Incident Response & Digital Forensics Team Lead
Joining Ubisoft IT within the Security& Risk Management team, you’ll work with all of Ubisoft’s Security and IT resources including management to ensure proper coordination, prioritization, mitigation, and risk reduction of all identified security incidents. Your role is to champion security within the organization and foster relations with other IT teams.
This is a key position in the global security operations team and the SOC, meaning you’ll be the key global contact for all Incident Response activities at Ubisoft and the entry point to coordinate all Cyber, Physical and Human Investigations.
Furthermore, you’ll respond to incidents reported to the team by using their technical expertise to query data and uncover evidence of malicious activity. You’ll also block the activity, then provide recommendations and spearhead initiatives to prevent it from happening again.
- Lead incident response activities and internal investigations during their entire lifecycle while acting as a central point of contact within Ubisoft;
- Query log sources for Indicators of Compromise (IOCs), determine attacker Tactics, techniques and procedures (TTPs) and evidence of suspicious behaviour;
- Aggregate logs between disparate sources and arrange them into a readable report then communicate it to stakeholders;
- Coordinate with other teams, and assign responsibilities - Leverage legal, compliance, and privacy experts as needed to consult and advise on actions regarding regulatory aspects of incidents;
- Use open source and internal information to gather knowledge on reoccurring threat actors. Extract IOCs & TTPs from previous attacks and coordinate with other teams to reduce incident reoccurrence;
- Identify operational risks, find the root cause, and bring risk to an acceptable level for management;
- Enrich evidence from cyber investigations with OSINT, Physical security logs, operational logs, and SME knowledge;
- Follow all applicable laws, regulations and internal policies & maintain chain of custody and the integrity of the evidence;
- Participate in the implementation of a complete set of incident response workflows, as well as develop, maintain and document operational processes.
- Proven track record leading a remote distributed team;
- You have a detective 'mindset' that leaves no stone unturned in an investigation.
- Extensive experience as a Cyber Incident Response analyst and/or Digital Forensics analyst;
- You can search, identify and aggregate technical logs from dozens of different sources, make sense of them, arrange them into a readable format then explain them to Executive, Lawyer or HR professional;
- You are proficient with SIEM tools (Splunk and ELK Stack), Endpoint AV & EDR, IDS, DLP, & digital forensics;
- Basic ability to do malware analysis and obfuscated script reversing (CyberChef, Automated analysis Sandboxes);
- Cyber security certification, Incident Response or Digital Forensics specific certifications are a plus.
Just a heads up: If you require a work permit, your eligibility may depend on your education and years of relevant work experience, as required by the government.
Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above.
At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.