29 Honest Ethical Hacker Salaries
Think hacking is just for the bad guys? Think again. Ethical hackers, also known as white-hat hackers, are security pros who break into systems so they can fix them. They think like cybercriminals to find weaknesses before real attackers do.
As cyber threats grow more complex (and expensive), companies are scrambling to hire people who can outsmart the bad actors. That’s why ethical hackers are in high demand—and getting paid accordingly.
But what is the average salary of an ethical hacker? Job sites toss around big numbers, but they don’t always reflect the full picture. Let’s break down what ethical hackers do, what skills and certs employers look for, and how much you can expect to earn based on your experience, location, and role.
What is an Ethical Hacker?
An ethical hacker is a cybersecurity professional who uses their skills to test and strengthen an organization’s defenses. Their job is to simulate the kinds of attacks a malicious hacker might try—whether that’s probing for vulnerabilities in a web app, attempting to breach a network, or identifying weak points in an employee’s access permissions.
But the goal isn’t chaos, it’s protection. Ethical hackers operate with permission, working closely with IT teams, compliance leads, and executives to uncover and fix system vulnerabilities. They document their findings in detailed reports and help prioritize what needs to be fixed.
This role requires a deep understanding of system architecture, networking protocols, encryption, and the creative thinking that makes a hacker dangerous—but in this case, for good. Many ethical hackers rely on tools like Metasploit, Burp Suite, or Kali Linux to work efficiently.
You might not always see “ethical hacker” in a job title. Roles like penetration tester, red team operator, security consultant, or offensive security engineer all fall under this umbrella, with varying scope and responsibility.
29 Honest Salaries for Ethical Hackers
Ethical hacking might sound like a niche role, but the salary potential is anything but limited.
To get a clear picture of what ethical hackers actually earn, we analyzed salary data from sources like Glassdoor, ZipRecruiter, and Levels.fyi. We focused on base salaries for hands-on roles in penetration testing, red teaming, and offensive security, not numbers inflated by executive-level salaries or stock-heavy tech perks.
The table below shows the salary ranges of ethical hackers in 29 major U.S. cities. These numbers reflect full-time roles in organizations where ethical hacking is a core responsibility.
City / State | Low-End Salary | Average Salary | High-End Salary |
San Francisco, CA | $115,000 | $150,000 | $175,000 |
San Jose, CA | $110,000 | $145,000 | $170,000 |
Seattle, WA | $105,000 | $140,000 | $165,000 |
New York, NY | $102,000 | $138,000 | $160,000 |
Boston, MA | $100,000 | $135,000 | $158,000 |
Los Angeles, CA | $98,000 | $132,000 | $155,000 |
Washington, DC | $96,000 | $130,000 | $153,000 |
San Diego, CA | $94,000 | $128,000 | $150,000 |
Austin, TX | $92,000 | $126,000 | $148,000 |
Chicago, IL | $90,000 | $124,000 | $145,000 |
Denver, CO | $88,000 | $122,000 | $143,000 |
Atlanta, GA | $86,000 | $120,000 | $140,000 |
Portland, OR | $85,000 | $118,000 | $138,000 |
Dallas, TX | $84,000 | $117,000 | $137,000 |
Charlotte, NC | $83,000 | $116,000 | $136,000 |
Philadelphia, PA | $82,000 | $115,000 | $135,000 |
Minneapolis, MN | $81,000 | $114,000 | $134,000 |
Salt Lake City, UT | $80,000 | $113,000 | $132,000 |
Phoenix, AZ | $79,000 | $112,000 | $130,000 |
Raleigh, NC | $78,000 | $110,000 | $128,000 |
Tampa, FL | $77,000 | $108,000 | $126,000 |
Miami, FL | $76,000 | $107,000 | $125,000 |
Pittsburgh, PA | $75,000 | $106,000 | $124,000 |
Cincinnati, OH | $74,000 | $105,000 | $122,000 |
Columbus, OH | $73,000 | $104,000 | $121,000 |
Indianapolis, IN | $72,000 | $103,000 | $120,000 |
St. Louis, MO | $71,000 | $101,000 | $118,000 |
Cleveland, OH | $70,000 | $100,000 | $117,000 |
Orlando, FL | $69,000 | $99,000 | $115,000 |
Ethical hacker salaries follow a familiar tech pattern: the bigger the tech hub, the bigger the paycheck. Cities like San Francisco, San Jose, and Seattle sit at the top of the pay scale, with average salaries between $140,000 and $150,000. These markets tend to offer higher compensation to offset the cost of living and to attract top-tier talent in a competitive security landscape.
But you don’t have to live on the West Coast to earn well. East Coast cities like New York, Boston, and Washington, DC also offer strong salaries, especially for roles in finance, healthcare, and government. Even secondary markets like Austin, Chicago, and Denver offer six-figure averages, thanks to growing demand for skilled offensive security pros.
Some other insights we noticed in the data:
Pay Gaps Widen at the Top: High-end salaries in cities like San Francisco and New York can be $40,000 or more above mid-tier markets.
Cost of Living Matters: Earning $120K in Cleveland may be more comfortable than $140K in Seattle, so total compensation should always be viewed in context.
Talent Mobility Is Shifting: Remote-friendly companies are increasingly willing to pay near-hub rates for strong candidates, regardless of geography.
Salary Considerations for Ethical Hackers
While location plays a big role in what ethical hackers earn, it’s far from the only factor. The type of work you do, your industry, and even your ability to work remotely can significantly influence your paycheck. Here are a few other things that can drive up your take-home pay:
Security Clearance Can Boost Pay: Government, defense, or contractor roles supporting federal agencies often require a security clearance, which typically comes with higher salaries to match the added responsibility and clearance maintenance.
Industry Matters: Ethical hackers in finance, defense, or managed security services usually earn more than those in education, nonprofits, or small internal IT teams. High-stakes industries tend to pay more for proactive defense.
Team Role Affects Compensation: Red teamers and offensive security specialists earn more than general security analysts. If you’re actively emulating adversaries and breaking systems to test defenses, you’re likely at the top of the pay scale.
Remote Readiness Is an Advantage: Companies increasingly look for self-directed ethical hackers who can work independently from anywhere. If you’ve proven you can deliver results remotely, you may be able to command higher pay without relocating.
How Experience Impacts Ethical Hacker Salary
Ethical hacker salaries tend to scale quickly with experience, especially for professionals who continue building advanced skills and taking on more responsibility.
Entry-Level (0–2 Years)
Early-career ethical hackers typically earn between $70,000 and $90,000. These roles often involve assisting with vulnerability scanning, learning the tools of the trade, and supporting more experienced penetration testers. During this time, you'll build hands-on skills, get comfortable with reporting processes, and start earning foundational ethical hacker certifications.
Mid-Level (3–5 Years)
At this stage, salaries jump to around $90,000 to $120,000. Mid-level ethical hackers are usually responsible for conducting full-scope penetration tests, writing detailed reports, and presenting findings to leadership. Many also mentor junior staff and contribute to improving the organization’s overall security posture.
Senior-Level (6+ Years)
Experienced professionals can make $120,000 to $170,000 or more. Senior ethical hackers often lead red teams, design offensive testing strategies, and advise on enterprise-wide risk management. These roles demand deep technical expertise, strong communication skills, and often include leadership or client-facing responsibilities.
Must-Know Tools for Ethical Hackers
Behind every skilled ethical hacker is a toolkit full of powerful platforms, scripts, and environments. These tools help uncover vulnerabilities, automate tasks, and streamline reporting, distinguishing between a good test and a great one.
Pen Testing and Recon
The offensive toolkit often starts with staples like Metasploit for exploitation, Nmap for port scanning, and Nessus for vulnerability assessments. Tools like Burp Suite and Nikto are popular for probing web apps, while Aircrack-ng is a go-to for wireless testing and cracking Wi-Fi networks.
Operating Systems and Platforms
Most ethical hackers rely heavily on Kali Linux or Parrot OS, both designed specifically for security testing. But fluency in Windows environments—especially when testing Active Directory setups—is also essential, as many enterprise networks are Windows-heavy.
Scripting and Automation
Knowing how to automate tasks makes a huge difference in both efficiency and effectiveness. Python is the dominant scripting language in offensive security, but Bash and PowerShell are also critical for automating recon, exploitation, and post-exploitation tasks across systems.
Reporting and Collaboration
No penetration test is complete without clear documentation. Tools like Dradis and Markdown help structure findings, while custom scripts are often used to generate repeatable output. For collaboration and project management, many teams rely on Git, Jira, and Confluence to keep workflows organized and version-controlled.
Must-Have Certifications for Ethical Hackers
Certifications can help ethical hackers stand out, especially if you’re looking to transition into offensive security or move up the salary ladder. Below are the most respected certifications in the field, along with who they’re best suited for.
Certified Ethical Hacker (CEH)
The CEH is one of the most well-known entry-level certifications in ethical hacking. It covers the basics of penetration testing, reconnaissance, malware, social engineering, and common vulnerabilities. While not highly technical, it’s helpful in building foundational knowledge and meeting compliance requirements in government or corporate environments. Ideal for early-career professionals or IT folks pivoting into security.
Offensive Security Certified Professional (OSCP)
The OSCP is a hands-on, performance-based certification that requires you to exploit real machines in a controlled lab setting. It tests your ability to think like a hacker by gathering intel, finding vulnerabilities, and chaining attacks to gain access. This certification is a rite of passage for many mid-level ethical hackers and is highly respected by employers.
GIAC Penetration Tester (GPEN)
The GPEN is geared toward ethical hackers working in regulated or government environments. It covers everything from password attacks to exploitation techniques, as well as legal considerations and reporting. It’s a strong option for mid- to senior-level professionals in defense, federal contracting, or any organization following NIST or DoD 8570 guidelines.
CompTIA PenTest+
PenTest+ is a good entry-to-mid-level cert that sits between CEH and OSCP in terms of difficulty. It covers planning, scoping, exploiting, and reporting findings from penetration tests. It’s also vendor-neutral, making it a good choice for generalist roles or for security pros looking to expand their offensive skills.
Certified Red Team Professional (CRTP)
CRTP focuses specifically on Active Directory exploitation—a must-have skill for enterprise red teamers. It’s hands-on and practical, with scenarios that simulate real-world adversary tactics. This cert is great for mid- to senior-level ethical hackers looking to deepen their enterprise-focused skills or break into red teaming.
How to Increase Your Salary as an Ethical Hacker
Whether you’re chasing your first six-figure offer or looking to break into senior roles, there are clear strategies that can help boost your earning potential as an ethical hacker.
Earn Advanced Offensive Security Certifications
Once you’ve mastered the basics, leveling up with certifications like OSCP, CRTP, or even GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) can open the door to higher-paying roles. These credentials signal deep technical ability and real-world skill, which translates directly into salary leverage.
Get Red Team or Adversary Emulation Experience
Red teaming is one of the most lucrative areas within ethical hacking. If you can plan and execute simulated attacks that mimic real-world threat actors, employers will pay more, especially in enterprise environments where business risk is high.
Learn Scripting and Automation
Writing custom tools or automating parts of the testing process can set you apart from others in the field. Proficiency in Python, Bash, or PowerShell not only makes you more efficient— it shows you can scale your impact across large, complex environments.
Publish or Contribute to Open Source
Publishing research, writing blog posts, or contributing to open-source security tools can raise your profile in the ethical hacking community. It demonstrates thought leadership and initiative—two qualities that hiring managers (and recruiters) love to see.
Specialize in High-Value Areas
Specializations like application security, cloud penetration testing, and OT/ICS environments are in high demand and short supply. If you can demonstrate expertise in these areas, you’re likely to command a higher salary than a generalist.
Target High-Stakes Industries
Sectors like defense, healthcare, and fintech face higher levels of risk and regulation, and they pay accordingly. If you’re looking to maximize your income, consider applying your skills in industries that can’t afford to get hacked.
Conclusion
Ethical hackers do some of the most critical work in cybersecurity: identifying weaknesses before attackers can exploit them. And in today’s high-stakes digital world, that work is more valuable than ever.
As this salary data shows, ethical hackers in major tech hubs can earn well into six figures—but with the right experience, tools, and certifications, strong salaries are within reach no matter where you’re based. Factors like industry, clearance level, specialization, and hands-on skills can all affect how much you earn.
CBT Nuggets offers training for many of the ethical hacker certifications and skills covered in this guide. Whether you're just starting out or aiming for your next promotion, the right training can help you get there faster—and with a bigger paycheck.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.