Skip to main content
Information Technology - Careers

Information Technology

Information Technology | Vulnerability Analyst / Penetration Tester

Vulnerability Analyst / Penetration Tester

What Does a Professional in this Career Do?

A Vulnerability Analyst or Penetration Tester probes for and exploits security vulnerabilities in web-based applications, networks and systems. Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system. Vulnerability Assessments are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them.

Job Outlook

There were 122 Vulnerability Analyst / Penetration Tester job postings in North Carolina in the past year and 5053 in the United States.

In combination with other careers in the Cyber / Information Security Engineer / Analyst industry, which includes the Vulnerability Analyst / Penetration Tester career, the following graph shows the number of people employed for each year since 2015:

Salary

Many new Vulnerability Analyst / Penetration Tester jobs have salaries estimated to be in the following ranges, based on the requirements and responsibilities listed in job postings from the past year.

National

The average estimated salary in the United States for this career, based on job postings in the past year, is $116,327.

State

The average estimated salary in North Carolina for this career, based on job postings in the past year, is $109,577.

Percentiles represent the percentage that is lower than the value. For example, 25% of estimated salaries for Vulnerability Analyst / Penetration Tester postings in the United States in the past year were lower than $103,647.

Education and Experience

Posted Vulnerability Analyst / Penetration Tester jobs typically require the following level of education. The numbers below are based on job postings in the United States from the past year. Not all job postings list education requirements.

Education LevelPercentage
Associate's Degree0%
Bachelor's Degree70.91%
Master's Degree15.83%
Doctoral Degree3.38%
Other3.92%

Posted Vulnerability Analyst / Penetration Tester jobs typically require the following number of years of experience. The numbers below are based on job postings in the United States from the past year. Not all job postings list experience requirements.

Years of ExperiencePercentage
0 to 2 years13.62%
3 to 5 years48.23%
6 to 8 years24.9%
9+ years13.25%

Skills

Below are listings of the most common general and specialized skills Vulnerability Analyst / Penetration Tester positions expect applicants to have as well as the most common skills that distinguish individuals from their peers. The percentage of job postings that specifically mention each skill is also listed.

Baseline Skills

A skill that is required across a broad range of occupations, including this one.

  • Communication (45.62%)
  • Management (35.09%)
  • Research (31.8%)
  • Problem Solving (26.24%)
  • Operations (25.73%)
  • Leadership (22.62%)
  • Writing (16.66%)
  • Information Technology (15.59%)
  • Presentations (14.45%)
  • Security Policies (11.62%)

Defining Skills

A core skill for this occupation, it occurs frequently in job postings.

  • Qualys (14.73%)
  • Burp Suite (19.25%)
  • Automation (23.89%)
  • Penetration Testing (51.95%)
  • Linux (20.89%)
  • Cyber Security (49.95%)
  • Computer Science (41.95%)
  • Vulnerability Scanning (27.06%)
  • Nmap (10.83%)
  • Offensive Security (9.95%)
  • Social Engineering (11.09%)
  • Kali Linux (14.05%)
  • Vulnerability Management (41.73%)
  • Nessus (23.35%)
  • Red Teaming (7.04%)
  • Vulnerability Assessments (41.2%)
  • Vulnerability (89.61%)
  • Scripting (24.43%)
  • Metasploit (14.91%)

Necessary Skills

A skill that is requested frequently in this occupation but isn’t specific to it.

  • Cyber Threat Intelligence (18.79%)
  • Workflow Management (8.08%)
  • MITRE ATT&CK Framework (6.76%)
  • Ruby (Programming Language) (10.43%)
  • Defense In Depth (6.84%)
  • Amazon Web Services (13.59%)
  • Cyber Risk (6.54%)
  • Java (Programming Language) (11.57%)
  • C (Programming Language) (13.61%)
  • IT Security Architecture (4.14%)
  • C++ (Programming Language) (11.67%)
  • Auditing (20.35%)
  • Application Development (2.42%)
  • Cloud Security (9.29%)
  • C# (Programming Language) (5.68%)
  • Software Development (7.64%)
  • Application Programming Interface (API) (14.67%)
  • Microsoft Azure (11.79%)
  • Dashboard (5.2%)
  • Application Security (11.83%)
  • Bash (Scripting Language) (13.49%)
  • Python (Programming Language) (38.58%)
  • Perl (Programming Language) (7.34%)
  • Security Controls (9.79%)
  • Computer Networks (7.14%)
  • Unix (8.51%)
  • Information Systems (14.03%)
  • Incident Response (16.17%)
  • Federal Information Security Management Act (5.16%)
  • Operating Systems (30.74%)
  • Enterprise Security (5%)
  • Firewall (8.91%)
  • Data Analysis (8.63%)
  • Network Security (11.51%)
  • Risk Management (9.63%)
  • Debugging (6.3%)
  • Code Review (7.42%)
  • Computer Engineering (8.18%)
  • Open Web Application Security Project (OWASP) (17.37%)
  • Project Management (8.69%)
  • Web Applications (6.7%)
  • TCP/IP (8.26%)
  • Security Testing (9.57%)
  • Network Protocols (13.87%)
  • Programming Languages (6.9%)
  • Process Improvement (7.94%)
  • Threat Modeling (5.18%)
  • Triage (6.18%)
  • Mitigation (14.71%)
  • Windows PowerShell (14.29%)
  • Risk Analysis (14.45%)
  • Tooling (5.2%)
  • ServiceNow (8.41%)
  • IT Security (13.67%)

Distinguishing Skills

A skill that may distinguish a subset of the occupation.

  • Rapid7 (5.56%)
  • Binary Ninja (Reverse Engineering Software) (4.96%)
  • Attack Surface Management (9.19%)
  • IDA Pro (4.98%)
  • X86-64 (4.4%)
  • Ghidra (Reverse Engineering Software) (6.52%)
  • Fuzz Testing (4.22%)
  • Ethical Hacking (6.72%)
  • SQL Injection (3.72%)
  • HP WebInspect (2.5%)
  • Common Vulnerability Scoring System (CVSS) (5.38%)
  • WinDBg (2.82%)
  • Web Application Penetration Testing (5.46%)
  • Kenna Security (4.56%)

Salary Boosting Skills

A professional who wishes to excel in this career path may consider developing the following highly valued skills. The percentage of job postings that specifically mention each skill is listed.

  • Rapid7 (6.24%)
  • Qualys (16.55%)
  • Web Application Penetration Testing (6.13%)
  • Red Teaming (7.9%)
  • Nexpose (Vulnerability Scanning Software) (2.74%)
  • Ghidra (Reverse Engineering Software) (7.32%)
  • Attack Surface Management (10.33%)
  • Binary Ninja (Reverse Engineering Software) (5.57%)
  • X86-64 (4.94%)
  • Burp Suite (21.63%)
  • Common Vulnerability Scoring System (CVSS) (6.04%)
  • Cyber Security (56.12%)
  • Ethical Hacking (7.55%)
  • Kali Linux (15.79%)
  • Vulnerability Scanning (30.41%)
  • Offensive Security (11.18%)
  • Social Engineering (12.46%)
  • HP WebInspect (2.81%)
  • Scripting (27.44%)
  • Nessus (26.23%)

Alternative Job Titles

Sometimes employers post jobs with Vulnerability Analyst / Penetration Tester skills but a different job title. Some common alternative job titles include:

  • Penetration Tester
  • Vulnerability Management Analyst
  • Vulnerability Analyst
  • Vulnerability Researcher
  • Vulnerability Assessment Analyst
  • Vulnerability Management Engineer
  • Ethical Hacker
  • Information Security Analyst/Penetration Tester
  • Cybersecurity Associate
  • Security Analyst

Similar Occupations

If you are interested in exploring occupations with similar skills, you may want to research the following job titles. Note that we only list occupations that have at least one corresponding NC State Online and Distance Education program.

Common Employers

Here are the employers that have posted the most Vulnerability Analyst / Penetration Tester jobs in the past year along with how many they have posted.

United States

  • Marriott International (277)
  • Leidos (148)
  • Raytheon Technologies (107)
  • Deloitte (107)
  • Lumen Technologies (79)
  • Booz Allen Hamilton (71)
  • Nelnet (71)
  • Ryder (67)
  • Amazon (65)
  • Mindpoint Group (60)

North Carolina

  • Smx Corporation Limited (7)
  • Marriott International (4)
  • Deloitte (4)
  • MetLife (4)
  • Randstad (4)
  • Digital Technology Solutions (3)
  • Insight Global (3)
  • First Citizens Bank And Trust Company (3)
  • TEKsystems (3)
  • Truist Financial (3)

NC State Programs Relevant to this Career

If you are interested in preparing for a career in this field, the following NC State Online and Distance Education programs offer a great place to start!