The median ethical hacking salary in the US is around $105,000 — but that figure is almost useless on its own. Entry-level penetration testers at mid-size consultancies are pulling $65K–$75K. Senior red teamers at defense contractors and cloud security firms routinely clear $150K–$180K. Bug bounty hunters who specialize in critical infrastructure vulnerabilities can make more than that in a good quarter.
If you're trying to figure out whether this career path pays what you've heard, or whether a specific certification actually changes your salary band, this guide gives you concrete numbers and explains what actually drives them.
Ethical Hacking Salary Ranges by Role and Experience
The term "ethical hacker" covers several distinct job titles, each with its own compensation range. Don't conflate them — they require different skills and sit at different levels in security organizations.
Entry-Level: Junior Penetration Tester / Security Analyst
Most people start here after completing a certification like CEH or CompTIA Security+ and doing some CTF work or a home lab. Salaries typically run $60,000–$80,000 in the US. Remote-first roles from larger consultancies sometimes start higher, around $75K–$85K, because they draw from a national candidate pool. Government contractor roles (requiring clearance) tend to pay $5K–$15K more than comparable private sector positions at this level.
Mid-Level: Penetration Tester / Red Team Analyst
With 3–5 years of experience and a track record of completed engagements, you're looking at $90,000–$125,000. At this stage, certifications like OSCP (Offensive Security Certified Professional) and CEH v12/v13 start mattering more concretely — not because HR requires them, but because they demonstrate you can actually execute structured assessments, not just run automated tools. Specializing in web application pentesting, mobile, or cloud (AWS/Azure/GCP attack paths) pushes you toward the top of this band.
Senior / Lead: Senior Penetration Tester, Red Team Lead
Senior roles at consultancies or in-house security teams pay $120,000–$160,000. Lead positions managing junior testers or running full red team operations — particularly at financial institutions, healthcare networks, or defense firms — can reach $170,000–$185,000 with bonuses. At this level, you're often scoping engagements, writing client-facing reports, and presenting to C-suite. Technical skill is table stakes; communication ability becomes the differentiator.
Specialized Roles That Pay Above Average
- Exploit Developer: Writing novel exploits, not just running existing ones. Rare skill. $140K–$200K+.
- Vulnerability Researcher: Finding zero-days in software, often for CVE credits or bug bounty programs. Compensation varies wildly — $80K salary plus six-figure bounty payouts is not unusual.
- Bug Bounty (Full-Time): Top 1% of HackerOne and Bugcrowd researchers earn $300K–$500K/year. The median full-time bug bounty hunter earns significantly less — treat this as an income supplement until you're consistently hitting critical findings.
- Cybersecurity Consultant (Independent): Bill rates of $150–$350/hour are realistic for experienced testers. The catch: you're spending 20–30% of your time on business development, contracts, and admin.
What Actually Moves Your Ethical Hacking Salary
Three factors matter more than anything else: certifications, specialization, and sector. In that order, roughly.
Certifications: Which Ones Pay Off
The CEH (Certified Ethical Hacker) is the most widely recognized entry credential and is often listed in job postings as a requirement — particularly for government and defense roles. Holding a CEH v13 versus no cert can be worth $8K–$15K at the entry level, simply because it clears automated resume filters.
OSCP is where serious practitioners separate themselves. It's harder to obtain, requires hands-on lab work, and is respected by practitioners rather than just HR departments. A researcher at Burning Glass found OSCP-listed jobs had median salaries roughly 20% higher than CEH-only postings. If you're past the entry stage, OSCP is the better investment.
Other certs worth knowing about:
- GPEN (GIAC Penetration Tester): Highly regarded, expensive ($2,499 for the exam alone), common in enterprise security roles.
- eJPT (eLearnSecurity Junior Penetration Tester): Good entry-level proof of practical skill, inexpensive. Doesn't carry the brand weight of CEH but demonstrates you can actually do the work.
- PNPT (Practical Network Penetration Tester): TCM Security's cert, well-regarded in practitioner communities, realistic exam structure. Growing in recognition.
Sector: Government vs. Private vs. Consulting
Government and defense (with clearance) consistently pays 10–20% above comparable private sector roles at the same experience level. Healthcare and financial services are the highest-paying industries for in-house security — both are heavily regulated and can't afford breaches. Consulting pays well but involves more travel and client variability. Startups typically pay less base but sometimes offer equity that matters if they exit.
Location and Remote Work
San Francisco, Seattle, New York, and DC metro (especially Northern Virginia for cleared positions) pay 20–40% more than national median. Fully remote roles from large security firms increasingly pay national market rates regardless of where you live, which has compressed geographic premiums somewhat — but not eliminated them for senior roles.
Top Courses for Building an Ethical Hacking Career
These courses are ranked by how directly they map to the skills employers test for in interviews and the certifications that move salary needles.
CEH v13 Certified Ethical Hacker Realistic Practice Exams
The CEH exam is notoriously scenario-heavy and requires knowing EC-Council's specific terminology — knowing the concepts isn't enough. These practice exams replicate the real question style and difficulty, which makes them more useful for actually passing than most conceptual courses. Rating: 9.4/10 on Udemy.
Cybersecurity & Ethical Hacking: Mastering the Basics
A solid starting point if you don't yet have a networking and Linux foundation — it covers the actual prerequisites (TCP/IP, basic exploitation concepts, Kali Linux setup) that other courses assume you already know. Rating: 9.2/10 on Udemy.
Advanced Ethical Hacking: Hands-On Training
Once you've cleared the basics, this course focuses on real engagement techniques: post-exploitation, lateral movement, privilege escalation — the areas that separate testers who can run Nmap from those who can actually complete an assessment. Rating: 9/10 on Udemy.
Recon for Bug Bounty, Penetration Testers & Ethical Hackers
Reconnaissance is where most engagements succeed or fail, and it's consistently underemphasized in generic courses. This one covers passive and active recon methodologies that apply equally to formal pentests and bug bounty programs. Rating: 9/10 on Udemy.
Ethical Hacking Capstone Project: Breach, Response, AI
A Coursera capstone that simulates a full engagement from initial access through breach response — including how AI tooling is changing both attack and defense. Good for building a portfolio project you can actually discuss in interviews. Rating: 8.7/10 on Coursera.
Getting Your First Ethical Hacking Job
The single biggest obstacle for entry-level candidates isn't technical knowledge — it's demonstrating practical capability without professional experience to point to.
The things that actually work:
- TryHackMe and HackTheBox: Both platforms track your completion history. A top 1% TryHackMe profile or a list of completed HackTheBox machines carries real weight with technical hiring managers. Screenshot your progress and put it on your resume.
- CTF competitions: Capture The Flag competitions are free, team-based, and generate writeups you can post publicly. A GitHub or personal blog with two or three detailed CTF writeups demonstrates you can think through problems and communicate solutions — the two things entry-level interviewers are evaluating.
- Home lab: Running a basic virtual lab with Kali, Metasploitable, and a vulnerable Windows VM costs nothing and lets you practice techniques legally. Document it.
- Bug bounty programs: Programs on HackerOne and Bugcrowd accept new researchers. Even a single accepted finding — even a low-severity one — is something concrete to point to. It shows you went beyond coursework.
For the resume: list your certifications prominently, include a "Tools" section with specific tools (Metasploit, Burp Suite, Nessus, Nmap, Wireshark), and link to your TryHackMe profile or GitHub. Don't list "ethical hacking" as a skill without specifics — it means nothing to a technical screener.
FAQ
What is the average ethical hacking salary?
In the US, the average salary for roles that primarily involve penetration testing and ethical hacking sits around $100,000–$110,000 annually, based on aggregated data from BLS, LinkedIn, and Glassdoor. This includes mid-career professionals. Entry-level starts at $60K–$80K; senior roles reach $150K–$185K.
Does a CEH certification increase your salary?
Yes, particularly at the entry level and for government/defense roles where it's listed as a requirement. The salary bump from CEH versus no cert is estimated at $8K–$15K for junior positions. However, OSCP tends to unlock higher salary bands for those with 2+ years of experience because it's harder and more respected by practitioners.
Is ethical hacking a good career in 2026?
The demand side is real — the BLS projects 33% growth for information security analyst roles through 2033, well above the average for all occupations. Ethical hacking specifically is a subset of that, and organizations that have had breaches (or are trying to prevent them) hire testers regularly. The field isn't recession-proof, but it's more stable than most tech specializations because security is a compliance requirement, not an optional feature.
How long does it take to get an ethical hacking job?
With a dedicated study schedule and no prior IT background, most people take 12–18 months to reach the point where they can pass a CEH exam and present a credible interview profile. Those coming from a networking or sysadmin background often get there in 6–9 months. There's no shortcut around the hands-on practice component — courses alone don't prepare you for technical interviews.
Can you make six figures doing bug bounty?
Some researchers do, but it's not a reliable income source for most people. The top 1% of earners on platforms like HackerOne report six-figure annual earnings. The median active researcher earns far less. Bug bounty is best treated as an income supplement and a credentialing tool early in your career, not a primary income source until you have a track record of high-severity findings.
What's the difference between a penetration tester and an ethical hacker?
In practice, very little — both terms describe professionals who test systems with authorization to find vulnerabilities before attackers do. "Penetration tester" is the more common job title in corporate and consulting contexts. "Ethical hacker" is broader and sometimes includes bug bounty researchers and vulnerability researchers who aren't conducting formal engagements. For salary purposes, the role and employer matter more than the title.
Bottom Line
Ethical hacking is one of the few technical fields where an online certification genuinely changes your earning potential — but only if you pair it with hands-on work. A CEH plus documented lab work and a TryHackMe profile gets you in the door at $65K–$80K. OSCP plus 3 years of engagement experience gets you to $110K–$140K. Specializing in cloud security attack paths or exploit development gets you to $160K+.
The courses that are worth your time are the ones that require you to actually do something, not just watch someone else do it. Start with the fundamentals if you don't have a networking background, move to the CEH v13 practice material if you're targeting that cert next, and build toward a capstone project you can discuss in an interview. The salary is real — but it follows demonstrated capability, not just a completed course completion badge.