About Blackhawk Network

At Blackhawk Network, we shape the future of global branded payments through the prepaid products, technologies and network that connect brands and people. Our collaborative innovation and scalable, security-minded solutions help our partners to increase reach, loyalty and revenue. We believe our future holds great things for Blackhawk Network and its partners. We believe that together, we can shape the future. Our beliefs? Win as one team, be innovative, global excellence and be inspiring!

Overview

Are you passionate about your work? Are you looking to take the next leap in your career? Are you looking for an energetic start-up environment with the security of a profitable, growing company? Are you looking for Life/Work balance? Are you looking to be a key contributor in the World’s leading Anytime/Anywhere Payment Network? If you answered ‘Yes’, please read on…your career is at Blackhawk Network, and we want to talk to you!

Blackhawk Network’s software solutions underpin our success and include world-class transaction acquisition, switching and routing, real-time settlement, pre-paid card processing, fulfillment and business analytics components. State of the art consumer web sites, emerging mobile apps, and high-speed transaction processing with volume spikes that make Pikes Peak seem small are all part of a challenging and rewarding technology environment.

We are looking to hire a Product Security Engineer to join our Product Security team and who will be a key addition to the Chief Information Security Officer’s organization. This position is Hybrid. The ideal candidate will be a technical self-starter. The candidate will understand the impact and security decisions that need to be made to keep our products and applications secure, and then be able to articulate those to engineers and business teams outside the CISO organization.

Responsibilities

Provider will perform the following tasks as part of delivering Product Security Support Services.

• Perform security architecture reviews and threat modeling
• Perform application security assessments and penetration testing
• Deploy/on-board application and product security tools
• Provide Product Security thought leadership across the company
• Provide support for product security commercial off-the-shelf (COTS) and in-house built applications.
• Perform code reviews of applications, manually and using static analysis tools.
• Work with development teams to find ways to integrate security testing into CI/CD pipeline
• Triage vulnerabilities from bug bounty and dynamic web scanning. Work with product owners on remediating the findings
• Design and develop security testing to be used for improving the triage/validation process
• Provide remediation guidance and recommendations to programmers and administrators based on severity and impact on product.
• Train programmers on application security basics and best practices

Qualifications

• Strong Product Security experience
• Strong Web architecture security asssessment experience
• Strong Threat modelling experience
• Strong Web Application penetration Testing, API Security experience
• Experience in S-SDLC and Threat Modeling
• Strong passion for Product Security
• 5-10 years of experience working on a security team
• Ability to program/script in at least one language; Python Django (preferred), Java, JavaScript, BASH, PowerShell
• Analytical with strong problem-solving skills and exercises good, balanced decision making
• Excellent written and verbal communication skills

Preferred

• Experience with Payment, Ecommerce and FinTech systems
• Experience working in software development
• Bug bounties or responsible disclosure awards
• Certifications – SANS GIAC, CISSP, ISC2, ISACA, OSCP/OSCE
• BS in Computer Science, Electrical Engineering, or related experience