Principal Information Security Engineer (6586)

About Blackhawk Network

Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com.

Overview

Blackhawk Network’s software solutions underpin our success and include world-class transaction acquisition, switching and routing, real-time settlement, pre-paid card processing, fulfillment and business analytics components. State of the art consumer web sites, emerging mobile apps, and high-speed transaction processing with volume spikes that make Pikes Peak seem small are all part of a challenging and rewarding technology environment.

We are looking to hire a Principal Information Security Engineer to join the growing Blackhawk Network Global Information Security Team. This position will be tasked with establishing and leading a Product Security, Fraud & Risk, Public Cloud Security, Container Security, Secure Architecture function for Blackhawk Network products and services. The ideal candidate will be a technical subject matter expert with a passion for breaking ‘all the things’ and working with Engineering teams to fix them.

Responsibilities

• Actively coach and mentor junior team members to enhance their skills and performance
• Facilitate knowledge transfer by mentoring new hires and less experienced team members
• Lead initiatives with the objective of reducing software vulnerabilities in core Blackhawk Network products and services
• Perform security analysis of new features and technologies during design and development process for Blackhawk Network products and services to ensure security is in the forefront
• Develop/recommend tools to automate security testing and enable more efficient discovery and resolution of security vulnerabilities
• Develop/recommend framework for fraud, risk functionsand enable more efficient discovery and resolution of fraud, risk issues
• Build out a comprehensive testing framework combining internal and external testing experts, security tools and services and engineering-driven threat models into a sustainable testing process
• Provide product teams with appropriate support related to vulnerability management, dynamic and static application code testing, and results of penetration tests and security assessments
• Lead, conduct, and provide senior management reporting for security assessments via industry standard assessment tools and methodologies
• Research and understand emerging information security threats, vulnerabilities, and countermeasures
• Evangelizes secure coding practices and provides hands-on training to developers and quality engineers
• Create and manage an industry leading Bug Bounty program
• Design and manage systems and software responsible for performing dynamic and static code analysis
• Break things beautifully

Qualifications

Required:

• B.S. in Computer Science, Electrical Engineering or related experience
• 12+ years of experience as a Product Security and/or Application Security Engineer or related experience
• 10+ years of experience in Software Development, with most recent in Java and/or .NET stacks on Windows, and *nix platforms
• 7+ years of experience in Securing public cloud environments (AWS, Azure, GCP), and implementation of tools, process, framework (Zero Trust)
• 7+ years of experience in working in fintech environment on building and deploying fraud and risk frameworks
• Extensive experience with Secure Development Lifecycle practices and Agile development in a DevOps environment
• Deep expertise with tools such as HP Fortify, ZAP, Burp, BeEF etc.
• Deep expertise with Fraud and Risk framework and functions
• Deep expertise identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
• Extensive experience in an IT or security engineering role with working knowledge and understanding of information security system/network/application security best practices
• Proven communication skills including: effective oral and written communication, issue resolution, project management and motivating others

Preferred:

• Strong knowledge of the browser security model, crypto, and network security
• Working knowledge of relevant domestic and international security standards and best practices such as PCI DSS, ISO 27001/2, SSAE 16, SOX and AML
• BS. in Computer Science, Electrical Engineering, or related discipline preferred