This job might no longer be available.
Application Security Expert
1 year ago
Job Description
Ubisoft's Risk & Security Management team (SRM) is part of Ubisoft IT, a worldwide team of professionals. Its mission is to provide a safe and secure environment allowing Ubisoft to achieve its objectives all while being fully resilient to risks and threats.
As an Application Security Expert focused on application security topics, you will oversee and participate in the implementation of security controls. You will also contribute to the management and reduction of risks by embedding into project teams of a large spectrum of IT projects, productions, and critical online services.
Responsibilities
- Contribute to important development projects by finding and fixing security vulnerabilities, implementing security requirements, or by deploying security tools;
- Participate in code reviews with a variety of project teams and make tangible and impactful contributions to critical projects, while maintaining a collaborative and team-oriented spirit;
- Participate in the review, implementation, and deployment of security tools like SCA/SAST/DAST that will be deployed within various services and projects;
- Collaborate with Security Engineering Managers, Enterprise Security Architects, and other teams to implement security controls and contribute to the evolution of services within critical projects;
- Contribute to a corpus of best practices, knowledge bases, and guidelines to push security left and foster self-service;
- Coach peers, and the development/operational teams you will work with while being embedded.
Qualifications
- Experience in application security, strong understanding of OWASP Top 10, and practical experience in mitigating/discovering common web vulnerabilities;
- Experience with CI/CD processes, DevOps, and Devsecops - Security tools deployment would be a strong asset;
- Knowledge of Web, and API security best practices in a C#, Go, Python, and/or JavaScript environment;
- Knowledge of at least one SAST/DAST/SCA tool - Semgrep, SonarQube, Snyk would be an asset;
- Knowledge to encode findings in an automated tool for regression tests (e.g., nuclei templates) would be an asset;
- Experience would be an asset.
Additional Information
Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.
Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above.
At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.
Company Description
Ubisoft’s 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.
Create Your Profile — Game companies can contact you with their relevant job openings.