Job type full-time
Full job description
About blackhawk network: at blackhawk network, we shape the future of global branded payments through the prepaid products, technologies and network that connect brands and peopleOur collaborative innovation and scalable, security-minded solutions help our partners to increase reach, loyalty and revenueWe believe our future holds great things for blackhawk network and its partnersWe believe that together, we can shape the futureOur beliefs? win as one team, be innovative, global excellence and be inspiring!
Overview: are you passionate about your work? are you looking to take the next leap in your career? are you looking for an energetic start-up environment with the security of a profitable, growing company? are you looking for life/work balance? are you looking to be a key contributor in the world’s leading anytime/anywhere payment network? if you answered ‘yes’, please read on…your career is at blackhawk network and we want to talk to you!
Blackhawk network’s software solutions underpin our success and include world-class transaction acquisition, switching and routing, real-time settlement, pre-paid card processing, fulfillment and business analytics componentsState of the art consumer web sites, emerging mobile apps, and high-speed transaction processing with volume spikes that make pikes peak seem small are all part of a challenging and rewarding technology environment.
We are looking to hire an offensive security engineer to join the growing blackhawk network global information security team, who will report to the manager of information securityThis position is based in pleasanton, ca with remote being possibleThis position will be tasked with leading and growing the blackhawk network offensive security teamThe ideal candidate will be a technical self-starter with a passion for breaking ‘all the things’ unbreakable; and working with teams to fix themThe candidate will understand the impact and security decisions that need to be made to keep corporate and production infrastructure secure, and then be able to articulate those to engineers and business teams outside the security teamResponsibilities:
Be part of a high-impact and multi-talented offensive security team
Work with stakeholders on defining scope, requirements of engagement and performing engagements
Participate in offensive security exercises such as penetration testing and red team exercises, physical and virtual
Perform penetration tests on computer systems, networks, web-based applications, mobile applications and physical locations
Keep up to date with latest penetration testing and ethical hacking ttps
Creating tooling and automation for offensive security team
Deploy testing methodology and collect data
Enhance testing methodologies
Report findings to stakeholders
Provide guidance on findings for tooling selection and implementation – closing the gap in endpoint and network visibility across the enterprise
Assist in the development of effecting and efficient internal security policies, procedures and standards
Work closely with other members of the security team to test, tune, and deploy security technologies that are scalable and enhance detection and response
Qualifications:
Strong passion for offensive security
2+ years of experience working on a red/purple team, penetration testing team or offensive security team for an enterprise or firm
Offensive security – osint, web application, network, *nix/windows/mac environment, social engineering, and red/purple team engagements
Experience with security tools such as; nmap, metasploit, kali, burp, cobalt strike, wireshark, aircrack-ng, etc.
Understanding of mitre/ptes framework, and threat modeling
Exploit creation, scripting and reverse engineering
Understanding of command and control, data exfiltration, and lateral movement techniques
In depth knowledge of opsec, evasion and anti-forensics techniques
In depth knowledge of application, network, and system and modern attacker techniques to exploit these vulnerabilities
In depth knowledge of networking fundamentals networking fundamentals, with a deep understanding of tcp/ip and other core protocols
In depth knowledge of web applications in .net, asp.net, ajax, json, java and apis and penetration testing them
In depth knowledge of mobile application on ios and android and penetration testing them
Debugging and disassembly
3+ years experience with a range of security controls for at least the following technologies:
Active directory
Firewalls
Networking
Cloud services
Operating systems – windows/*nix/macos
Experience with pci, sox, soc-2, hipaa, gdpr, nist and iso regulatory frameworks
Ability to program/script in at least one language; python, go, assembly, perl, ruby, c/c#/c++, java, javascript, bash, powershell
Analytical with strong problem-solving skills and exercises good, balanced decision making
Excellent written and verbal communication skills
Ability to report and explain findings to a technical and c-level audience
Preferred:
Consulting experience
5+ years experience as a system administration, network engineer, desktop engineer, cloud engineer, devops engineer, and/or developer
Certifications – sans giac, cissp, isc2, isaca, oscp/osce
S/ m.s/ phd in computer science, electrical engineering or related experience
You contribute/author opensource tools, security blogs, and participate in ctfs
Hiring insights
Job activity
Posted 30+ days ago