Security Analyst (DFIR) – Security Operations Center (SOC) (F/M/NB)

Company Description Ubisoft’s 19,000 team members, working across more than 40 locations around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming ex

Company Description

Ubisoft’s 19,000 team members, working across more than 40 locations around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their dedication and talent has brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to come.

Ubisoft is an equal opportunity employer that believes diverse backgrounds and perspectives are key to creating worlds where both players and teams can thrive and express themselves.

If you are excited about solving game changing challenges, cutting edge technologies, and pushing the boundaries of entertainment, we invite you to join our journey and help us create the unknown.

Job Description

The Security Analyst (Digital Forensics and Incident Response) as part of the Incident Response team within the SOC, works to resolve reports of malware, phishing, data leaks, and all other identified security issues.

With your technical expertise of querying data with multiple tools you will identify the root cause of cyber security issues then coordinate across IT teams to resolve them. In collaboration with the Fraud and Investigation team you will also assist with joint cyber/insider threat investigations.

Incidents assigned to you will be taken from initial report to resolution, delegating responsibilities to other IT teams where necessary and coordinating all actions with stakeholders, including management.

You’ll also be providing feedback on security detections to the SOC team, assist with tuning alerts and assist with designing new detections. When time permits you will also support threat hunting efforts and detect undiscovered malicious behaviors.


  • Acting as a central point of contact within the global incident response team, the Security Analyst will:
  • Coordinate the resolution of all security incidents.
  • Query and analyze log sources in the SIEM for IOCs, attacker TTPs and evidence of suspicious behavior.
  • Aggregate logs between disparate sources and arrange them into a readable report then communicate it to stakeholders.
  • Identify security risks, find the root cause, and bring risk to an acceptable level for management.
  • Develop and maintain exceptional procedural documentation.
  • Develop Automated investigative dashboards which collect several key searches into a single action.
  • Create and maintain operational metrics dashboards to track, measure and identify security trends for management and other teams. Develop KPIs, actionable insights from data and dashboards created in Splunk.
  • Meet with adjacent security department teams to communicate incident trends.
  • Automate follow ups, escalations, and reminders to focus on operational goals.
  • Extract IOCs & TTPs from previous attacks and coordinate with other teams to reduce incident reoccurrence.
  • Use open source and internal information to gather knowledge on recurring threat actors.
  • Review & respond to alerts presented in security tools: SIEM, EDR/XDR, IDS etc.

For additional information, our team uses Splunk, Crowdstrike, Microsoft E5 (Defender, MCAS, E-Discovery), ideally you have experience with these tools or an equivalent.



  • Having moderate experience in a cyber security position previously at medium or large business is a must; (CERT, Corporate SOC, Government CSIRT).
  • Experience with one or more of: threat hunting, digital forensics, incident response and corporate investigations.
  • Knowledge of one or more of:

    • SIEMs: Query expertise (Logical operators AND, OR, NOT, Filtering, Time bounding, wildcards, regexes).
    • Endpoint AV & EDR experience: Knowledge of inspecting process trees, registry modifications & network activity.
    • Digital Forensics Tools: Forensic Capture, Disk Image Analysis, Memory Analysis.
  • Proven experience with dashboarding and charting skills (Timecharts, graphs, pivot tables, stats, visual style & readability).
  • Knowledge of threat actor TTPs and typical attack methods defined in MITRE ATT&CK.
  • You know where malware hides, how it evades detection, how to find it, how to remove it and how to prevent reinfection.
  • Experience in remediating large security incidents such as Data Breaches, Ransomware, Cryptocurrency Miners, and insider threat activity.
  • Demonstrating motivation through your involvement in the security community – having personal projects, certifications, participation in CTFs, home security lab or keeping updated on security trends.
  • Bilingual French and English is required both orally and written.

Additional Information

Recruitment process

Ubisoft adapts itself to COVID-19 period. Every recruitment interview is conducted through visual conference to protect your health and that of our team:

  • [30 min; remote] – Phonescreening with one Talent Acquisition Specialist.
  • Technical case to prepare remotely.
  • [60 min; remote] – Interview with the security team lead, the risk management team lead and a talent acquisition specialist.
  • [60 min; remote] – Final interview with your future department director and one future colleague.

Ubisoft Advantages

Profit sharing, company saving plan. 25 Paid Holidays, 12 additional days off, 50% of your transportation subscription, luncheon voucher, health insurance + special Ubisoft advantages

Our headquarter is in Saint-Mandé (line 1, “Saint-Mandé” stop), Gym inside our office, remote friendly company

For gamers : 4 AAA games per years, 100% access to Ubisoft PC catalog

Complementary information

Ubisoft is committed to creating an inclusive work environment that reflects the diversity of our player community. Qualified applicants will receive consideration for employment without regard to their race, ethnicity, religion, gender, sexual orientation, age, or disability status. All information will be treated as confidential in accordance with the Employment Equity Act.

Leave a Reply