Info Security Ops Engineer II

About Blackhawk Network:

Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com.

Overview:

We're seeking a highly skilled SOC Detection Engineer II to be a cornerstone of our Global Security Operations Center (GSOC). This role is critical to advancing our cybersecurity posture by engineering next-generation detection capabilities. You'll specialize in Splunk Enterprise Security (ES) and Splunk SOAR, while also pioneering the use of AI and Generative AI to proactively identify and neutralize security threats against our enterprise and product environments, including sophisticated fraud schemes.

Responsibilities:

Advanced Detection Engineering & Threat Hunting

- Design, develop, and manage the full lifecycle of high-fidelity detection logic in Splunk ES and SOAR for both enterprise and product security operations.
- Leverage AI/ML models and GenAI to build predictive and behavioral-based detections, moving beyond traditional signature-based methods.
- Proactively hunt for threats by operationalizing threat intelligence, developing hypotheses, and using advanced data analytics and anomaly detection.
- Continuously mature our detection portfolio by mapping capabilities to frameworks like MITRE ATT&CK, identifying gaps, and optimizing existing logic for peak effectiveness.

Automation & AI-Enhanced SOAR Development

- Develop sophisticated Python scripts to create custom, intelligent automation for Splunk SOAR playbooks and integrations.
- Utilize GenAI to augment security orchestration, such as by generating incident summaries or recommending response actions within playbooks.
- Automate complex and repetitive security tasks to significantly boost operational efficiency and shrink our mean time to respond (MTTR).

Threat Intelligence Operationalization

- Integrate and operationalize threat intelligence from platforms like Recorded Future, Rapid7 Threat Command, and Anomali directly into our detection and automation workflows.
- Collaborate closely with threat intelligence analysts to enrich threat data, ensuring detections are contextualized and actionable.

Cloud Security Detection

- Engineer and enhance robust security monitoring and detection capabilities specifically for our AWS cloud environments.
- Partner with cloud operations teams to ensure security detection is seamlessly integrated into our cloud infrastructure and CI/CD pipelines.

Qualifications:

Technical Expertise

- Deep, hands-on mastery of Splunk ES and Splunk SOAR, including complex correlation search development, data model optimization, and advanced playbook creation.
- Demonstrable expertise in Python scripting for bespoke security automation, extending beyond out-of-the-box SOAR functionalities.
- Proven experience applying AI/ML or GenAI in a security context, such as for anomaly detection, UEBA, or automating analyst workflows.
- Extensive experience managing and securing AWS environments, including knowledge of services like GuardDuty, CloudTrail, and Security Hub.
- Strong working knowledge of threat intelligence platforms (Recorded Future, Rapid7, Anomali).

Cybersecurity Operations Acumen

- In-depth understanding of modern SOC methodologies, threat landscapes, and cybersecurity frameworks.
- Extensive experience in proactive threat hunting, incident detection, and developing effective mitigation strategies.
- Ability to dissect complex security incidents and design resilient detection and response strategies based on lessons learned.

Preferred Qualifications & Certifications 🏅

- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Advanced cybersecurity certifications are highly preferred, such as CISSP, GIAC (GCDA, GDAT), Splunk SOAR Certified Automation Developer, or AWS Certified Security - Specialty.