Information Security Specialist, Red Team Lead

Phreesia   •  

Raleigh, NC

5 - 7 years

Posted 271 days ago

This job is no longer available.

Responsibilities: 

  • Perform penetration tests and Red Team exercises against Phreesia’s range of infrastructure, applications, products, and services 
  • Simulate Red v. Blue interactions and incorporate lessons learned to improve Phreesia’s defenses 
  • Perform vulnerability scanning and secure configuration testing of information systems hosted across diverse platforms 
  • Lead threat analysis and attack modeling to identify weaknesses in defenses, including network segmentation analysis and firewall reviews 
  • Serve as advisor and subject-matter-expert of advanced adversary, offensive security objectives and tactics 
  • Work closely with infrastructure and development teams to foster a culture of risk management, and increase awareness of threats and potential vectors of attack 
  • Develop processes for vulnerability monitoring and alerting of Phreesia’s technology stack 
  • Consult on regulatory and compliance requirements 

Qualifications: 

  • OSCP-certifiedactively pursuing OSCP, OSCEOSWE certification (or similar), or equivalent knowledge and skills 
  • > 7 years of Information Security experience5 years performing network and application-layer penetration tests and assessments required 
  • Experience in performing Red Team campaigns, maturing organizational vulnerability management practices 
  • Experience training internal teams on offensive security tactics and defenses 
  • Experience with architectural risk analysis and secure SDLC a plus 
  • Experience with public bug bounty programs and CTF exercises a plus 
  • Experience developing secure applications a plus