Offensive Security Specialist (W/M/NB)

Social network you want to login/join with:

col-narrow-left

Other

-

Yes

col-narrow-right

2

22.05.2025

06.07.2025

col-wide

Job Description

Profile

We are seeking a skilled and motivated Offensive Security Specialist to join our cybersecurity team and strengthen Ubisoft’s ability to identify, assess, and mitigate security vulnerabilities across its diverse environments, ranging from IT and corporate systems to games and online services.

You will contribute to our vulnerability management program by validating CVEs, developing exploit proofs-of-concept, collaborating with our Red Team, and supporting remediation and triage through actionable insights. Your expertise in offensive techniques will play a critical role in reducing risk exposure across the organization.

Responsibilities

• Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
• Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
• Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
• Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
• Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
• Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
• Document validated vulnerabilities and communicate detailed findings and remediation recommendations to internal stakeholders.

Qualifications

• Experience in penetration testing or offensive security.
• Solid understanding of vulnerability scoring, attack vectors, triage and assessments in large-scale, complex infrastructures.
• Proficiency in identifying and exploiting common vulnerabilities: Web vulnerabilities (e.g., XSS, IDOR, CSRF), Server-side issues (e.g., SQLi, XXE, SSRF, RCE), Authentication and access control flaws.
• Ability to build or adapt CVE exploitation PoCs tailored to the Ubisoft environment.
• Familiarity with reverse engineering/debugging tools: IDA Pro, Ghidra, x96dbg, WinDbg.
• Comfortable with network and packet analysis tools: Wireshark, tcpdump, Scapy.

Nice-to-Have

• Experience with vulnerability scanners such as Tenable or Qualys.
• Knowledge of remediation techniques and system hardening practices.
• Usage of frameworks such as OWASP, MITRE ATT&CK.
• OSCP or equivalent offensive security certifications (e.g., eCPPT, GPEN) preferred.