Staff Product Security Engineer

Position Type
Full Time
Location : Location

About Blackhawk Network:

At Blackhawk Network, we shape the future of global branded payments through the prepaid products, technologies, and networks that connect brands and people. Our collaborative innovation and scalable, security-minded solutions help our partners to increase reach, loyalty, and revenue. We believe our future holds great things for Blackhawk Network and its partners. We believe that together, we can shape the future. Our beliefs? Win as one team, be innovative, global excellence and be inspiring

So, what are you waiting for? Shape your career and join our global network. Do you have a strong a strong passion for Product Security and would like to be part of a Global Security Team? 


Are you passionate about your work? Are you looking to take the next leap in your career? Are you looking for an energetic start-up environment with the security of a profitable, growing company? Are you looking for Life/Work balance? Are you looking to be a key contributor in the World’s leading Anytime/Anywhere Payment Network? If you answered ‘Yes’, please read on…your career is at Blackhawk Network and we want to talk to you!


Blackhawk Network’s software solutions underpin our success and include world-class transaction acquisition, switching and routing, real-time settlement, pre-paid card processing, fulfillment and business analytics components. State of the art consumer web sites, emerging mobile apps, and high-speed transaction processing with volume spikes that make Pikes Peak seem small are all part of a challenging and rewarding technology environment.


We are looking to hire Staff Product Security Engineer to join the growing Blackhawk Network Global Information Security Team, who will report to the Manager of Product Security. This position will be tasked with leading and growing the Blackhawk Network Offensive Security Team. The ideal candidate will be a technical self-starter. The candidate will understand the impact and security decisions that need to be made to keep corporate and production infrastructure secure, and then be able to articulate those to engineers and business teams outside the Security team.


This candidate will perform the following tasks as part of delivering Product Security Support Services.

  • Be a product security champion by driving Security Architecture and Design/implementation/optimization for web and API based cloud products.
  • Develop applications to proactive detect/defend against various web attacks.
  • Perform security assessments on new and existing product line to identify security risks and establish baseline security requirements.
  • You demonstrate excellent judgement in prioritizing security efforts to mitigate the appropriate risks.
  • Drive toward automation and advancement of security tools and processes ensuring innovation in various product security areas.
  • Present security risks to leadership and influence product strategy and direction.
  • Lead security audits and product security incident response.
  • Lead code reviews of applications using static analysis tools.
  • Work with development teams to find ways to integrate security testing into CI/CD pipeline.
  • Knowledge of AWS and other public and private cloud infrastructure for supporting and developing product security applications is required.
  • Fluency with the OWASP Top 10 and other common vulnerabilities and exploit techniques, and ability to define appropriate countermeasures.






  • 8+ years of cybersecurity experience including 4 or more years focused on product security.
  • Ability to lead various security initiatives among various internal teams.
  • Knowledge of PCI and ISO Regulatory Frameworks.
  • Familiarity with software maturity models such as OpenSAMM, BSIMM, and SDL.
  • Expertise in Threat modeling in an Agile environment.
  • Expertise in identifying, prioritizing, and resolving OWASP Top 10 vulnerabilities.
  • Excellent written and verbal communication skills
  • Proficiency in reading, writing, and auditing languages in at least one language like Java, Ruby, Python, or Javascript, and capability to pick up new languages/technologies.



  • Experience working in software development.
  • Bug bounties or responsible disclosure awards.
  • Certifications – OSCP/OSCE, SANS GIAC, CISSP, AWS OR GCP certifications.
  • Computer science degree
  • You contribute/author opensource tools, security blogs, and participate in CTS'








Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed