Which jobs can one get with an OSCP certification?
Although OSCP is an entry-level certification, it sets the foundation for a successful career in penetration testing. Here are some of the best opportunities.
Summary: OSCP is a widely respected and highly specialized certification that can open new niches in information security. The certification’s true value lies either in getting an entry-level job in cybersecurity or demonstrating the required skills for placement in advanced penetration testing.
The Offensive Security Certified Professional (OSCP) is a highly specialized credential aimed at information security professionals interested in making a career in ethical hacking and penetration testing. However, despite being an entry-level certification in offensive security, candidates are expected to have considerable experience in the broader field of information security.
Becoming an OSCP or a Certified Ethical Hacker (CEH) is typically the first stage of the career path for penetration testing. However, before embarking on this career path, candidates should have a thorough grounding in information security and network administration and at least a basic level of knowledge of scripting and programming. As such, it is strongly recommended that candidates have two or more years of experience in a related field and have acquired an entry-level certification like Network+ or Security+.
Without these recommended prerequisites, candidates are unlikely to pass the OSCP exam. Even if they do pass, it is unlikely that they will get a job in penetration testing if they only hold the OSCP certification by itself. That said, becoming an OSCP is an important entry point into penetration testing, which itself is a highly lucrative and in-demand domain of information security.
Here are some of the job roles where OSCPs are most sought after:
Starting with the most obvious, most OSCP certificate holders become penetration testers. A penetration tester either works in the capacity of a part- or full-time employee or on a freelance basis. Smaller organizations often work with freelancers or third parties since they rarely need a full-time penetration tester. For example, they may hire a penetration tester to identify vulnerabilities before rolling out a new software product or service. Project-based penetration test pricing can range from anywhere between $4,000 and $15,000 per test.
On the other hand, larger tech-heavy companies may hire penetration testers long-term, with full-time salaries in the US for OSCPs averaging $93,000 per annum. Among the most widely available full-time job opportunities for accredited penetration testers are those in IT service companies, such as managed security services providers (MSSPs). However, these placements do not tend to be as well-paid and are often especially in demand because they involve serving multiple clients.
Given the widening security skills gap, especially in the case of smaller organizations, there is an enormous and growing demand for information security professionals who offer consultancy services. Offering guidance, such as remediation advice and report writing, is also a large part of a penetration tester’s role.
As businesses shift their focus from conventional and largely reactive security measures to proactive approaches like ethical hacking and penetration testing, the demand for professional consulting services grows. For those already involved in managerial and consulting roles, earning the OSCP certification lends further credibility and even opens up opportunities for starting a business in penetration testing. Security consultants in the US earn an average of $99,000 per annum.
Although penetration testing goes beyond the scope of conventional security auditing, those with only an OSCP credential and perhaps a generalist entry-level cybersecurity credential may find it easier to get a job as a security systems auditor. Those already working in the field of security auditing are often prime candidates for the OSCP credential.
Security auditing is more generalist than penetration testing, but that does not mean it is not still a challenging and well-paid job. Average salaries for security auditors are $90,000 per year in the US. While such job placements do not typically require applicants to have an OSCP certification, having one can make them more employable and lead to significantly improved salaries.
Security engineers go beyond testing, auditing, and consulting to developing solutions to meet an organization’s information security requirements. This can also include testing new security features, planning and implementing upgrades, troubleshooting and remediation, and responding to security incidents. Security engineers who focus on offensive security measures may even be trained in exploit development.
Those interested in advancing their ethical hacking careers after getting the OSCP may want to consider getting an entry-level placement in security engineering. The average base salary in the broader field of security engineering is $93,000. However, it is unlikely that job seekers will be hired as security engineers with the OSCP alone.
How to advance beyond OSCP
The OSCP credential is Offensive Security’s entry-level certification, and earning it is a golden ticket into penetration testing jobs worldwide. However, those interested in taking their careers even further have plenty of options to choose from.
Offensive Security offers two further penetration testing certifications – Wireless Professional (OSWP) and Experienced Penetration Tester (OSEP). They also offer even more specialized certifications in web application exploitation (OSWE) and exploit development for Windows, macOS, and advanced Windows (OSED, OSMR, and OSEE, respectively). Those who have attained these lofty heights can expect to earn salaries reaching $200,000 per year.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.