Application Security Expert

Job Description

Ubisoft's 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players' lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin's Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

Job Description

Joining the Security and Risk Management department as an Application Security Expert, you will oversee and participate to the implementation of security controls, and you will contribute to the management and reduction of risks by embedding into teams of a large spectrum of game productions, and critical online services. Furthermore, you will contribute to production and their services by finding and fixing security vulnerabilities, and by defining, designing, and implementing security requirements.

Responsibilities
• Act as a key technical resource for the security department embedded within production teams;
• Perform and participate to security reviews with a variety of productions and make tangible and impactful contributions to critical projects, while maintaining a collaborative and team-oriented spirit;
• Participate to the review, implementation, and deployment of security tools that will be deployed within various services and projects;
• Participate in the remediation activities of vulnerabilities found during code reviews, vulnerability scans, or penetration testing;
• Participate in developing security best practices within the project you will be embed in. Support the deployment of tools enforcing those best practices;
• Partner with Security Engineering Managers, Enterprise Security Architects, and other teams to define the proper security strategy, implement security controls and contribute to the evolution of services within critical projects.

Qualifications
• Extensive experience in application security is required;
• Experience in the development of applications in a collaborative environment would be a strong asset;
• Strong understanding of common vulnerabilities (e.g. OWASP Top 10) and practical experience in discovering and mitigating them;
• Solid experience with CI/CD processes, DevOps practices as well as experience with DevSecOps and security tool deployment would be an asset;
• Ability to encode findings in an automated tool for regression tests would be an asset;
• Pentesting abilities or experience would be an asset;
• Ability to coach your peers, and development or operational teams you will work with while being embed.

Jobcode: Reference SBJ-r1joy0-18-118-32-150-42 in your application.