Application Security Architect

Are you looking for a team that is energized by the constantly evolving world of application design and security? We are preparing for the future and are looking for a talented, experienced Application Security Architect to join us in building things from inception with deep-rooted security principles and design.

As a security expert, you will play a critical role in ensuring that our systems are secure and resilient. You will help Phreesia in securely configuring public cloud and data center infrastructure. You’ll work on building and understanding threat models in our release pipelines and runtime, as well as dig deep into our application code and the Phreesia application itself

.
Our offering spans a wide array of cutting-edge technologies including Classic web applications, Android and hardware builds, Credit Card Security and HSMs, Classic Datacenters and the Cloud. We operate in an interesting compliance space that includes both healthcare and card compliance, making this role a constantly creative and challenging on

e.
What You’ll

• Do:
  Build (both visually and via documentation) threat models and perform security reviews on Phreesia’s applications and infrastruct
• ure.Assist to define and integrate Security Architecture standards and Secure SDLC processes across the organization, ensuring our security practices stay top-notch and our products remain unbeata
• ble.Be the go-to person for Application Security for web, devices and backend platfo
• rms.Assist to design high-tech security practices via CI/CD pipelines for our cloud and container release platfo
• rms.Collaborate with development teams, DevOps, and platform engineering teams to integrate security controls and secure coding practi
• ces.Assist in design and scaling of security projects like SAST, DAST, WAF,
• etc.Dive deep into our most critical applications and their technology stack, exploring every aspect from the ground
• up.Dig into code to seek deep understanding of the application’s logic and identify security vulnerabilit
• ies.Empower and inspire our team of developers, architects, and others through training in secure coding and design principles to build the most robust and secure applications possi
• ble.Support compliance programs like SOC2, PCI, HIPAA and HITRUST certifications in Phree
• sia.Mentor other members of the Security Architecture and Infrastructure te

ams.
What You’ll B

• ring:
  Bachelor's degree in computer science or related discip
• lines.8+ years of overall experience in software development, information security, or information technology, including 5+ years in security engineering or software development and 2+ years in application security
• field.Have knowledge in the DevSecOps pro
• cessesAdvanced skillset in the application security: HSTS, CSPs, and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Experience in Cloud Security is req
• uired.A guardrail, not gates, mentality and agree that the best security happens via collaboration and practical dire
• ction.Experience with industry leading compliance programs such as SOC2, HITRUST, PCI DSS, ISO 27001, etc is re
• quiredSSCP, CEH, CompTIA CASP+, or equivalent certifications are pref
• erred.Advanced skillset in defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and r
• eview.Have advanced knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environ
• ments.Demonstrated advanced experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environ
• ments.Knowledge of microservices oriented archite
• cture.Ability to prioritize various tasks and projects while thriving in a hands-on, collaborative environment. You’ll be working with teams across the organization so we’re looking for someone who can lead with em