Ubisoft Montreal, an industry-leading developer of video games, located in the heart of Montreal’s Mile-End, offers a unique environment where creativity, teamwork and cutting-edge technology bring to life critically acclaimed video games and iconic AAA franchises. You will benefit from a competitive compensation package, an open learning environment, and contribute to an international team driving innovation.
As part of the Security & Risk Management team, as the ethical hacker in the Red Team, you will help manage and reduce security risks on activity domains within Ubisoft such as IT, HR, gaming, online services and many others by performing vulnerability assessments and security testing. You will provide technical security expertise to report security weaknesses and recommendations to all internal clients.
· Analyse security aspects of various projects by performing vulnerability assessments activities such as intrusion tests, testing security measures implemented during development;
· Validation of the implementation of security recommendations with developers and project teams;
· Participate in security reviews of pre-production and production projects to evaluate potential risks to Ubisoft infrastructures;
· Provide security guidance based on potential risks from an attacker perspective;
· Assist in the creation and deployment of security tools, policies and workflows implementing industry best practices at Ubisoft.
· Bachelors’ Degree in Computer Sciences or any related discipline;
· Security certification in ethical hacking/intrusion tests (OSCP, OSCE, GIAC, GPEN, or GWAPT) is a strong asset.
· 3+ years in the information security field or relevant experience;
· 3+ years in technical hands-on on at least one of the following topics: Microsoft security, Network security, Linux security;
· Solid experience on key concepts: TCP/IP stack, routing, Web-based infrastructures, Firewalls;
· Experience with heavy game clients (reverse engineering) is a strong asset;
· Hands-on experience on intrusion testing/vulnerability assessments methodology and standards on complex infrastructures/large networks;
· Hands-on experience on most of the following tools and concepts: SQL injection, cross-site scripting, buffer overflow, metasploit, burp suite, nessus, mbsa, privilege escalation, reverse shell, reverse-engineering, wireshark/tcpdump;
· Programming/scripting experience (Powershell, .NET, PHP, Python, Ruby, Perl).
Skills & Knowledge
· Methodic, proactive and result-oriented;
· Autodidact and rigorous;
· Comfortable working in fast-changing environments;
· Ability to build threat models;
· Advanced knowledge of Open Web Application Security Project (OWASP or similar technical framework);
· General knowledge of security frameworks/standards (e.g. ISO 27002, PCI compliance, NIST/DISA guides);
· English language is required (oral/written).
Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above.
At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.