Info Security Ops Engineer I

About Blackhawk Network:

Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com.

Overview:

We are looking for an experienced Senior Detection Engineer specializing in Splunk Enterprise Security (ES), Splunk SOAR, and proactive detection engineering. This role is critical to enhancing our cybersecurity posture through the development and onboarding of advanced detection use cases aimed at preventing and mitigating enterprise and product security threats, including fraud.

Responsibilities:

Detection Engineering & Use Case Development

- Develop, deploy, and manage detection use cases in Splunk ES and SOAR for enterprise and product security operations.
- Identify and implement proactive threat detection techniques using data analytics, threat intelligence, and anomaly detection methodologies.
- Continuously evaluate and optimize existing detection capabilities to maintain effectiveness against emerging threats.

Automation & Script Development

- Develop custom automation scripts in Python to enhance Splunk SOAR playbooks and integrations.
- Automate repetitive security processes, improving operational efficiency and response time.

Threat Intelligence Integration

- Integrate and operationalize threat intelligence feeds and platforms including Recorded Future, Rapid7 Threat Command, and Anomali into detection workflows.
- Collaborate closely with threat intelligence analysts to refine and contextualize threat data.

Cloud Security Expertise

- Implement and enhance security monitoring and detection capabilities specific to AWS environments.
- Collaborate with cloud operations teams to ensure seamless integration of security detection capabilities with AWS infrastructure.

Incident Detection & Response

- Support security operations teams with the detection and analysis of cybersecurity incidents.
- Continuously refine detection strategies based on lessons learned from incidents and industry best practices.

Collaboration & Communication

- Work cross-functionally with cybersecurity teams, infrastructure teams, and application developers to align detection capabilities with business needs.
- Clearly communicate technical concepts and detection strategies to stakeholders of varying technical backgrounds.

Qualifications:

Technical Expertise

- Strong proficiency in Splunk ES and Splunk SOAR (formerly Phantom), including playbook creation, automation workflows, and complex query development.
- Demonstrable experience in Python scripting, including development of custom automation solutions beyond standard SOAR capabilities.
- Extensive knowledge and hands-on experience with threat intelligence platforms (Recorded Future, Rapid7 Threat Command, Anomali).
- Proven expertise managing security in AWS cloud environments.

Cybersecurity Operations

- Deep understanding of cybersecurity frameworks, methodologies, and best practices in SOC environments.
- Hands-on experience in incident detection, response processes, and proactive threat mitigation strategies.

Problem Solving & Analytical Skills

- Ability to analyze complex security events and design effective detection and mitigation strategies.
- Skilled in troubleshooting, diagnosing, and resolving security detection and automation issues.

Preferred Qualifications & Certifications

- Bachelor’s degree in Computer Science, Information Security, or related fields.
- Cybersecurity certifications such as CISSP, CEH, Splunk SOAR Certification, AWS Certified Security Specialty, or related certifications highly preferred.