About the role
Are you looking for a team that is energized by the constantly evolving world of application design and security? We are preparing for the future and are looking for a talented, experienced Security Architect - I to join us in building things from inception with deep-rooted security principles and design.
As a security expert, you will play a critical role in ensuring that our systems are secure and resilient. You will help Phreesia in securely configuring public cloud and data center infrastructure. You’ll work on building and understanding threat models in our release pipelines and runtime, as well as dig deep into our application code and the Phreesia application itself
.
Our offering spans a wide array of cutting-edge technologies including Classic web applications, Android and hardware builds, Credit Card Security and HSMs, Classic Datacenters and the Cloud. We operate in an interesting compliance space that includes both healthcare and card compliance, making this role a constantly creative and challenging on
**e.
What You’ll**
- Do:Build (both visually and via documentation) threat models and perform security reviews on Phreesia’s applications and infrastructu
- re.Assist to define and integrate Security Architecture standards and Secure SDLC processes across the organization, ensuring our security practices stay top-notch and our products remain unbeatab
- le.Be the go-to person for Application Security for web, devices and backend platfor
- ms.Assist to design high-tech security practices via CI/CD pipelines for our cloud and container release platfor
- ms.Collaborate with development teams, DevOps, and platform engineering teams to integrate security controls and secure coding practic
- es.Assist in design and scaling of security projects like SAST, DAST, WAF, e
- tc.Dive deep into our most critical applications and their technology stack, exploring every aspect from the ground
- up.Dig into code to seek deep understanding of the application’s logic and identify security vulnerabiliti
- es.Empower and inspire our team of developers, architects, and others through training in secure coding and design principles to build the most robust and secure applications possib
- le.Support compliance programs like SOC2, PCI, HIPAA and HITRUST certifications in Phrees
- ia.Mentor other members of the Security Architecture and Infrastructure tea
**ms.
What You’ll Br**
- ing:Bachelor's degree in computer science or related discipli
- nes.8+ years of overall experience in software development, information security, or information technology, including 5+ years in security engineering or software development and 2+ years in application security fi
- eld.Have knowledge in the DevSecOps proce
- ssesAdvanced skillset in the application security: HSTS, CSPs, and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Experience in Cloud Security is requi
- red.A guardrail, not gates, mentality and agree that the best security happens via collaboration and practical direct
- ion.Experience with industry leading compliance programs such as SOC2, HITRUST, PCI DSS, ISO 27001, etc is requ
- iredSSCP, CEH, CompTIA CASP+, or equivalent certifications are prefer
- red.Advanced skillset in defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and rev
- iew.Have advanced knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environme
- nts.Demonstrated advanced experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environme
- nts.Knowledge of microservices oriented architect
- ure.Ability to prioritize various tasks and projects while thriving in a hands-on, collaborative environment. You’ll be working with teams across the organization so we’re looking for someone who can lead with empa
thy.
About Phreesia
Phreesia was founded in 2005 to help patients take an active role in their care. Our innovative technology empowers healthcare organizations to better understand their patients and equip them with the knowledge, skills and confidence to succeed.
With robust tools for registration, scheduling, payments and clinical support, Phreesia helps providers maximize efficiency and create great patient experiences. Today, we facilitate more than 150 million patient visits annually—and activating patients is at the core of everything we do.
To learn more, visit: https://www.phreesia.com
About the role
Are you looking for a team that is energized by the constantly evolving world of application design and security? We are preparing for the future and are looking for a talented, experienced Security Architect - I to join us in building things from inception with deep-rooted security principles and design.
As a security expert, you will play a critical role in ensuring that our systems are secure and resilient. You will help Phreesia in securely configuring public cloud and data center infrastructure. You’ll work on building and understanding threat models in our release pipelines and runtime, as well as dig deep into our application code and the Phreesia application itself
.
Our offering spans a wide array of cutting-edge technologies including Classic web applications, Android and hardware builds, Credit Card Security and HSMs, Classic Datacenters and the Cloud. We operate in an interesting compliance space that includes both healthcare and card compliance, making this role a constantly creative and challenging on
**e.
What You’ll**
- Do:Build (both visually and via documentation) threat models and perform security reviews on Phreesia’s applications and infrastructu
- re.Assist to define and integrate Security Architecture standards and Secure SDLC processes across the organization, ensuring our security practices stay top-notch and our products remain unbeatab
- le.Be the go-to person for Application Security for web, devices and backend platfor
- ms.Assist to design high-tech security practices via CI/CD pipelines for our cloud and container release platfor
- ms.Collaborate with development teams, DevOps, and platform engineering teams to integrate security controls and secure coding practic
- es.Assist in design and scaling of security projects like SAST, DAST, WAF, e
- tc.Dive deep into our most critical applications and their technology stack, exploring every aspect from the ground
- up.Dig into code to seek deep understanding of the application’s logic and identify security vulnerabiliti
- es.Empower and inspire our team of developers, architects, and others through training in secure coding and design principles to build the most robust and secure applications possib
- le.Support compliance programs like SOC2, PCI, HIPAA and HITRUST certifications in Phrees
- ia.Mentor other members of the Security Architecture and Infrastructure tea
**ms.
What You’ll Br**
- ing:Bachelor's degree in computer science or related discipli
- nes.8+ years of overall experience in software development, information security, or information technology, including 5+ years in security engineering or software development and 2+ years in application security fi
- eld.Have knowledge in the DevSecOps proce
- ssesAdvanced skillset in the application security: HSTS, CSPs, and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Experience in Cloud Security is requi
- red.A guardrail, not gates, mentality and agree that the best security happens via collaboration and practical direct
- ion.Experience with industry leading compliance programs such as SOC2, HITRUST, PCI DSS, ISO 27001, etc is requ
- iredSSCP, CEH, CompTIA CASP+, or equivalent certifications are prefer
- red.Advanced skillset in defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and rev
- iew.Have advanced knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environme
- nts.Demonstrated advanced experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environme
- nts.Knowledge of microservices oriented architect
- ure.Ability to prioritize various tasks and projects while thriving in a hands-on, collaborative environment. You’ll be working with teams across the organization so we’re looking for someone who can lead with empa
thy.
About Phreesia
Phreesia was founded in 2005 to help patients take an active role in their care. Our innovative technology empowers healthcare organizations to better understand their patients and equip them with the knowledge, skills and confidence to succeed.
With robust tools for registration, scheduling, payments and clinical support, Phreesia helps providers maximize efficiency and create great patient experiences. Today, we facilitate more than 150 million patient visits annually—and activating patients is at the core of everything we do.
To learn more, visit: https://www.phreesia.com