Product Owner – Cybersecurity Testing & Exposure Management - EVIV002458

Product Owner – Cybersecurity Testing & Exposure Management (Freelance)

Full-time | Hybrid

About the Role

We are looking for a Product Owner Cybersecurity Testing & Exposure Management to lead and evolve a critical security service offering within a large-scale public digital transformation environment.

In this role, you will combine product ownership, stakeholder management, and deep cybersecurity expertise to build and optimize services such as penetration testing, vulnerability management, and ethical hacking programs.

You will act as the bridge between stakeholders, internal teams, and external partners, ensuring high-quality service delivery and continuous improvement.

Your Responsibilities

• Define and drive the product vision, roadmap, and backlog for cybersecurity testing services
• Translate stakeholder needs into clear requirements and priorities
• Manage delivery through internal teams and external vendors

• Plan, coordinate, and execute penetration tests (applications, APIs, infrastructure)
• Define scope and objectives with stakeholders
• Review and validate test reports (quality, completeness, risk assessment, remediation)
• Ensure structured follow-up of vulnerabilities

• Develop and manage ethical hacking initiatives (bug bounty, disclosure programs)
• Coordinate triage, prioritization, and remediation of reported vulnerabilities
• Collaborate with internal teams and external researchers

• Manage and optimize vulnerability scanning and attack surface management (ASM) solutions
• Ensure proper configuration, integration, and reporting
• Define and monitor KPIs/SLAs for service quality
• Coordinate remediation efforts with product and platform teams

• Manage supplier relationships and service delivery
• Lead RFI/RFP processes and vendor selection
• Ensure alignment with security frameworks and standards (OWASP, NIST, ISO, etc.)
• Continuously improve processes, tools, and methodologies

Your Profile

• Minimum 5 years' experience as a Product Owner or similar role
• Minimum 5 years' experience as a Security Consultant (applications, infrastructure, or data)
• Strong experience with:
• Penetration testing and vulnerability management
• Exposure management tools (vulnerability scanners, ASM)
• Security process analysis, optimization, and governance
• Deep expertise in at least one information security domain
• Experience coordinating and reviewing security testing activities
• Dutch proficiency at CEFR level C2

• Experience with security frameworks (ISO 27001, NIST, OWASP, CIS Controls)
• Experience with RFI/RFP processes and vendor management
• Experience defining and managing SLAs/KPIs and service governance
• Knowledge of pentesting methodologies (OWASP, PTES, OSSTMM)
• Relevant certifications (e.g. CISM, CISSP, CEH)

• Play a key role in strengthening cybersecurity across public sector organizations
• Combine technical security expertise with product leadership
• Work in a complex, multi-stakeholder environment
• Drive innovation in ethical hacking and exposure management services
• Flexible hybrid working model

• Freelance assignment under framework agreement
• Full-time engagement
• Hybrid work setup
• Long-term project with extension possibilities