View All Jobs 139417

Sr. Staff Product Security Engineer (hybrid - Pleasanton, CA)

Develop automated attack frameworks to identify vulnerabilities in payment transaction systems
Pleasanton, California, United States
Senior
$157,030 – 212,000 USD / year
4 weeks ago
Blackhawk Network

Blackhawk Network

Provides branded payment solutions, including gift cards, prepaid cards, and rewards, connecting brands with consumers across global retail and digital channels.
2 Similar Jobs at Blackhawk Network

Senior Penetration Tester

We're hiring a Senior Penetration Tester to help defend our fintech platform against large-scale payment fraud, carding attacks, and other financially motivated threats. You'll lead offensive security assessments targeting our transaction systems, authentication flows, and APIs — with a heavy focus on automation and scalability. Your work will directly impact our fraud defenses, detection strategy, and customer trust.

This is a highly technical, hands-on role for someone who thrives in a fast-paced, high-stakes fintech environment.

This position will be Hybrid (Tuesdays & Wednesdays) out of our Pleasanton, CA office.

Responsibilities

  • Lead penetration testing engagements focused on payment abuse, transaction manipulation, and business logic exploitation.
  • Design and execute automated attack simulations to test our defenses against:
    • Carding and BIN attacks
    • Credential stuffing and account takeovers
    • Checkout and payment flow abuse
    • API-level enumeration and fraud
  • Build custom tooling and frameworks to mimic the behavior of real-world fraudsters and cybercriminals.
  • Partner with fraud engineering, product security, and risk teams to identify weak points in our controls, detection systems, and architecture.
  • Conduct threat modeling and red teaming exercises related to payments, authentication, and user account abuse.
  • Document findings in technical reports with clear risk impact, exploitability, and remediation guidance.
  • Mentor junior testers and contribute to a culture of security innovation and continuous improvement.

Qualifications

  • 7+ years of experience in offensive security, penetration testing, or red teaming.
  • Strong background in payment systems, financial fraud tactics, and transaction-level attack surfaces.
  • Fluency in scripting and automation (e.g., Python, JavaScript, Go, Bash) to simulate attacker workflows at scale.
  • Familiarity with tools like Burp Suite Pro, Selenium, Scapy, ffuf, SQLMap, Metasploit, and bot automation frameworks.
  • In-depth knowledge of fintech technologies (e.g., tokenized payments, card vaulting, 3DS, ACH, real-time payment APIs).
  • Solid grasp of common attacker techniques: carding, fake identity generation, bypassing rate limits, evading fraud filters, and abusing web/app logic.
  • Strong communication skills for explaining findings to both technical and non-technical audiences.
  • Certifications: OSCP, OSEP, GWAPT, GPEN, GCPN, GXPN, GX-PT, CPSA/CRSA by CREST, CHECK, or TIGER.
  • Prior experience in a fintech, digital banking, or payment gateway environment.
  • Familiarity with OWASP Automated Threats, PCI DSS, MITRE ATT&CK for Financial Services, or fraud detection systems.
  • Experience building or testing real-time risk scoring engines and fraud defense pipelines.

Benefits

Salary Range for California Residents Only: $157,030.00 - $212,000.00

Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Blackhawk Network offers benefits including 401k with employer match, medical, dental, vision, 12 paid holidays in the year 2025, 1 hour of sick pay accrual for every 30 hours worked, parental leave, life insurance, disability insurance, accident and illness insurance, health and dependent care flexible spending accounts, wellness benefits, and flexible time off for all full-time employees.

EEO Statement

Blackhawk Network provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Blackhawk Network believes that diversity leads to strength. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Blackhawk Network encourages applicants with previous criminal records to apply to all positions and, pursuant to the San Francisco and Los Angeles Fair Chance Acts (and other "Fair Chance" laws), Blackhawk Network will consider for employment qualified applicants with arrest and conviction records. For Philadelphia applicants or jobs, please see a copy of Philadelphia's ordinance on this topic by clicking this link: https://codelibrary.amlegal.com/codes/philadelphia/latest/philadelphia_pa/0-0-0-280104.

+ Show Original Job Post
Suggest a correction
























Sr. Staff Product Security Engineer (hybrid - Pleasanton, CA)
Pleasanton, California, United States
$157,030 – 212,000 USD / year
Engineering
Apply to job
About Blackhawk Network
Provides branded payment solutions, including gift cards, prepaid cards, and rewards, connecting brands with consumers across global retail and digital channels.