COMPANY DESCRIPTION
- Location: Paris, France
- Duration of work: Full-time
- Remote or on-site: Flexible working organization to be discussed with the manager of the role, in accordance with the Ubisoft hybrid work policy - 3 days a week in our Saint-Mandé office.
Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their dedication and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown
JOB DESCRIPTION
Profile
We are seeking a skilled and motivated Offensive Security Specialist to join our cybersecurity team and strengthen Ubisoft’s ability to identify, assess, and mitigate security vulnerabilities across its diverse environments, ranging from IT and corporate systems to games and online services.
You will contribute to our vulnerability management program by validating CVEs, developing exploit proofs-of-concept, collaborating with our Red Team, and supporting remediation and triage through actionable insights. Your expertise in offensive techniques will play a critical role in reducing risk exposure across the organization.
Responsibilities
- Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
- Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
- Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
- Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
- Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
- Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
- Document validated vulnerabilities and communicate detailed findings and remediation recommendations to internal stakeholders.
QUALIFICATIONS
- Experiences in penetration testing or offensive security.
- Solid understanding of vulnerability scoring, attack vectors, triage and assessments in large-scale, complex infrastructures.
- Proficiency in identifying and exploiting common vulnerabilities:
- Web vulnerabilities (e.g., XSS, IDOR, CSRF)
- Server-side issues (e.g., SQLi, XXE, SSRF, RCE)
- Authentication and access control flaws
- Ability to build or adapt CVE exploitation PoCs tailored to the Ubisoft environment.
- Familiarity with reverse engineering/debugging tools: IDA Pro, Ghidra, x96dbg, WinDbg.
- Comfortable with network and packet analysis tools: Wireshark, tcpdump, Scapy.
Nice-to-Have
- Experience with vulnerability scanners such as Tenable or Qualys.
- Knowledge of remediation techniques and system hardening practices.
- Usage of frameworks such as OWASP, MITRE ATT&CK.
- OSCP or equivalent offensive security certifications (e.g., eCPPT, GPEN) preferred.
ADDITIONAL INFORMATION
Ubisoft's perks
💰 Profit Sharing, yearly company saving plan. 25 paid time off + 12 additional paid days off. 50% of your transportation pass is paid by the company, lunch vouchers (9€/day), healthcare for you and your family, and lots of Ubisoft additional perks.
👶 Maternity leaves of 20 weeks, paternity/co-parental leaves of 7 weeks.
📍 Our office is located in Saint Mandé, (Metro line 1, Saint Mandé station). Gym available in the building. According to Ubisoft's hybrid work model, our flexible work policy includes a minimum of 3 days a week in our Saint-Mandé office and the remaining 2 days working from home.
Recruitment process
[30 minutes] : phone call with a Recruiter,
[60 minutes] : interview with the manager of the role and a Security Manager,
[60 minutes] : interview with the SRM Technical Director
Additional Information
Ubisoft offers the same job opportunities to all, without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability, or age. Ubisoft ensures the development of an inclusive work environment which mirrors the diversity of our gamers’ community.
Check out this guide to help you with your application, and learn about our actions to encourage more diversity and inclusion.
LET OUR TEAM MEMBERS TELL YOU ABOUT THEIR JOB
FAQ
Can I submit an open application?
We do not accept open applications. You can find all our open positions by clicking on the ‘Search Jobs’ button. Check our careers page regularly if you don’t find the opportunity you are looking for this time.
How can I check my application status?
You can check the status of your application by logging into your SmartRecruiters candidate profile.
I am not familiar with the video game industry. Would I fit into Ubisoft?
At Ubisoft, everyone is welcome! We know that by bringing together different perspectives and experiences, we create a more inclusive environment for our team members. You’ll get the chance to work with teams and projects that inspire and challenge you every single day.
How do I know if a Ubisoft email/offer is legit?
We were sorry to hear of some instances whereby scammers contacted candidates on Ubisoft’s “behalf” to gather personal data and/or money. We take this matter very seriously: not only do these actions put you at risk, they also jeopardize Ubisoft’s image. Click on the button below to read the detailed list of of things that Ubisoft, as a company, will never ask you for during your hiring process.