Sr Product Security Engineer / Pen Tester (Hybrid - Coppell, TX)

Blackhawk Network•Coppell, TX

1d•Hybrid

About The Position

About Blackhawk Network: Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com. Overview: We’re hiring a Sr Product Security Engineer / Pen Tester to help defend our fintech platform against large-scale payment fraud, carding attacks, and other financially motivated threats. You’ll lead offensive security assessments targeting our transaction systems, authentication flows, and APIs — with a heavy focus on automation and scalability. Your work will directly impact our fraud defenses, detection strategy, and customer trust. This is a highly technical, hands-on role for someone who thrives in a fast-paced, high-stakes fintech environment. This position will be Hybrid out of our Pleasanton, CA or Coppell, TX office.

Requirements

7+ years of experience in offensive security, penetration testing, or red teaming.
Strong background in payment systems, financial fraud tactics, and transaction-level attack surfaces.
Fluency in scripting and automation (e.g., Python, JavaScript, Go, Bash) to simulate attacker workflows at scale.
Familiarity with tools like Burp Suite Pro, Selenium, Scapy, ffuf, SQLMap, Metasploit, and bot automation frameworks.
In-depth knowledge of fintech technologies (e.g., tokenized payments, card vaulting, 3DS, ACH, real-time payment APIs).
Solid grasp of common attacker techniques: carding, fake identity generation, bypassing rate limits, evading fraud filters, and abusing web/app logic.
Strong communication skills for explaining findings to both technical and non-technical audiences.
OSCP, OSEP, GWAPT, GPEN, GCPN, GXPN, GX-PT, CPSA/CRSA by CREST, CHECK, or TIGER.
We seek candidates who not only demonstrate curiosity and adaptability in emerging technologies but have also successfully implemented and utilized AI tools to enhance their work, improve processes, or deliver measurable results. Our teams embrace continuous learning and the thoughtful integration of AI to create meaningful impact – for our employees and the future of work.

Nice To Haves

Prior experience in a fintech, digital banking, or payment gateway environment.
Familiarity with OWASP Automated Threats, PCI DSS, MITRE ATT&CK for Financial Services, or fraud detection systems.
Experience building or testing real-time risk scoring engines and fraud defense pipelines.

Responsibilities

Lead penetration testing engagements focused on payment abuse, transaction manipulation, and business logic exploitation.
Design and execute automated attack simulations to test our defenses against: Carding and BIN attacks Credential stuffing and account takeovers Checkout and payment flow abuse API-level enumeration and fraud
Build custom tooling and frameworks to mimic the behavior of real-world fraudsters and cybercriminals.
Partner with fraud engineering, product security, and risk teams to identify weak points in our controls, detection systems, and architecture.
Conduct threat modeling and red teaming exercises related to payments, authentication, and user account abuse.
Document findings in technical reports with clear risk impact, exploitability, and remediation guidance.
Mentor junior testers and contribute to a culture of security innovation and continuous improvement.