Pioneering trusted medical solutions to improve the lives we touch: Convatec is a global medical products and technologies company, focused on solutions for the management of chronic conditions, with leading positions in advanced wound care, ostomy care, continence care, and infusion care. With around 10,000 colleagues, we provide our products and services in almost 100 countries, united by a promise to be forever caring. Our solutions provide a range of benefits, from infection prevention and protection of at-risk skin, to improved patient outcomes and reduced care costs. Convatec's revenues in 2023 were over $2 billion. The company is a constituent of the FTSE 100 Index (LSE:CTEC). To learn more about Convatec, please visit Key responsibilities and authority This role is responsible for helping ensure Convatec remains protected from evolving cyber threats. This role is responsible for defining what red teaming exercises are to be performed, completing penetration testing and for overseeing the quality of work completed by less senior members of the team to ensure standards are maintained and Convatec is protected. This role will be responsible for managing the bug bounty Programme, including the scope of the Programme. Some key areas such as red teaming, bug bounty scope, which could have financial impacts or operational impacts, will require pre-approval by the Snr Director, Cyber and Security. This role will be responsible for their ongoing development in conjunction with their line manager. This role will be allocated a budget for spending on technologies to support testing for the offensive security team, what tools are used. Key requirements Highly reliable and ethical person Strong understanding of penetration testing concepts and techniques. Ability to think creatively and independently. Ability to act as technical mentor for the offensive security testing lead role. Ability to work independently and as part of a team. Education/ Qualifications Required: Bachelor's degree in computer science, Information Systems, Software Engineering, or equivalent experience. Desirable: Professional certifications such as: Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) GIAC Certified Incident Handler (GCIH) CREST approved ethical hacker (CREST) Knowledge of business processes, especially within IT environments such as privileged access management. Knowledge developing exploits, password cracking, and exploiting poor IT practices to gain access. #LI-Hybrid #LI-AR2 Beware of scams online or from individuals claiming to represent Convatec A formal recruitment process is required for all our opportunities prior to any offer of employment. This will include an interview confirmed by an official Convatec email address. If you receive a suspicious approach over social media, text message, email or phone call about recruitment at Convatec, do not disclose any personal information or pay any fees whatsoever. If you're unsure, please contact us at . Equal opportunities Convatec provides equal employment opportunities for all current employees and applicants for employment. This policy means that no one will be discriminated against because of race, religion, creed, color, national origin, nationality, citizenship, ancestry, sex, age, marital status, physical or mental disability, affectional or sexual orientation, gender identity, military or veteran status, genetic predisposing characteristics or any other basis prohibited by law.