Market update: Penetration Tester demand and salary in Australia, 2022

The pandemic undoubtedly added rocket fuel to the levels of cyber crime, with ransomware and data theft being the forerunners. As a result, businesses are seeking cyber professionals in-house and as contractors en masse. 

Recent research commissioned by CyberCX and conducted by independent think tank, Per Capita, reveals there will be a staggering lack of qualified cybersecurity professionals over the next four years, to the tune of 30,000 unfilled positions nationwide.

If a future in penetration testing has been calling you – now is the time to act.

What do Pen Testers do?

Penetration Testers, often referred to as ‘Pen Testers,’ are responsible for running pre-planned and authorised simulations of cyber attacks, carried out on IT infrastructures to evaluate current levels of security. 

Running such a simulation can reveal any system vulnerabilities which need addressing to bolster the framework and make it more resilient against hackers.

This proactive approach to cyber security can involve using a range of hacking tools and techniques, with the pen tester acting in the role of hacker in an attempt to find any system holes that a real cyber-crime could exploit. 

Pen Testers need to document their entire process to develop a penetration test report, which can be shared with relevant stakeholders to highlight the current state of security and where different levels of action or monitoring are required. 

Daily responsibilities will vary depending on the industry and organisation, but some common tasks include:

• Researching different attack strategies and tools
• Reviewing code for potential vulnerability 
• Automating testing approaches to increase efficiency
• Ongoing documentation of any compliance threats
• Development of pen testing methods
• Conducting ongoing testing after security improvements 
• Generating reports of findings 

Are penetration testers in demand in Australia?

It is anticipated that an additional 16,600 cyber security professionals will be needed nationally by 2026, including Penetration Testers.

The table below demonstrates the cyber security workforce need and shortfall forecast for Australia by 2026.

Penetration tester salary in Australia

As with many occupations there are a range of factors that can impact earning capacity such as experience, location, training and qualifications.

The average annual salary for Penetration Tester jobs in Australia ranges from $120,000 to $170,000, with Canberra, Sydney and Melbourne based roles being the highest paid.

Be mindful that we are talking in-house positions and there are likely many that can be performed remotely, from wherever you’re located.

Junior pen tester salary

Depending on the industry and organisation, some entry level Pen Tester salaries can start at around the $90,000 mark.

Senior pen tester salary

Those with more industry experience can command salaries of $175,000 and up as Penetration Testers. 

Can penetration testers work as a freelancer?

Yes. Freelancing can provide freedom and flexibility, but it isn’t recommended as a starting point for your pen testing career. By taking on in-house positions within cyber security, you will gain a breadth of experience, meet a range of people within the industry and ultimately ‘cut your teeth’ with the pros. Venturing into freelance before establishing a solid foundation can prove to be a lot more challenging, as you will likely not have the industry contacts, which can be helpful when securing your initial clients. 

What skills do you need to be a penetration tester?

First and foremost, a willingness to be continually learning is an important attribute for anyone wishing to delve into the world of penetration testing, or cyber security in general. 

The playing field is forever changing, requiring constant research and investigation. Specifically, key skills include knowledge and a working understanding of:

• Coding
• Programming languages (Python, Ruby, Java, Perl, BASH)
• IT security technologies
• Threat modelling 
• Penetration testing management platforms
• Computer networks and capabilities
• Components of different networks
• Security assessment tools
• Remote access technologies
• Vulnerabilities and exploits beyond tool suites

In addition to the above skills, it’s also important to have excellent communication skills, both written and verbal, so you can present your findings effectively and with impact to all relevant stakeholders. 

Similar specialisations and career paths

• Information security analyst
• Security software developer
• Security architect
• Security engineer

How to become a penetration tester Australia

Ensuring you have industry-ready skills is definitely required to break into penetration testing. While it is not uncommon for pen testers to have tertiary qualifications, such as a Bachelor of IT or computer science, it’s actually hands-on industry experience that will be appealing to most employers.

By fast-tracking your training with industry-built, practical and outcomes-focused courses, you will graduate job-ready in a fraction of the time it would take you to complete a degree, getting you out into the working world at pace.

Our Cyber Security Engineering: Transform course will ensure you are equipped with the skills needed to enter the world of penetration testing with confidence. The course can be completed part-time in 10 months, with practical learning, expert mentoring and 1:1 career coaching.

If you have any questions, our experienced team is here to discuss your training options. Speak to a course advisor and take the first steps in your penetration testing journey.