Offensive Security Specialist (W/M/NB)

Company Description

• Location: Paris, France
• Duration of work: Full-time
• Remote or on-site: Flexible working organization to be discussed with the manager of the role, in accordance with the Ubisoft hybrid work policy - 3 days a week in our Saint-Mandé office.

Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their dedication and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown

Job Description

Profile

We are seeking a skilled and motivated Offensive Security Specialist to join our cybersecurity team and strengthen Ubisoft’s ability to identify, assess, and mitigate security vulnerabilities across its diverse environments, ranging from IT and corporate systems to games and online services.

You will contribute to our vulnerability management program by validating CVEs, developing exploit proofs-of-concept, collaborating with our Red Team, and supporting remediation and triage through actionable insights. Your expertise in offensive techniques will play a critical role in reducing risk exposure across the organization.

  Responsibilities

• Validate the exploitation of third-party CVEs identified by vulnerability scanners (e.g., Tenable.io).
• Triage and validate first-party vulnerabilities discovered through responsible disclosure programs (e.g., Bug Bounty).
• Collaborate with the Red Team to build exploit chains and simulate real-world attack scenarios.
• Retest vulnerabilities identified by internal security teams to confirm remediation effectiveness.
• Contribute to the development and deployment of internal security tools and workflows aligned with industry best practices.
• Continuously research emerging offensive techniques and integrate findings into testing methodologies and tooling.
• Document validated vulnerabilities and communicate detailed findings and remediation recommendations to internal stakeholders.

Qualifications

• Experiences in penetration testing or offensive security.
• Solid understanding of vulnerability scoring, attack vectors, triage and assessments in large-scale, complex infrastructures.
• Proficiency in identifying and exploiting common vulnerabilities:
  • Web vulnerabilities (e.g., XSS, IDOR, CSRF)
  • Server-side issues (e.g., SQLi, XXE, SSRF, RCE)
  • Authentication and access control flaws
• Ability to build or adapt CVE exploitation PoCs tailored to the Ubisoft environment.
• Familiarity with reverse engineering/debugging tools: IDA Pro, Ghidra, x96dbg, WinDbg.
• Comfortable with network and packet analysis tools: Wireshark, tcpdump, Scapy.

Nice-to-Have

• Experience with vulnerability scanners such as Tenable or Qualys.
• Knowledge of remediation techniques and system hardening practices.
• Usage of frameworks such as OWASP, MITRE ATT&CK.

• OSCP or equivalent offensive security certifications (e.g., eCPPT, GPEN) preferred.

Additional Information

Ubisoft's perks

💰 Profit Sharing, yearly company saving plan. 25 paid time off + 12 additional paid days off. 50% of your transportation pass is paid by the company, lunch vouchers (9€/day), healthcare for you and your family, and lots of Ubisoft additional perks.
👶 Maternity leaves of 20 weeks, paternity/co-parental leaves of 7 weeks.
📍 Our office is located in Saint Mandé, (Metro line 1, Saint Mandé station). Gym available in the building. According to Ubisoft's hybrid work model, our flexible work policy includes a minimum of 3 days a week in our Saint-Mandé office and the remaining 2 days working from home.

Recruitment process

[30 minutes] : phone call with a Recruiter,
[60 minutes] : interview with the manager of the role and a Security Manager,
[60 minutes] : interview with the SRM Technical Director

Additional Information

Ubisoft offers the same job opportunities to all, without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability, or age. Ubisoft ensures the development of an inclusive work environment which mirrors the diversity of our gamers’ community.

Check out this guide to help you with your application, and learn about our actions to encourage more diversity and inclusion.