DevSecOps Engineer (M/W/NB)

Ubisoft's 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players' lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin's Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

Job Description

You will join the Security and Risk Management department as a Solution Security Architect focused on application security topics. You will oversee and participate to the implementation of security controls, and you will contribute to the management and reduction of risks by embedding into project teams of a large spectrum of IT project, productions, and critical online services.

Key Responsibilities

• Act as a key resource for the security department embedded within project teams, you will contribute to important development projects by finding and fixing security vulnerabilities, by implementing security requirements or by deploying security tools
• Participate to code reviews with a variety of project teams and make tangible and impactful contributions to critical project, while maintaining a collaborative and team-oriented spirit.
• Participate to the review, implementation, and deployment of security tools like SCA/SAST/DAST that will be deployed within various services and projects;
• Partner with Security Engineering Managers, Enterprise Security Architects, and other teams to implement security controls and contribute to the evolution of services within critical projects;
• Contribute to a corpus of best-practices, knowledge bases, and guidelines to push security left and foster self-service;
• Participate in developing secret management best practices on source control services such as Gitlab or Perforce. Support the deployment of tools enforcing those best practices;

Qualifications

Relevant experience

• Significant experience in application security preferably in the tech industry;
• Experience with CI/CD processes and DevOps;
• Experience with DevSecOps and security tools deployment will be a strong asset;

Skills

• Solid skills in C#, Go, Python and/or JavaScript;
• Strong knowledge of Web and API security best practices;
• Strong understanding of OWASP Top 10 and practical experience in mitigating / discovering common web vulnerabilities;
• Practical knowledge of at least one SAST/DAST/SCA tool - Semgrep, SonarQube, Snyk would be an asset;
• Ability to encode findings in an automated tool for regression tests (e.g. nuclei templates) would be an asset;
• Pentesting abilities or experience would be an asset ? Experience with web application security (e.g. Burp) would be an asset;
• Have strong team spirit with a sense of ownership and communication skills;
• Ability to coach his peers, and the development or operational teams you will work with while being embed;