1

Pen Testing Jobs in California (NOW HIRING)

Familiarity with SAST / DAST tools, pen testing and/or threat modeling * Security certifications (CISSP, Security+, CCSP) * Hands-on development experience; comfortable with Linux and AWS If this ...

... pen-testing - Operating system security - Mobile platform security such as Linux Android - Embedded security on embedded firmware - Automotive Security - Exploit mitigation techniques - Threat ...

Experience: * 4-8+ years in channel or alliances roles in a MSSP environment offering Pen Testing, MDR, SOC as a Service, and Security Engineering solutions * Experience working with VARs, national ...

Lead Security Engineer

San Francisco, CA · On-site

$200K - $300K/yr

Extensive experience with security across software and infrastructure-threat modeling, pen testing, secure CI/CD pipelines, cloud security, incident response. * Strategic mindset : Ability to ...

next page

Showing results 1-20

Pen Testing information

See California salary details

$9

$18

$30

How much do pen testing jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for pen testing in California is $18.89, according to ZipRecruiter salary data. Most workers in this role earn between $15.19 and $18.99 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Penetration Tester, and why are they important?

To thrive as a Penetration Tester, you need a solid understanding of network security, vulnerability assessment, and ethical hacking, often backed by a degree in computer science or cybersecurity and industry certifications like CEH or OSCP. Familiarity with tools such as Metasploit, Burp Suite, and Nmap, as well as various operating systems, is typically required. Strong analytical thinking, problem-solving skills, and effective communication set top performers apart when explaining findings to technical and non-technical stakeholders. These skills ensure that vulnerabilities are thoroughly identified and addressed, helping organizations protect critical data and systems.

What are some common challenges faced by penetration testers when working on client projects?

Penetration testers often encounter challenges such as limited timeframes to conduct thorough assessments, incomplete or outdated documentation from clients, and the need to clearly communicate technical findings to non-technical stakeholders. They may also face restrictions on testing certain systems due to business constraints or potential operational impact. Building trust with clients and ensuring testing activities do not disrupt critical services are also important aspects of the role.

What is the difference between Pen Testing vs Vulnerability Assessment?

AspectPen TestingVulnerability Assessment
PurposeSimulates attacks to identify exploitable vulnerabilitiesIdentifies and prioritizes security weaknesses
DepthIn-depth, targeted testingBroad, overview of vulnerabilities
CertificationsOSCP, CEH, GPENCISA, CISSP, CEH
Work EnvironmentHands-on, technical testingAnalysis and reporting

Pen Testing involves actively exploiting vulnerabilities to assess security defenses, while Vulnerability Assessment focuses on identifying and prioritizing potential weaknesses without exploiting them. Both are essential for a comprehensive security strategy but serve different roles in cybersecurity testing.

Is pen testing a good career?

Penetration testing, or pen testing, is a cybersecurity role focused on identifying vulnerabilities in systems and networks. It requires technical skills, knowledge of security tools, and often certifications like OSCP or CEH. The field offers high demand, competitive salaries, and opportunities for continuous learning, making it a strong career choice for those interested in cybersecurity.

What is pen testing?

Pen testing, short for penetration testing, is a cybersecurity practice where professionals simulate attacks on a computer system, network, or application to identify vulnerabilities that malicious hackers could exploit. The goal is to proactively find and fix security weaknesses before they can be used in real-world attacks. Pen testers use a variety of tools and techniques to mimic the methods of cybercriminals, and then provide detailed reports with recommendations for improving security. Organizations often conduct pen tests regularly as part of their overall security strategy.

How do I become a pen tester?

To become a penetration tester, you should gain a strong understanding of computer networks, operating systems, and security principles, often through a degree in cybersecurity, computer science, or related fields. Earning industry-recognized certifications such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH) can improve job prospects, and practical experience with tools like Kali Linux, Metasploit, and Wireshark is essential.

What qualifications do you need to be a pen tester?

To become a penetration tester, candidates typically need a strong understanding of networking, operating systems, and security principles, along with proficiency in scripting and using security tools. Relevant certifications such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) are highly valued. Practical experience through labs, internships, or hands-on projects is also important for demonstrating skills in identifying vulnerabilities and exploiting security flaws.

How much can you make pen testing?

Penetration testers typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Senior roles or those with specialized skills in tools like Kali Linux or Metasploit can earn higher salaries, especially in high-demand industries or regions with a strong cybersecurity market.
What cities in California are hiring for Pen Testing jobs? Cities in California with the most Pen Testing job openings:

Sales Engineer

Clover Security

San Francisco, CA • On-site

Full-time

Posted 25 days ago


Job description

Description
We're Clover Security.
We're building the future of product security. Our mission is to enable both humans and AI to build secure-by-design software, at scale, without slowing innovation.
We're backed by $36M from Team8, Notable Capital, and SVCI, and trusted by multiple Fortune 500 companies.
But funding and logos don't define us. People do.
Our About us page offers a real look at our culture, our values, and the people behind the product.
This is where you come in.
We're looking for a Sales Engineer (SE) to own the technical side of the customer journey, from initial discovery and demos to proof-of-value, onboarding, and expansion.
In this role, you'll work directly with customers and prospects to understand their application security needs and map them to our product. You'll help teams deploy the product and realize value quickly.
This role is based in San Francisco and ideal for someone who is customer-obsessed and excited to work in a high-ownership environment, where you'll influence product direction, GTM strategy, and the overall customer experience.
Requirements
What you'll do
  • Partner with Account Executives to run technical discovery, qualify opportunities, and define success criteria.
  • Deliver compelling live demos and technical presentations to engineers, security teams, and leadership.
  • Lead proof-of-concepts.
  • Translate customer pain points into actionable feedback for product and engineering teams.
  • Create and maintain technical enablement content including demo scripts, deployment guides, competitive notes, and FAQs.
  • Represent the voice of the customer and help shape messaging, positioning, and roadmap priorities.

What we're looking for
  • Startup mindset and a deep sense of ownership
  • Strong technical background in modern software development
  • Hands-on development experience; comfortable with Linux and AWS
  • Excellent communication skills with both technical and non-technical stakeholders
  • Must have experience working as part of an account team selling to external customers
  • Ability to manage multiple priorities while not sacrificing attention to detail

Nice to have:
  • Experience with Azure and/or GCP
  • Familiarity with SAST / DAST tools, pen testing and/or threat modeling
  • Security certifications (CISSP, Security+, CCSP)
  • Hands-on development experience; comfortable with Linux and AWS

If this role excites you - even if you don't check every box - we'd love to hear from you.