Vulnerability Management Specialist

• Location: Saint-Mandé, Paris Area, France
• Duration of work: Full-time
• Remote or on-site: Flexible working organization to be discussed with the manager of the role, in accordance with the Ubisoft Work From Home policy - 3 days a week in our Saint-Mandé office.

Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their dedication and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

We are seeking a talented Vulnerability Management Specialist to enhance our cybersecurity team by identifying, assessing, and mitigating IT security vulnerabilities. The ideal candidate has a deep understanding of vulnerability assessment, prioritization, CVSS scoring, attack vectors, triage filtering, analytics, and contextualization and has excellent collaborative skills to manage large stakeholder groups.

As part of the Vulnerability Management Program team, you will help build Ubisoft’s Vulnerability Operations Center—focusing on:

• Vulnerability Treatment: Operational processes, patching strategies, and metrics-driven remediation.
• Vulnerability Platform: Tooling enhancements, system integrations, automation, customization, and advanced scanning capabilities.

The Vulnerability Management team protects critical assets and build visibility one our risk landscape. The team’s mission is to provide comprehensive visibility into the risk landscape of Ubisoft’s environment and security posture, enabling upper management to clearly understand our risk levels. By prioritizing and addressing the most critical vulnerabilities, the team aims to safeguard key assets while driving the implementation of an efectuve vulnerability lifecycle management process supported by actionable, metrics-driven insights.

In the Vulnerability Management team, your role includes supporting vulnerability mitigation, implementing best practices, and driving continuous improvement. Joining Ubisoft’s global Security & Risk Management (SRM) team, you will contribute to safeguarding our games, cloud environments, and employee systems, playing a key role in enhancing our security posture.

Responsibilities:

• Stay updated on emerging vulnerabilities and communicate risks to stakeholders;
• Coordinate mitigations for zero-day and other high-profile vulnerabilities;
• Generate and track remediation plans and tickets for system and application flaws;
• Develop reports on vulnerability discovery and closure to ensure accountability;
• Collaborate on security hot-fixes and validate patch management processes;
• Optimize large-scale patching and enforce vulnerability management policies;
• Promote patching best practices through training and communication;
• Monitor compliance with patching SLAs and track remediation metrics;
• Use analytics tools (e.g., Power BI, Tableau) to report vulnerability trends and KPIs;
• Design improved data collection and reporting methods for program efficiency.

Relevant experience, skills and knowledge

Skills:

• Proficiency with data visualization and analytics tools (e.g., Power BI, Tableau);
• Experience with vulnerability management tools (e.g., Tenable, Qualys, Rapid7);
• Solid knowledge of networking, operating systems, and web application security;
• Strong analytical, problem-solving, and data analysis skills;
• Effective communication and interpersonal abilities for diverse audiences;
• Skilled in prioritizing tasks and managing projects in fast-paced environments;
• Familiarity with security standards like OWASP Top 10, CVSS, and CVE is a plus.

Qualifications and Training:

• Education in Computer Science, Cybersecurity, IT, or equivalent experience (prefered);
• CISSP, CISM, CEH, CompTIA Security+ certifications (preferred);
• Familiarity with ISO 27001, NIST, CIS, PCI-DSS frameworks (preferred);
• English required;
• French a plus.

Relevant experience:

• Experience in IT security field or relevant vulnerability management experience;
• Experience with security and risk management methodologies;
• Experience managing a complex ecosystem of stakeholders;
• Experience in data analysis.

You think you're a strong candidate but lack a few qualifications? Send us your application anyway—we’re always eager to discover great talent.

Ubisoft's perks
💰 Profit Sharing, yearly company saving plan. 25 paid time off + 12 additional paid days off. 50% of your transportation pass is paid by the company, lunch vouchers (9€/day), healthcare for you and your family, and lots of Ubisoft additional perks.
👶 Maternity leaves of 20 weeks, paternity/co-parental leaves of 7 weeks.
📍 Our office is located in Saint Mandé, (Metro line 1, Saint Mandé station). Gym available in the building. Ability to work with a hybrid work arrangement according to the Ubisoft Work From Home policy.

Recruitment process
[30 minutes]: phone or visio call with a Recruiter,
[60 minutes]: interview with the Security Team Lead (manager of the role) and the IT Associate Director,
[60 minutes]: technical interview with a cybersecurity expert from Ubisoft,
[45 minutes]: final round interview with an Architect and/or an Executive from the SRM department.

Additional Information
Ubisoft offers the same job opportunities to all, without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability, or age. Ubisoft ensures the development of an inclusive work environment which mirrors the diversity of our gamers’ community.
This job reports to Ubisoft IT.

Check out this guide to help you with your application, and learn about our actions to encourage more diversity and inclusion.