Vulnerability Management Specialist - Security & Risk Management Team

Job Description

Vulnerability Management Specialist – Ubisoft Security & Risk Management team (W/M/NB)
• Location: Saint-Mandé, Paris Area, France
• Duration of work: Full-time
• Remote or on-site: Flexible working organization to be discussed with the manager of the role, in accordance with the Ubisoft Work From Home policy - 3 days a week in our Saint-Mandé office.

Ubisoft's 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players' lives with original and memorable gaming experiences. Their dedication and talent have brought to life many acclaimed franchises such as Assassin's Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

Job Description

We are seeking a talented Vulnerability Management Specialist to enhance our cybersecurity team by identifying, assessing, and mitigating IT security vulnerabilities. The ideal candidate has a deep understanding of vulnerability assessment, prioritization, CVSS scoring, attack vectors, triage filtering, analytics, and contextualization and has excellent collaborative skills to manage large stakeholder groups.

As part of the Vulnerability Management Program team, you will help build Ubisoft's Vulnerability Operations Center-focusing on:
• Vulnerability Treatment: Operational processes, patching strategies, and metrics-driven remediation.
• Vulnerability Platform: Tooling enhancements, system integrations, automation, customization, and advanced scanning capabilities.

The Vulnerability Management team protects critical assets and build visibility one our risk landscape. The team's mission is to provide comprehensive visibility into the risk landscape of Ubisoft's environment and security posture, enabling upper management to clearly understand our risk levels. By prioritizing and addressing the most critical vulnerabilities, the team aims to safeguard key assets while driving the implementation of an efectuve vulnerability lifecycle management process supported by actionable, metrics-driven insights.

In the Vulnerability Management team, your role includes supporting vulnerability mitigation, implementing best practices, and driving continuous improvement. Joining Ubisoft's global Security & Risk Management (SRM) team, you will contribute to safeguarding our games, cloud environments, and employee systems, playing a key role in enhancing our security posture.

Responsibilities:
• Stay updated on emerging vulnerabilities and communicate risks to stakeholders;
• Coordinate mitigations for zero-day and other high-profile vulnerabilities;
• Generate and track remediation plans and tickets for system and application flaws;
• Develop reports on vulnerability discovery and closure to ensure accountability;
• Collaborate on security hot-fixes and validate patch management processes;
• Optimize large-scale patching and enforce vulnerability management policies;
• Promote patching best practices through training and communication;
• Monitor compliance with patching SLAs and track remediation metrics;
• Use analytics tools (e.g., Power BI, Tableau) to report vulnerability trends and KPIs;
• Design improved data collection and reporting methods for program efficiency.

Qualifications

Relevant experience, skills and knowledge

Skills:
• Proficiency with data visualization and analytics tools (e.g., Power BI, Tableau);
• Experience with vulnerability management tools (e.g., Tenable, Qualys, Rapid7);
• Solid knowledge of networking, operating systems, and web application security;
• Strong analytical, problem-solving, and data analysis skills;
• Effective communication and interpersonal abilities for diverse audiences;
• Skilled in prioritizing tasks and managing projects in fast-paced environments;
• Familiarity with security standards like OWASP Top 10, CVSS, and CVE is a plus.

Qualifications and Training:
• Education in Computer Science, Cybersecurity, IT, or equivalent experience (prefered);
• CISSP, CISM, CEH, CompTIA Security+ certifications (preferred);
• Familiarity with ISO 27001, NIST, CIS, PCI-DSS frameworks (preferred);
• English required;
• French a plus.

Relevant experience:
• Experience in IT security field or relevant vulnerability management experience;
• Experience with security and risk management methodologies;
• Experience managing a complex ecosystem of stakeholders;
• Experience in data analysis.

You think you're a strong candidate but lack a few qualifications? Send us your application anyway-we're always eager to discover great talent.

Jobcode: Reference SBJ-re7ok7-18-221-140-197-42 in your application.