Senior Product Manager - Security Testing

Senior Product Manager – Managed Security Testing Location: Vadodara Office Shift time:India shift hours Report to:SVPJob Description: As a Senior Product Manager of Managed Security Testing at VikingCloud, you will be responsible for the strategic planning, development, and execution of our offensive security testing services, including penetration testing as a service (PTaaS), vulnerability assessments, phishing simulations, social engineering testing, and specialized security assessments. You will own the product roadmap for VikingCloud's managed security testing portfolio, working closely with our internal security testing teams, third-party testing partners, and customers to deliver high-quality offensive security services that help merchants and financial institutions identify and remediate security weaknesses before attackers can exploit them. This role requires deep understanding of offensive security methodologies, industry certifications and frameworks (CREST, PTES, OWASP, PCI DSS ASV), and the ability to bridge technical security testing with compliance requirements. You will collaborate with cross-functional teams including security consultants, engineering, sales, and customer success to build scalable, automated testing platforms while maintaining the rigor and quality expected from professional security assessments. Your work will directly support customers' compliance programs (PCI DSS, SOC 2, ISO 27001) while providing actionable security insights that reduce risk.Responsibilities: Product Strategy & Vision:Develop and execute a comprehensive product strategy for VikingCloud's managed security testing services, including penetration testing, vulnerability assessments, web application testing, mobile app testing, API testing, phishing simulations, social engineering assessments, and automated testing. Define the product vision that balances automation and scalability with the technical rigor required for professional security testing. AI Security Testing (AISec):Develop testing methodologies and a comprehensive product strategy for Larege Language Models (LLMs) AI Agents, Chatbots, and other AI powered technologies. This includes an “AI Red Teaming” strategy and packages for testing the robustness of customer-facing AI applications. PTaaS Platform Development:Lead the development of VikingCloud's Penetration Testing as a Service (PTaaS) platform, creating modern delivery mechanisms that provide continuous testing, real-time reporting, seamless remediation tracking, and collaborative workflows between testers and customers. Define platform requirements for test scoping, scheduling, execution tracking, finding management, retesting, and certification delivery. Testing Methodology & Standards:Ensure all security testing services adhere to industry-recognized methodologies and frameworks including CREST standards, Penetration Testing Execution Standard (PTES), OWASP Testing Guide, NIST SP 800-115, and PCI DSS testing requirements. Maintain current knowledge of CREST accreditation requirements and ensure VikingCloud's services meet or exceed these standards. Define quality assurance processes for testing deliverables. Certification & Compliance Alignment:Build security testing services that directly support customer compliance requirements including PCI DSS (ASV scanning, segmentation testing, penetration testing), SOC 2 Type II (security testing evidence), ISO 27001, NIST frameworks, and industry-specific regulations. Position testing services as essential compliance components that provide both security value and audit evidence. Roadmap Planning & Prioritization:Create and maintain detailed product roadmaps for testing services and PTaaS platform capabilities. Prioritize features and service enhancements based on customer feedback, compliance requirements, competitive analysis, revenue potential, and operational efficiency gains. Balance automation initiatives with maintaining high-quality manual testing where required. Phishing & Social Engineering Programs : Develop comprehensive phishing simulation and security awareness testing capabilities including campaign management, template libraries, user tracking, training integration, and reporting dashboards. Create social engineering testing services including vishing, smishing, physical security testing, and pretexting scenarios tailored to different industries and threat models. Service Delivery & Scalability:Design service delivery models that enable VikingCloud to scale testing services efficiently while maintaining quality. Define when to use internal testers versus third-party partners, automation versus manual testing, and on-demand versus scheduled assessments. Create standardized testing packages for common use cases while allowing customization for complex environments. Vulnerability Management Integration:Integrate security testing services with VikingCloud's existing vulnerability scanning and management capabilities. Create workflows that enable customers to move seamlessly from continuous scanning to targeted penetration testing to remediation verification. Build unified vulnerability management dashboards that combine scan results, pen test findings, and remediation status.Qualifications: Bachelor's degree in computer science, cybersecurity, information security, or related technical field required; advanced degree (M.S. in Cybersecurity) or MBA is a plus. 15-20 years of experience in offensive security, penetration testing, or security consulting with at least 4-5 years in product management or service delivery leadership roles. Hands-on penetration testing experience including web applications, APIs, mobile applications, network infrastructure, wireless networks, and cloud environments. Direct experience conducting security assessments, not just managing testing programs. Deep understanding of offensive security methodologies and frameworks including CREST standards, Penetration Testing Execution Standard (PTES), OWASP Testing Guide, OWASP Top 10 and OWASP Top 10 for LLMs, SANS Top 25, and MITRE ATT&CK and ATLAS frameworks. Strong knowledge of CREST certification pathways and accreditation requirements including CREST Registered Tester (CRT), CREST Certified Tester (CCT), CREST Practitioner Security Analyst (CPSA), and CREST infrastructure, application, and specialist certifications. Understanding of how CREST accreditation differentiates testing services in the market. Professional security certifications strongly preferred including OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), GWAPT (GIAC Web Application Penetration Tester), CEH (Certified Ethical Hacker), or CREST certifications. Multiple certifications demonstrating breadth of expertise are highly valuable. Experience with compliance-driven security testing including PCI DSS penetration testing requirements (Requirement 11.4), PCI DSS Approved Scanning Vendor (ASV) program, SOC 2 security testing, ISO 27001 testing requirements, and other regulatory frameworks. Familiarity with penetration testing tools and platforms including Burp Suite, Metasploit, Cobalt Strike, Nmap, Nessus, OWASP ZAP, Kali Linux, and emerging automated testing tools. Understanding of when automation adds value versus when manual testing is required. Experience with AI-augmented security testing, managing the security of AI/ML pipelines, prompt engineering for security testing, and use of AI agents in automated vulnerability discovery. Knowledge of the EU AI Act, NIST AI Risk Management Framework, and other emerging AI regulations Experience with PTaaS platforms or building security testing delivery platforms. Understanding of modern testing workflows including continuous testing, API-driven integrations, real-time reporting, and collaborative remediation tracking. Product management experience defining product roadmaps, gathering requirements, working with engineering teams, and launching new capabilities. Proficiency with Agile development methodologies and product management tools. Strong understanding of web application architectures, APIs (REST, GraphQL), mobile platforms (iOS, Android), cloud environments (AWS, Azure, GCP), and modern development practices (DevOps, CI/CD) as they relate to security testing. Knowledge of vulnerability management, including vulnerability scoring (CVSS), prioritization frameworks, remediation workflows, and integration with ticketing systems and security information systems. Experience with phishing simulation platforms and security awareness training programs. Understanding of social engineering techniques and testing methodologies. Excellent technical writing skills with ability to create clear, actionable security assessment reports for both technical and executive audiences. Experience translating technical vulnerabilities into business risk. Customer-facing experience including scoping security assessments, conducting kickoff meetings, presenting findings, and providing remediation guidance. Ability to build trusted advisor relationships with CISOs and security teams. Strong analytical and problem-solving skills with ability to make data-driven decisions about product priorities, service delivery models, and resource allocation. Business acumen with understanding of services business models, pricing strategies, cost structures, and profitability drivers. Experience with revenue forecasting and financial planning for professional services.

Apply Now