Offensive Security Specialist at Ubisoft
Montréal, QC, Canada -
Full Time


Start Date

Immediate

Expiry Date

09 Dec, 25

Salary

0.0

Posted On

10 Sep, 25

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Xss, Windbg, Wireshark, Tcpdump, Triage, Owasp, Authentication, Testing Tools, Vulnerability Assessment, Penetration Testing, Access, Oscp, Csrf

Industry

Information Technology/IT

Description

Company Description
Ubisoft is a global leader in gaming with teams across the world creating original and memorable gaming experiences, from Assassin’s Creed, Rainbow Six to Just Dance and more. We believe diverse perspectives help both players and teams thrive. If you’re passionate about innovation and pushing entertainment boundaries, join our journey and help us create the unknown!
Job Description
Ubisoft is seeking a skilled and motivated Offensive Security Specialist to join our cybersecurity team and strengthen Ubisoft’s ability to identify, assess, and mitigate security vulnerabilities across its diverse environments, ranging from IT and corporate systems to games and online services.
You will contribute to our vulnerability management program by validating CVEs, developing exploit proofs-of-concept, collaborating with our Red Team, and supporting remediation and triage through actionable insights. Your expertise in offensive techniques will play a critical role in reducing risk exposure across the organization.

Responsibilities

  • Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
  • Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
  • Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
  • Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
  • Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
  • Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
  • Document validated vulnerabilities, and communicate detailed findings and remediation recommendations to internal stakeholders.
  • Remediate vulnerabilities by following up with asset and application owners to ensure timely resolution.

QUALIFICATIONS

  • Practical Experience: Demonstrated track record in penetration testing or offensive security within large-scale, complex infrastructures, suited for an intermediate-level professional with a with a strong commitment to keeping skills current in offensive security with certifications such as OSCP.
  • Vulnerability Assessment Expertise: Strong knowledge of vulnerability scoring, attack vectors, triage, and assessments, including the ability to exploit common flaws such as: Web vulnerabilities (XSS, IDOR, CSRF), Server-side issues (SQLi, XXE, SSRF, RCE), Authentication and access control weaknesses
  • Exploit Development: Proven ability to build or adapt CVE exploitation proofs of concept (PoCs) tailored to organizational environments.
  • Tool Proficiency: Skilled in vulnerability assessment and penetration testing tools, including vulnerability scanners (Tenable, Qualys) and network analysis utilities (Wireshark, tcpdump, Scapy); Reverse engineering & debugging tools (IDA Pro, Ghidra, x64dbg, WinDbg) is a plus.
  • Security Frameworks & Practices: Familiarity with OWASP, MITRE ATT&CK, remediation techniques, and system hardening.
    Additional Information
Responsibilities

WE EMBRACE A HYBRID WORK MODEL HELPING YOU STAY CONNECTED WITH YOUR TEAM AND ALIGNED WITH BUSINESS PRIORITIES, WHILE GIVING YOU THE OPPORTUNITY TO MAINTAIN YOUR WORK-LIFE BALANCE. NOTE, THAT SOME ROLES ARE FULLY OFFICE-BASED AND ARE NOT ELIGIBLE FOR HYBRID WORK.

Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.
Skills and competencies show up in different forms and can be based on different experiences, that is why we strongly encourage you to apply even though you may not have all the requirements listed above.
At Ubisoft, we embrace diversity in all its forms. We’re committed to fostering an inclusive and respectful work environment for all. We know the importance of providing a pleasant interview experience, therefore if you need any accommodation, please let us know if there is anything we can do to facilitate the interview process

Responsibilities

  • Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
  • Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
  • Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
  • Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
  • Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
  • Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
  • Document validated vulnerabilities, and communicate detailed findings and remediation recommendations to internal stakeholders.
  • Remediate vulnerabilities by following up with asset and application owners to ensure timely resolution
Loading...