Vulnerability Analyst / Penetration Tester
What Does a Professional in this Career Do?
A Vulnerability Analyst or Penetration Tester probes for and exploits security vulnerabilities in web-based applications, networks and systems. Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system. Vulnerability Assessments are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them.
Job Outlook
There were 392 Vulnerability Analyst / Penetration Tester job postings in North Carolina in the past year and 16782 in the United States.
In combination with other careers in the Cyber / Information Security Engineer / Analyst industry, which includes the Vulnerability Analyst / Penetration Tester career, the following graph shows the number of people employed for each year since 2016:
Salary
Many new Vulnerability Analyst / Penetration Tester jobs have salaries estimated to be in the following ranges, based on the requirements and responsibilities listed in job postings from the past year.
National
The average estimated salary in the United States for this career, based on job postings in the past year, is $124,103.
State
The average estimated salary in North Carolina for this career, based on job postings in the past year, is $117,584.
Percentiles represent the percentage that is lower than the value. For example, 25% of estimated salaries for Vulnerability Analyst / Penetration Tester postings in the United States in the past year were lower than $106,868.
Education and Experience
Posted Vulnerability Analyst / Penetration Tester jobs typically require the following level of education. The numbers below are based on job postings in the United States from the past year. Not all job postings list education requirements.
Education Level | Percentage |
---|---|
Associate's Degree | 0% |
Bachelor's Degree | 63.16% |
Master's Degree | 20.11% |
Doctoral Degree | 6.01% |
Other | 6.35% |
Posted Vulnerability Analyst / Penetration Tester jobs typically require the following number of years of experience. The numbers below are based on job postings in the United States from the past year. Not all job postings list experience requirements.
Years of Experience | Percentage |
---|---|
0 to 2 years | 15.69% |
3 to 5 years | 42.74% |
6 to 8 years | 22.74% |
9+ years | 18.83% |
Skills
Below are listings of the most common general and specialized skills Vulnerability Analyst / Penetration Tester positions expect applicants to have as well as the most common skills that distinguish individuals from their peers. The percentage of job postings that specifically mention each skill is also listed.
Baseline Skills
A skill that is required across a broad range of occupations, including this one.
- Communication (41.1%)
- Management (28.82%)
- Research (27.2%)
- Operations (23.35%)
- Leadership (21.99%)
- Problem Solving (20.56%)
- Information Technology (18.62%)
- Writing (14.98%)
- Planning (12.87%)
- Troubleshooting (Problem Solving) (11.9%)
Defining Skills
A core skill for this occupation, it occurs frequently in job postings.
- Qualys (6.1%)
- Cyber Defense (6.91%)
- Burp Suite (9.23%)
- Automation (22.58%)
- Penetration Testing (39.02%)
- Computer Science (37.19%)
- Cyber Security (59.1%)
- Operating Systems (20.17%)
- Open Web Application Security Project (OWASP) (10.57%)
- Python (Programming Language) (28.79%)
- Offensive Security (8.83%)
- Security Testing (10.42%)
- Vulnerability Assessments (25.78%)
- Vulnerability Scanning (17.9%)
- Vulnerability Management (20.71%)
- Nessus (12.85%)
- Metasploit (7.73%)
- Vulnerability (63.51%)
- Red Teaming (5.62%)
Necessary Skills
A skill that is requested frequently in this occupation but isn’t specific to it.
- DevSecOps (5.03%)
- Bash (Scripting Language) (9.72%)
- Cyber Threat Intelligence (18.25%)
- Cloud Security (6.56%)
- Agile Methodology (9.41%)
- C (Programming Language) (8.57%)
- Cyber Risk (6.82%)
- Data Analysis (7.51%)
- JavaScript (Programming Language) (6.72%)
- Java (Programming Language) (15.09%)
- Application Programming Interface (API) (9.75%)
- Application Security (13.24%)
- Software Development (10.26%)
- Amazon Web Services (12.85%)
- Mobile Application Development (3.79%)
- Test Automation (4.21%)
- Auditing (20.15%)
- Microsoft Azure (10.33%)
- Authentications (7.26%)
- Cloud Infrastructure (1.65%)
- Unix (6.98%)
- C++ (Programming Language) (9.28%)
- Computer Engineering (9.07%)
- Incident Response (18.47%)
- Encryption (6.82%)
- Code Review (6.03%)
- Firewall (11.76%)
- DevOps (3.96%)
- Information Systems (15.55%)
- Security Controls (13.9%)
- Linux (17.78%)
- ISO/IEC 27001 (6.33%)
- Information Assurance (7.11%)
- Perl (Programming Language) (5.58%)
- Risk Analysis (15.31%)
- Risk Management (10.21%)
- Identity And Access Management (5.58%)
- Network Protocols (8.48%)
- Network Security (13.28%)
- Tooling (4.62%)
- Project Management (8.88%)
- Security Requirements Analysis (7.84%)
- Scripting (19%)
- Threat Modeling (6.45%)
- Windows PowerShell (10.96%)
- Web Applications (4.25%)
- Security Information And Event Management (SIEM) (7.53%)
- Test Planning (7.63%)
- TCP/IP (5.67%)
- IT Security (10.01%)
- Mitigation (11.46%)
- Triage (5.23%)
- Authorization (Computing) (6.51%)
- Industry Standards (7.03%)
- Programming Languages (6.52%)
Distinguishing Skills
A skill that may distinguish a subset of the occupation.
- Application Security Testing (1.49%)
- Rapid7 (2.9%)
- Dynamic Application Security Testing (DAST) (2.76%)
- Defense In Depth (2.96%)
- MITRE ATT&CK Framework (6.45%)
- Attack Surface Management (3.98%)
- Common Vulnerability Scoring System (CVSS) (2.08%)
- Ethical Hacking (5.12%)
- Fuzz Testing (1.44%)
- Kali Linux (6%)
- Web Application Security (2.65%)
- SQL Injection (2.5%)
- Nmap (6.02%)
- Social Engineering (6.09%)
- Web Application Penetration Testing (3%)
Salary Boosting Skills
A professional who wishes to excel in this career path may consider developing the following highly valued skills. The percentage of job postings that specifically mention each skill is listed.
- Dynamic Application Security Testing (DAST) (3.5%)
- MITRE ATT&CK Framework (8.18%)
- Red Teaming (7.12%)
- Cyber Defense (8.75%)
- Defense In Depth (3.75%)
- Attack Surface Management (5.05%)
- Computer Science (47.13%)
- Common Vulnerability Scoring System (CVSS) (2.63%)
- Cyber Security (74.9%)
- Ethical Hacking (6.49%)
- Fuzz Testing (1.82%)
- Offensive Security (11.19%)
- Web Application Security (3.35%)
- Metasploit (9.8%)
- Nessus (16.29%)
Alternative Job Titles
Sometimes employers post jobs with Vulnerability Analyst / Penetration Tester skills but a different job title. Some common alternative job titles include:
- Cybersecurity Analyst
- Penetration Tester
- Vulnerability Management Analyst
- Vulnerability Analyst
- Security Analyst
- Vulnerability Researcher
- Security Consultant/Penetration Tester
- Ethical Hacker
- Vulnerability Management Engineer
- Cybersecurity Specialist
Similar Occupations
If you are interested in exploring occupations with similar skills, you may want to research the following job titles. Note that we only list occupations that have at least one corresponding NC State Online and Distance Education program.
- Cyber Security Engineer
- Cyber Security Manager / Administrator
- Cyber Security Architect
- Incident Analyst / Responder
Common Employers
Here are the employers that have posted the most Vulnerability Analyst / Penetration Tester jobs in the past year along with how many they have posted.
United States
- Nelnet (329)
- Pacific Northwest National Laboratory (317)
- Palo Alto Networks (304)
- Booz Allen Hamilton (252)
- Northrop Grumman (232)
- Peraton (213)
- AT&T (212)
- Deloitte (211)
- Leidos (208)
- Marriott International (154)
North Carolina
- Truist Financial (17)
- AT&T (16)
- Insight Global (12)
- Bank of America (10)
- Black & Veatch (9)
- Motion Recruitment (9)
- Allegis Group (7)
- MetLife (7)
- CACI International (7)
- Eliassen Group (6)
NC State Programs Relevant to this Career
If you are interested in preparing for a career in this field, the following NC State Online and Distance Education programs offer a great place to start!
All wages, job posting statistics, employment trend projections, and information about skill desirability on this page represents historical data and does not guarantee future conditions. Data is provided by and downloaded regularly from Lightcast. For more information about how Lightcast gathers data and what it represents, see Lightcast Data: Basic Overview on Lightcast's Knowledge Base website.