We are seeking an Application Security Architect to join our Security Engineering team! We seek candidates who are passionate about keeping our applications safe and secure.
We subscribe to newer principles of application design and by extension newer principles of securing the environment. We speak fluent 12 factor app and understand that the technical world is headed toward an “everything as code” nexus. The continuous delivery model, infrastructure as code, and slowly approaching serverless world energizes us to build things from inception with deep-rooted security principles and design. We are preparing for this and working diligently internally to help our engineering colleagues plan, prepare, execute, and embrace the “new world.”
You will work deeply on vulnerability identification, remediation, and deterrence. You’ll build and understand threat models in our release pipelines and runtime as well as seek deep understanding in our application code and the Phreesia application itself.
The Phreesia offering spans a very wide array of technologies including (to name a few - Classic web applications, Android and hardware builds, Credit Card Security and HSMs, Classic Datacenters and the Cloud). Phreesia operates in an interesting compliance space that includes both healthcare and card compliance that will help to make this role a constantly creative one.
What You’ll Do:
- Build (both visually and via documentation) threat models and perform security reviews on Phreesia’s applications and infrastructure.
- Assist the broader security engineering team to define and integrate Security Architecture standards and Secure SDLC across the organization.
- Act as subject matter expert for Application Security and consult with the engineering on challenging security questions.
- Become intimately involved in helping to design a large-scale transition Phreesia is undertaking to our CI/CD pipelines and help design to security best practice on our cloud and container release platforms.
- Help Phreesia in designing and scaling security projects like SAST, DAST, WAF, etc.
- Review our most critical applications and their technology stack from the ground up. leverage GitOps, Container Release infrastructure, Kubernetes, and container ecosystems (all the pieces around K8s) at least conceptually and help understand and define point controls.
- Dig into code to seek deep understanding.
- Help to perform risk analysis of new and current build projects.
- Expect to participate in all manner of team projects: Build, deploy, fix, and assist the engineering team.
- Train developers, architects and others on secure coding and design principles.
- Support compliance programs like SOC2, PCI, HIPPA and HITRUST certifications in Phreeisa.
- Support and improve vulnerability management program in Phreesia.
What You’ll Bring:
- An insatiable desire to learn and grow.
- A background in container build environments.
- A guardrail, not gates, mentality and agree that the best security happens via collaboration and practical direction.
- A “define the problem” mindset that seeks deep understanding over quick fixes.
- Background in the application security basics: HSTS, CSPs, and a working knowledge of the OWASP top ten exploitation paths and control mitigations to protect against them.
- A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review.
- Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build.
- Excellent documentation skills.
- Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments.
- Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
Who We Are:
At Phreesia, we’re looking for smart and passionate people to help drive our mission of creating a better, more engaging healthcare experience. We’re committed to helping healthcare organizations succeed in an ever-evolving landscape by transforming the way healthcare is delivered. Our SaaS platform digitizes appointment check-in and offers tools to engage patients, improve efficiency, optimize staffing, and enhance clinical care.
Phreesia cares about our employees by providing a diverse and dynamic work environment. We’re a five-time winner of Modern Healthcare Magazine’s Best Places to Work in Healthcare award and we’ve been recognized on the Bloomberg Gender Equality Index. We are dedicated to continuously improving our employee experience by launching new programs and initiatives. If you thrive in a culture of recognition, value inclusivity, professional development, and growth opportunities, Phreesia could be a great fit!
Top-rated Employee Benefits:
- Remote First: 100% Remote work + home office expense reimbursements+ monthly allowance for cell phone, internet and wellness.
- Top of market rewards: Competitive compensation + equity grants for all employees
- Take time when you need time: Unlimited PTO + company holidays
- Top class healthcare benefits: Variety of healthcare benefits for you and your family (and your pets!) starting day one
- Care about your families: Generous top-up for paternity leave benefits
- Support personal development: Continuing education and professional certification reimbursement
- Connecting in person: Various offsite events and activities for team to connect and meet in person, to support team building and engagement.
- Giveback to community: Local in-person volunteer events, and give back programs to our communities.
- Recognition and perks: We have a company wide recognition tool (Phireworks) to celebrate milestones, recognize achievements and strengthen your bond with your teams. You can accumulate points and redeem them for a wide catalogue of items!
- Diversity and inclusive environment: At Phreesia, all employees are encouraged to bring their authentic self to work, feel supported and perform at their best. We have a variety of Employee Resources Groups (ERGs) which bring together individuals from a wide range of backgrounds, experiences and perspectives, and seek to foster a sense of shared community and empowerment for employees who share a common social identity, such as gender, race, ethnicity, and sexual orientation.
We strive to provide a diverse and inclusive environment and are an equal opportunity employer.
Job Type: Full-time
Let us know
Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if:
Overview:AARP is the nation’s largest nonprofit, nonpartisan organization dedicated to empowering people 50 and older to choose how they live as they age. With a nationwide presence and nearly 38 million members, AARP strengthens communities and advocates.
Position: Palo Alto Security EngineerDuration: 12+ month with extensionJob Description:6+ years of experience specifically with Palo Alto.Degree is nice to have.Certification is not critical.JOB TITLE:Senior Security EngineerMUST HAVE SKILLS (Most Important):.
About the Team:Join us in building a secure platform supporting Avalara's expanding business. In this role you will have the opportunity to engage with the best and brightest engineers and architects as they build our future application and service capabilities,.
TeachTown is seeking a Director/Senior Manager of Technology to join our Product and Technology Team. The Director/Senior Manager of Technology will lead the team both strategically and technically by designing and implementing our technical strategy.
Purpose of the Role: &mPulse Mobile is hiring an Information Security Analyst who will report to the Manager, of IT, Compliance & Security. The IS Analyst will Plan, implement, upgrade, or monitor security measures for the protection of computer networks.
More jobs by this company
Job Description:Phreesia is looking for a passionate Senior Software Engineer to join our growing team! Does the idea of creating innovative solutions in the healthcare field while positively impacting people's lives excite you? Read further!As a Senior.
Job Description:We’re seeking a Software Developer in Test / QA Automation Lead to join our QA team for Payments. As our lead, you’ll leverage your expertise in best-practice for quality assurance testing, streamline processes, and guide our team of.
Job Description:We have a new Data Science team seeking an experienced and hands-on Data Scientist to join us. You’ll leverage your extraordinary analytical and technical skills in this role. You’ll also support the team’s effort around managing the.