Vulnerability Management Specialist - Software Defect

Company Description

Ubisoft’s 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

Job Description

As a Vulnerability Management Specialist, you will support the day-to-day vulnerability mitigation activities as well as efforts to implement best practice methods, processes, tools and drive continuous improvement initiatives at Ubisoft. You will be joining Ubisoft within the Security & Risk Management Department – SRM, which is a global team across Europe, Asia, and the Americas.

In this role, you will act as a point of contact and facilitator for vulnerability management within Ubisoft’s SRM group. Acting as a bridge between SRM and Ubisoft as a whole, you’ll need to present insightful results in simple, yet, effective business terms. As part of your mission, you will follow up on security assessments, coordinate security software defect, assist vulnerability management, help minimize attack surface area, and recommend corrective actions.

As part of this team, topics you will work on will include cloud environments, network architecture, security audits, developing policies and software defect management. We don't expect you to know all this, but you'll be able to ramp up on these technologies as well as many others.

Responsibilities

• Manage the end-to-end workflow for handling and responding to vulnerability reports from Red/Blue Teams and scanning technologies while working with IT engineering and gaming studio organizations for remediation;
• Schedule and perform reoccurring scanning activities of both corporate and production environments;
• Coordinate mitigations to applicable zero-day security bugs;
• Collaborates with infrastructure and application owners on security hot-fixes or patch management validation;
• Generate remediation action plans and corresponding tickets for system and application owners to remediate identified flaws;
• Develop periodic reports on the discovery and closure of vulnerabilities to maintain stakeholder accountability;
• Supports the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management;
• Assist in documenting standard operating procedures;
• Stays abreast of current and emerging Vulnerability intelligence.

Qualifications

• Experience in a previous vulnerability management (Software Defect) role as well as relevant certifications and/or education in the Cyber security, auditing and/or consulting industry;
• Familiarity with security standards and fundamentals such as OWASP Top 10, CVSS, CVE;
• Ability to interact with representatives from different sectors and communicate technical and business concepts to all types of audiences through different ways – presentations, documentation, communication; Ability to make decisions quickly in a constantly changing environment and demonstrate a capacity for innovation;
• Scripting skills (E.g: Python, Perl, Bash, PowerShell, etc.);
• Experience in DevSecOps, Blue/Red Teaming would be an asset;

Join us and empower SRM to remain a world-class reference for the entire gaming industry!

Additional Information

Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.

Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above.

At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.