This job listing expired on Mar 24, 2022
Tweet

Creating the unknown since 1997.

When you join Ubi MTL, you’ll discover a workplace that sparks inspiration and connection: an environment with a variety of voices, identities, backgrounds, experiences, and perspectives. We offer a collaborative space that provides career advancement, a host of learning opportunities, and meaningful benefits centred on well-being. Our shared desire to dream big, take risks, and constantly improve contributes to the innovation and boundary-pushing that ultimately leads to our collective success. Join us!

JOB DESCRIPTION

As part of the Security & Risk Management team within Ubisoft IT, the Ethical Hacker (Red Team), you will help manage and reduce security risks on activity domains within Ubisoft such as IT, HR, gaming, online services and many others by performing vulnerability assessments and security testing. You will provide technical security expertise to report security weaknesses and recommendations to all internal clients.

Responsibilities

  • Analyse security aspects of various projects by performing vulnerability assessments activities such as penetration tests, code/configuration reviews and red-teaming operation;
  • Validation of the implementation of security recommendations with developers and project teams;
  • Participate in security reviews of pre-production and production projects to evaluate potential risks to Ubisoft infrastructures;
  • Provide security guidance based on potential risks from an attacker perspective;
  • Assist in the creation and deployment of security tools, policies and workflows implementing industry best practices at Ubisoft;
  • Research current and emerging offensive techniques and develop practices to enhance existing methods or tooling;
  • Collaborate with the Blue Team to plan and execute Purple-Teaming exercises.

QUALIFICATIONS

  • Experience in the information security field with demonstrated relevant certifications AND technical hands-on on at least one of the following topics: Microsoft security, Network security, Linux security;
  • Hands-on experience on intrusion testing/vulnerability assessments methodology and standards on complex infrastructures/large networks;
  • Hands-on experience on most of the following concepts: port scanning, server-side injections (SQL, XXE, SSRF, etc.), cross-site scripting, remote command execution (web shells), Active Directory weaknesses, privilege escalation, EDR evasion, buffer overflows;
  • Hands on experience on most of the following tools: BurpSuite, sqlmap, Metasploit, Mimikatz, Crackmapexec, impacket tools, wireshark/tcpdump, IDA Pro, x64dbg;
  • Working familiarity with public cloud technologies (IaaS, PaaS, SaaS);
  • Ability to build threat models;
  • Advanced knowledge of Open Web Application Security Project (OWASP or similar technical framework); General knowledge of security frameworks/standards (e.g. ISO 27002, PCI compliance, NIST/DISA guides).

ADDITIONAL INFORMATION

Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.

Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above.

At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.