Incident Response

Company Description

Ubisoft’s 20,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come. Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves. If you are excited about solving game-changing challenges, cutting edge technologies and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

**Job Description**:
Joining Ubisoft IT within the Security& Risk Management team, you’ll work with all of Ubisoft’s Security and IT resources including management to ensure proper coordination, prioritization, mitigation, and risk reduction of all identified security incidents. Your role is to champion security within the organization and foster relations with other IT teams.

This is a key position in the global security operations team and the SOC, meaning you’ll be the key global contact for all Incident Response activities at Ubisoft and the entry point to coordinate all Cyber, Physical and Human Investigations.

Furthermore, you’ll respond to incidents reported to the team by using their technical expertise to query data and uncover evidence of malicious activity. You’ll also block the activity, then provide recommendations and spearhead initiatives to prevent it from happening again.

**Responsibilities**:

- Lead incident response activities and internal investigations during their entire lifecycle while acting as a central point of contact within Ubisoft;
- Query log sources for Indicators of Compromise (IOCs), determine attacker Tactics, techniques and procedures (TTPs) and evidence of suspicious behaviour;
- Aggregate logs between disparate sources and arrange them into a readable report then communicate it to stakeholders;
- Coordinate with other teams, and assign responsibilities - Leverage legal, compliance, and privacy experts as needed to consult and advise on actions regarding regulatory aspects of incidents;
- Use open source and internal information to gather knowledge on reoccurring threat actors. Extract IOCs & TTPs from previous attacks and coordinate with other teams to reduce incident reoccurrence;
- Identify operational risks, find the root cause, and bring risk to an acceptable level for management;
- Enrich evidence from cyber investigations with OSINT, Physical security logs, operational logs, and SME knowledge;
- Follow all applicable laws, regulations and internal policies & maintain chain of custody and the integrity of the evidence;
- Participate in the implementation of a complete set of incident response workflows, as well as develop, maintain and document operational processes.

**Qualifications**:

- Proven track record leading a remote distributed team;
- You have a detective 'mindset' that leaves no stone unturned in an investigation.
- Extensive experience as a Cyber Incident Response analyst and/or Digital Forensics analyst;
- You can search, identify and aggregate technical logs from dozens of different sources, make sense of them, arrange them into a readable format then explain them to Executive, Lawyer or HR professional;
- You are proficient with SIEM tools (Splunk and ELK Stack), Endpoint AV & EDR, IDS, DLP, & digital forensics;
- Basic ability to do malware analysis and obfuscated script reversing (CyberChef, Automated analysis Sandboxes);
- Cyber security certification, Incident Response or Digital Forensics specific certifications are a plus.

Additional Information

Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.

**_ At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences._