Offensive Security Specialist

Job Description

Offensive Security Specialist (W/M/NB)
• Location: Paris, France
• Duration of work: Full-time
• Remote or on-site: Flexible working organization to be discussed with the manager of the role, in accordance with the Ubisoft hybrid work policy - 3 days a week in our Saint-Mandé office.
Ubisoft's 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players' lives with original and memorable gaming experiences. Their dedication and talent have brought to life many acclaimed franchises such as Assassin's Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown
Job Description
Profile
We are seeking a skilled and motivated Offensive Security Specialist to join our cybersecurity team and strengthen Ubisoft's ability to identify, assess, and mitigate security vulnerabilities across its diverse environments, ranging from IT and corporate systems to games and online services.
You will contribute to our vulnerability management program by validating CVEs, developing exploit proofs-of-concept, collaborating with our Red Team, and supporting remediation and triage through actionable insights. Your expertise in offensive techniques will play a critical role in reducing risk exposure across the organization.

Responsibilities
• Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
• Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
• Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
• Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
• Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
• Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
• Document validated vulnerabilities and communicate detailed findings and remediation recommendations to internal stakeholders.
Qualifications
• Experiences in penetration testing or offensive security.
• Solid understanding of vulnerability scoring, attack vectors, triage and assessments in large-scale, complex infrastructures.
• Proficiency in identifying and exploiting common vulnerabilities:
• Web vulnerabilities (e.g., XSS, IDOR, CSRF)
• Server-side issues (e.g., SQLi, XXE, SSRF, RCE)
• Authentication and access control flaws
• Ability to build or adapt CVE exploitation PoCs tailored to the Ubisoft environment.
• Familiarity with reverse engineering/debugging tools: IDA Pro, Ghidra, x96dbg, WinDbg.
• Comfortable with network and packet analysis tools: Wireshark, tcpdump, Scapy.
Nice-to-Have
• Experience with vulnerability scanners such as Tenable or Qualys.
• Knowledge of remediation techniques and system hardening practices.
• Usage of frameworks such as OWASP, MITRE ATT&CK.
• OSCP or equivalent offensive security certifications (e.g., eCPPT, GPEN) preferred.

Jobcode: Reference SBJ-02vxp6-18-97-14-91-42 in your application.