Ubisoft Montreal, an industry leading developer of video games, located in the heart of Montreal’s Mile-End, offers a unique environment where creativity, teamwork and cutting-
edge technology bring to life critically acclaimed video games and iconic AAA franchises.
When you join Ubi Montreal, you enter a community of passionate, extraordinary people connected by their need to innovate, to be creative and to work with the latest technology.
You’ll discover a world where employees enjoy constant career advancement, a supportive learning environment, and competitive compensation packages.
Ubisoft is looking for an Application Security Architect to join the Security and Risk Management, Applications and Infrastructure (AIS) team.
This team has a global role, they provide technical analysis, design and implementation recommendations for defensive security across the company.
The Security Architect will :
Act as a key technical resource for Ubisoft internal partners, including management, regarding technical security matters related to all environments;
Coordinate project security in order to assist IT teams in delivering secure infrastructure solutions with security recommendations and requirements;
Perform technical risk assessments, threat modeling, architecture security reviews, repeatable guidance and follow-ups for projects involving public-
facing services, large number of users and complex architectures;
Ensure prevention and good management of technical, legal and human security-related risks by elaborating and proposing improvements to security policies, guidelines and standards with a global mindset, taking into consideration all Ubisoft offices;
Communicate efficiently while delivering security needs and validating that appropriate security measures are in place.
Bachelors’ Degree in Computer Sciences or any related discipline;
Security certification (CISSP and / or GIAC).
2+ years in information security field or relevant experience;
5+ years in technical hands-on on at least one of the following topics : Microsoft security, Network security, Linux security;
Strong knowledge of technical security concepts
Vast knowledge of complex cybersecurity topics including : secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static and dynamic code analysis)
Strong knowledge of network design and technologies (TCP / IP stack, VPNs, Firewalls, Reverse-proxies, PKI and encryption)
Strong knowledge of web protocols and an in-depth knowledge of Linux / Unix tools and architecture
Exposure to code security issues and comprehension of algorithms in order to recommend best coding practices
Knowledge of Risk assessment methodologies (STRIDE, NIST)
Particularly strong communication skills, both verbal and written
Maturity, judgment, mentoring, negotiation / influence skills, analytical skills
English language is required.
Other important qualifications :
Offensive security experience (pentesting, red teaming) is an asset
Fluency in AWS, Azure and / or GCE
Experience in programmatic automation (C#, Python, PHP, Ruby, etc)
Security certifications (CISSP, GIAC, CISA)
Strong knowledge of industry standards (ISO27002, PCI Compliance, NIST / DISA, OWASP)