penetration testing has the most job openings and best entry path.

Penetration Tester Salary Guide (2026): OSCP, Career Path, and Real Pay

Penetration testing turns attacker techniques into a legitimate profession. Here’s the full salary picture — from junior web app testers to senior red team operators.

Penetration Tester Salary Overview

By Experience Level

Level	Annual Salary
Entry-level (junior pentester, 0–2 yrs)	$65,000–$90,000
Mid-level pentester (2–5 yrs, OSCP)	$100,000–$145,000
Senior pentester (5+ yrs)	$140,000–$185,000
Red team lead	$155,000–$220,000
Principal / consultant (boutique firm)	$165,000–$240,000

Salary by Pentesting Specialty

Specialty	Annual Pay Range
Web application penetration testing	$85,000–$160,000
Network / infrastructure penetration testing	$90,000–$165,000
Cloud penetration testing (AWS/Azure/GCP)	$105,000–$180,000
Mobile app penetration testing (iOS/Android)	$110,000–$165,000
Hardware / IoT penetration testing	$120,000–$185,000
ICS / SCADA industrial systems testing	$130,000–$200,000
Red team operations	$145,000–$220,000

Salary by Employer Type

Employer	Pay Range
Boutique pentesting firm (Bishop Fox, NCC Group, Rapid7)	$100,000–$200,000
Big 4 consulting (Deloitte, KPMG, EY, PwC)	$95,000–$185,000
In-house (FAANG, financial sector)	$130,000–$240,000
Defense contractor (Booz Allen, MITRE, SAIC)	$105,000–$185,000 + clearance premium
Government / DoD (with clearance)	$100,000–$180,000
Independent freelance	$150–$400/hr
MSSP (managed security service provider)	$80,000–$140,000

Security Clearance Premium

Clearance Level	Annual Pay Premium
Secret	+$10,000–$20,000
Top Secret	+$20,000–$40,000
TS/SCI	+$30,000–$60,000

Cleared pentesters working for defense contractors are in extremely high demand.

Key Penetration Testing Certifications

Cert	Cost	Format	Employer Value
eJPT (eLearnSecurity)	$200	Entry; multiple choice	Beginner credential
CompTIA PenTest+	$370	Multiple choice	Some compliance roles
PNPT (TCM Security)	$400	Practical 5-day + report	Growing recognition
OSCP (Offensive Security)	$1,499	24-hr practical + report	Gold standard
OSEP (Offensive Security)	$1,499	Advanced exploitation	Senior / red team
CRTO (Zero-Point Security)	$400	Practical; red team C2	Red team premium
GPEN (GIAC)	$2,000	Multiple choice + lab	Enterprise
CREST CPSA / CRT	$600–$1,200	UK standard; US accepted	UK-linked firms

Career Entry Path

Stage	Action	Timeline
1	Complete TryHackMe Jr. Penetration Tester path	3–4 months
2	Practice HackTheBox retired machines	Ongoing
3	Earn eJPT or Security+	1–2 months
4	Complete Offensive Security PEN-200 and earn OSCP	3–6 months
5	Apply for junior pentester roles	6–12 month job search
6	Specialize in cloud, mobile, or ICS	Year 2–3

Freelance Penetration Testing Rates

Service	Typical Rate
Web application pentest (small app)	$5,000–$15,000
Web application pentest (large scope)	$15,000–$35,000
Network/infrastructure pentest (SMB)	$8,000–$20,000
External attack surface assessment	$3,000–$8,000
Social engineering test	$2,000–$8,000
Full red team engagement	$30,000–$150,000+

Job Outlook

BLS projects 33% information security analyst job growth through 2033. Penetration testing specifically is driven by:

PCI DSS 4.0 mandatory annual internal/external penetration testing requirements for payment card merchants
HIPAA and healthcare security requirements driving medical sector demand
SOC 2 Type II compliance requiring regular security assessments
Ransomware surge making proactive offensive security top C-suite priority
Cloud adoption increasing attack surface complexity — cloud pentest skills outpacing supply