Confused about cybersecurity career
Hi all,
I am currently working in a MnC company in a product security role for 1.5 year, but the company itself is not security-focused. I have experience with web application pentesting, SOC 2 security assessments, Android reverse engineering, PortSwigger labs, and some CTFs/HTB. I am mainly interested in offensive security and want to move into a strong product-based security company where I can keep learning deeply, instead of repetitive client-service pentesting or full-time bug bounty work.
Currently, I am confused about what my next learning and career steps should be for switching companies in the next 1 years. Are certifications actually valuable for breaking into good product security roles, and if yes, which ones would make the most sense at this stage? I was considering PNPT first and then OSCP later along with AWS Cloud security for cloud security roles, but would like to hear some guidance from the experience of security engineers.