Our deep dive will conclude with insights into career progression, emphasizing the certification's role as a catalyst for senior roles and specialized positions like Red Team Operators. Let's dive into the CompTIA PenTest+ certification salary and how you might benefit from it!
Overview of the CompTIA PenTest+ Certification
The PenTest+ certification is CompTIA’s intermediate-level cyber security certification focused solely on penetration testing. Certification attempters must pass one 165-minute exam with a score of at least 750 on a scale of 100-900. The certification exam consists of a maximum of 85 questions mixed between multiple-choice and performance-based questions.
PenTest+ covers a wide range of penetration testing knowledge points that guide students through the entirety of a penetration test lifecycle. These knowledge domains consist of:
- Planning and Scoping (14%)
- Information Gathering and Vulnerability Scanning (22%)
- Attacks and Exploits (30%)
- Reporting and Communication (18%)
- Tools and Code Analysis (16%)
Should you successfully pass the exam, the PenTest+ certification holds a three-year lifespan and can be renewed either with continuing education units (CEUs) or by passing the exam again.
What Does CompTIA PenTest+ Certification Prepare You For?
The PenTest+ certification can help prepare students for a variety of offensive-focused roles in cyber security. Let’s break down some of the job titles most closely aligned with PenTest+ knowledge domains.
Penetration Tester
Penetration testers are the backbone of the offensive cyber security world. Penetration Testers are tasked with assessing the security of an organization’s environment. They utilize a large variety of tools and methods to find vulnerabilities and attempt to exploit them. Penetration testers are also required to produce in-depth reports documenting findings or discoveries post-PenTest.
Vulnerability Analyst
Vulnerability Analysts can be in-house or even third-party team members who provide specific support to organizations in the area of vulnerability management. A vulnerability analyst are tasked with identifying and categorizing vulnerabilities or conducting scanning activities, both internally and externally. Vulnerability Analysts often have a wide range of security experience including both offensive and defensive knowledge.
Threat Intelligence Analyst
Threat intelligence analysts are tasked with researching and understanding active threats affecting organizations around the globe. Threat intelligence analysts are responsible for turning open-source or proprietary threat intelligence into actionable data that their organization can use to improve its security posture. This requires an understanding of offensive cyber security techniques that can be used against their network.
CompTIA PenTest+ Certification Salary and Job Opportunities
So you’ve achieved the PenTest+ certification, now what can you expect? Let's break down the different potential CompTIA PenTest+ certification salary ranges and job opportunities you could qualify for with an active PenTest+ certification.
Offensive security is a growing field in the cyber security industry and shows no signs of slowing. LinkedIn reports over 2,500 job advertisements containing “PenTest+” within the description.
However, as is the case with LinkedIn, there is quite a variety of postings that pull up, ranging from Red Team Engineers, Threat Detection Engineers, Intelligence Analysts, and of course, Penetration Testers. These positions also have a wide range of required experience tenures as well as other certifications, so we will need to be more focused on our research.
Before moving forward, we’d like to take a moment to discuss “experience” as a requirement for different positions. Some positions will ask specifically for prior work experience in that role. Others ask for industry experience, which could be any exposure to a security or IT position regardless of title (even a junior one). Some are asking for experience with a product, software, or skill that can be proven through means other than previous paid positions.
Penetration Tester
As this is a penetration testing-focused certification, let's focus primarily on the most common job title that PenTest+ could prepare one for: the role of a Penetration Tester. ZipRecruiter lists the average salary for a Penetration Tester to be roughly $116,000 USD annually in the United States.
This number looks fairly accurate, albeit a little on the high side. When searching “PenTest+” on Glassdoor, multiple Penetration Tester job advertisements were found, with many being around that estimated salary. However, those higher-paying penetration testing positions often required five or more years of experience.
One position out of Virginia required only three years of experience and requested only one or more offensive-focused certifications, within which PenTest+ was identified. This position advertised a salary of $61,000-$107,000 USD annually.
Penetration testing salaries can vary dramatically based on years of experience and higher-level certifications. Although ZipRecruiter has an above six-figure average, an applicant without further certifications and less than five years of experience is most likely not yet qualified for those positions at the high end of the pay scale.
Vulnerability Analyst
Vulnerability analysts are often newer to the field of offensive security, and many have a defensive security background. This allows an easier pivoting point into the offensive side of security as vulnerability analysts understand the implications of vulnerabilities within the environment.
ZipRecruiter reports the average salary for a vulnerability analyst to be around $72,500 USD annually, with a top of $128,000.
This is again accurate when looking at vulnerability analyst job postings on public boards like Glassdoor. One position found is a Vulnerability Assessment Analyst out of San Antonio, Texas, with an estimated salary range of $54,000-$82,000 USD annually. This position only requires three years of experience, and applicants hold a PenTesting certification.
Another vulnerability analyst position touted a salary of $57,000-$93,000 USD annually. This position required at least three years of security experience and had a list of applicable certifications, including PenTest+.
Threat Intelligence Analyst
Earning the PenTest+ certification doesn’t force one to move entirely into offensive security. Instead, certification holders can use their newfound offensive knowledge to enhance their defensive abilities. One perfect example of this is the position of a threat intelligence analyst, one who understands threats impacting the globe and helps prepare their organization to defend against them.
ZipRecruiter reports that a Threat Intelligence Analyst's average salary is just shy of $90,000 USD annually, with a top rate of $140,000 USD annually.
This job type proved to be the hardest to verify completely as many corporations have varying titles with ‘threat intelligence’ in them as well as even more variety in requirements. However, there were some job advertisements that proved useful.
One great example is a Cyber Intelligence Support Analyst for Booz Allen Hamilton advertisement requiring three years of experience and showcasing a salary range of $82,000-$186,000 USD.
Another posting for a Cyber Intelligence Lead Associate was found requiring PenTest+. However, this position did have higher requirements as well, such as the CISSP, and so a deeper threat intelligence position might require additional experience on top of the PenTest+.
CompTIA Pentest+ Compared
Now that we’ve discussed some of the potential CompTIA Pentest+ certification salaries and job opportunities let’s compare it to two of the other most popular pentesting certifications on the market: CEH and OSCP.
The CEH certification is a well-known penetration testing certification with mainstream name recognition. According to our research, the average salary for a CEH-certified professional was $78,139 on ZipRecruiter. It also had over 1,000 job postings on three of the top job advertisement boards. Currently, the CEH costs between $2,200 and $3,500, depending on course delivery options.
OffSec’s OSCP is known as the golden standard for penetration testing certifications on the market today. This fact is not lost on the job market, as the average salary reported by ZipRecruiter for OSCP is over $116,000. OSCP boasts over 2,000 job advertisements on LinkedIn and almost 800 on Indeed. OffSec offers prices between $1,600 and $5,500 for their courses.
PenTest+ | CEH ANSI | OSCP | |
Avr. Salary | $75,000 | $78,139 | $116,104 |
Indeed | 221 | 1,800 | 791 |
2,519 | 1,346 | 2,429 | |
Glassdoor | 99 | 1,022 | 494 |
Cyber Security Jobs | 7 | 92 | 30 |
Career Progression
Clearly, we have seen that the PenTest+ certification can positively impact your career and open up doors to great jobs. But, after you’ve achieved the certification and moved into one of these positions, what type of career progression could you look for afterward?
Senior Penetration Tester
One great path forward in the world of offensive security is pursuing a senior penetration tester role. These professionals deal with the most complicated offensive security tasks, including custom exploitation writing, managing a department, or focusing on a particular aspect of ethical hacking such as web app, cloud, or Active Directory.
Red Team Operator
Red Team Operators conduct penetration testing activities through the avenue of threat emulation. This means they attempt to conduct their tests without being detected by defensive tools or personnel.
Obviously, many more doors can be opened as your career progresses. However, a senior offensive role and/or more niche offensive roles like red teaming are both great avenues to continuing your career!
Further Education
PenTest+ holders can also use the taught knowledge domains as a jump-off point towards other certifications. Great choices in higher pentesting certifications can be found in OSCP and other hands-on lab-based exams.
Conclusion
The CompTIA PenTest+ certification can be a great stepping stone for security professionals to use in order to pursue a career in offensive security. The knowledge domains taught, job advertisement presence, and a potential for high salary marks make PenTest+ a great career-boosting certification.