A penetration tester is the person you pay to break in before someone who means it does. They simulate real attacks against your networks, applications, and people, then hand you a prioritised report of what they found and how to fix it. Hire well and you get genuine assurance plus a roadmap; hire a tool-runner and you get an automated scan in a PDF wrapper that misses the findings that actually matter.
What you are actually hiring for
A pen tester runs point-in-time offensive assessments - distinct from an AppSec engineer (who builds and reviews secure code continuously) and a SOC analyst (who defends). The work spans a few flavours, and which you need shapes the whole hire:
- Network / infrastructure testing: external and internal, finding the path from a foothold to domain admin.
- Web and application testing: hands-on exploitation of apps and APIs beyond what scanners catch.
- Red teaming: goal-based, stealthy, adversary-emulation engagements that test detection and response, not just vulnerabilities.
- Cloud, mobile, and social engineering as your environment demands.
Decide up front whether you want a consultant profile (fast-paced, many short engagements, strong reporting) or an in-house tester (deep on one environment, often building a continuous testing capability), and which assessment types you actually need.
What to budget
Pen-test pay ranges widely with skill and specialism - an OSCP-level tester and a senior red-teamer who can evade modern EDR are very different hires at very different numbers. Use the benchmarks below as the by-country baseline.
| Country | Salary range (market benchmark) |
|---|---|
| United States | $95k–$155k |
| Canada | C$93k–C$153k |
| United Kingdom | £41k–£70k |
| Germany | €51k–€81k |
| Australia | A$109k–A$179k |
| Singapore | S$81k–S$132k |
| Netherlands | €51k–€81k |
| Kenya | KES 2.0M–3.5M |
Market benchmark (refreshed quarterly). See the live salary report for current cuts from open jobs →
Two budgeting notes: red teaming and specialised testing (cloud, hardware, advanced evasion) command a real premium over general network/web testing; and the talent is mobile and in demand, so a strong tester compares offers on interesting scope and learning as much as on pay - sell the work, not just the number.
What to screen for
The gap between a great pen tester and a scanner-operator is enormous, and a resume hides it. Screen for demonstrable skill:
- Hands-on exploitation, not tool output. Give them a box or a lab and watch them work - methodology, creativity, and the ability to chain findings, not just run a scanner and paste results.
- The report is the deliverable. A finding nobody can act on is worthless. Ask for a redacted sample report; clear writing and prioritised, actionable remediation matter as much as the hack.
- Professionalism and scope discipline. They operate on live systems under rules of engagement - judgement, communication, and trustworthiness are non-negotiable.
- Current technique. The field moves fast; look for someone who keeps up (labs, CTFs, research) rather than relying on a years-old playbook.
Green flags: OSCP or harder, CTF placements, bug-bounty results, published CVEs or write-ups, a home lab. Red flags: can run Nessus/Burp but not explain an exploit, no sample report, treats rules of engagement as optional.
Where to find candidates
Offensive talent is visible if you look where the skill is demonstrated:
- CTF players and bug-bounty hunters - the skill is public and verifiable.
- OSCP / OSEP holders and HackTheBox / TryHackMe top performers.
- Pen-test consultancies (a common path to in-house roles) and offensive-security communities and conferences.
Certs (OSCP, CEH) are a useful filter - OSCP especially signals hands-on ability - but weight a CTF record, a CVE, or a strong sample report over any credential.
Offensive-security roles hiring now - who else is hiring and what they offer:
Sr. Consultant - Cloud Red Team Blue Team (Remote)
CrowdStrike · USA - Remote
Senior Consulting Director, Offensive Security, Proactive Services (Unit 42)
Palo Alto Networks · Remote - USA - CA
WebApp Offensive Security Engineer
Horizon3.ai · US, Remote
Writing the job description
Be specific - vague pen-test postings attract tool-runners, not operators:
- Name the assessment types (network, web, red team, cloud) and the split between them - it is the single biggest filter.
- Say consultant vs in-house and the travel / on-site expectations - they attract different people.
- Keep cert requirements realistic - "OSCP or equivalent demonstrable skill" widens the pool without lowering the bar.
- Publish the salary range and sell the scope - strong testers choose engagements they will learn from.
Frequently asked questions
- How much should I budget to hire a Penetration Tester?
- In the United States, penetration tester compensation typically runs $95k-$155k (market benchmark). Pay varies widely by country - see the salary table on this page.
- How hard is it to hire a Penetration Tester right now?
- Security talent is in tight supply - we currently list 25 active Penetration Tester roles across 150+ employers, so you are competing on speed and offer. Posting on a specialist board reaches candidates already searching for security work.
- What certifications should I require for a Penetration Tester?
- Do not over-index on certs - demonstrable hands-on skill (code, cloud, a home lab) outweighs paper, and a hard cert requirement shrinks an already-thin pool. Where certs matter (government-adjacent, enterprise, HR filters), the most-requested are OSCP and CEH. Treat them as a positive signal, not a gate.
- Should I hire a remote or onsite Penetration Tester?
- Many penetration testers expect remote or hybrid, and opening the role to remote materially widens your candidate pool. The live snapshot above shows the share of these roles currently offered remote.
- How much does it cost to post a Penetration Tester job?
- $299 for a 30-day listing on InfoSec Job Board - flat, no subscription, Google Jobs eligible. Candidates apply directly to your ATS.