Product Manager (Mid-Level) – Offensive Security & Vulnerability Lifecycle Products

About the Role

We are looking for a Product Manager who will help define and drive our product suite across Vulnerability Management (VM) , Attack Surface Management (ASM) , and Adversarial Exploit Validation (AEV) . You will collaborate with engineers, penetration testers, security operations experts, and customer stakeholders to build and maintain platforms that identify, prioritise, and validate real-world riskshelping organizations reduce exposure across their entire attack surface.

This role is ideal for a PM who understands offensive security methodologies but can think strategically about how to productize complex security capabilities in an enterprise-grade platform.

Key Responsibilities

Product Strategy & Roadmap

• Own the product roadmap for vulnerability Management, Attack Surface management, and AEV capabilities, ensuring alignment across discovery, prioritization, remediation, and validation workflows leading into CTEM vision
• Define product vision for unified exposure managementintegrating asset discovery, vulnerability intelligence, exploitability assessment, validation automation, and risk scoring.
• Stay current on threat landscape trends, attacker TTP evolution, emerging vulnerabilities in industry, and industry frameworks (e.g., MITRE ATT&CK, EPSS, CVSS, SBOM standards).

Customer & Market Insights

• Deeply understand how security teams operate: vulnerability analysts, red teamers, SOC analysts, exploit researchers, and platform owners.
• Conduct research with users to understand challenges in asset discovery, shadow IT exposure, vulnerability prioritization, remediation workflows, and exploit validation.
• Analyze competitive solutions across Vuln Management, ASM, and adversarial testing markets to identify gaps and differentiation opportunities.

Requirements & Execution

• Write clear product requirements, user stories, and success metrics for features such as:
• Automated external attack surface discovery
• Continuous asset and software inventory
• Vulnerability detection enrichment (CVEs, KEVs, threat intel feeds)
• Exploit validation and safe adversarial testing
• Prioritization engines (risk scoring, exploit likelihood, business context)
• Exposure dashboards and reporting
• Work closely with engineering and research teams to define scope, evaluate trade-offs, and ensure technically feasible solutions.
• Drive release planning, execution, and post-launch performance measurement.

Cross-Functional Leadership

• Partner with security SMEs to validate exploit chains, attack paths, and validation methodologiesensuring features reflect real attacker behaviour without enabling misuse.
• Invision methods to integrate threat intelligence, exploit probability models, and asset classification.
• Support GTM teams with messaging, demos, competitive intelligence, and customer engagements.
• Work with support and success teams to ensure smooth adoption and effective onboarding.

Risk, Compliance & Responsible Innovation

• Ensure product capabilities align with ethical use, compliance frameworks, and customer governance requirements.
• Help define guardrails for responsible use of exploit validation and adversarial testing features.
• Keep stakeholders aligned on legal, privacy, and safety considerations for offensive-leaning capabilities.

Required Qualifications

• 36 years of product management experience in cybersecurity or related SaaS domains.
• Strong understanding of vulnerability management, asset discovery, threat intelligence, and/or penetration testing workflows.
• Familiarity with concepts such as exposure management, risk scoring, exploitability analysis, and attack surface enumeration.
• Ability to translate security domain knowledge into actionable feature specifications and prioritized roadmaps.
• Experience working with agile development teams and delivering enterprise-grade products.

Preferred Qualifications

• Hands-on background or certifications in offensive or defensive security
• Good understanding of OWASP top 10 categories
• Experience with vulnerability scanning tools, ASM platforms, or exploit validation frameworks.
• Knowledge of EPSS, KEV, CVSS, SBOMs, and asset intelligence models.
• Understanding of cloud environments (AWS/Azure/GCP) and distributed architectures related to security data collection.
• Understanding of AI frameworks and how AI can be used to rollout quality solutions to our customers
• Experience with dashboards, analytics, or risk visualization components.

Success Indicators

• Increased customer adoption and measurable reduction in customer attack surface exposure.
• Improved accuracy and efficiency of vulnerability and exploitability prioritization.
• Effective integration of VM, ASM, and AEV capabilities into a cohesive product experience.
• Predictable delivery of roadmap milestones and high-quality releases.
• Positive customer feedback on usability, risk insights, and validation workflows.