Responsibilities:
- Perform penetration tests and Red Team exercises against Phreesia’s range of infrastructure, applications, products, and services
- Simulate Red v. Blue interactions and incorporate lessons learned to improve Phreesia’s defenses
- Perform vulnerability scanning and secure configuration testing of information systems hosted across diverse platforms
- Lead threat analysis and attack modeling to identify weaknesses in defenses, including network segmentation analysis and firewall reviews
- Serve as advisor and subject-matter-expert of advanced adversary, offensive security objectives and tactics
- Work closely with infrastructure and development teams to foster a culture of risk management, and increase awareness of threats and potential vectors of attack
- Develop processes for vulnerability monitoring and alerting of Phreesia’s technology stack
- Consult on regulatory and compliance requirements
Qualifications:
- OSCP-certified, actively pursuing OSCP, OSCE, OSWE certification (or similar), or equivalent knowledge and skills
- > 7 years of Information Security experience, > 5 years performing network and application-layer penetration tests and assessments required
- Experience in performing Red Team campaigns, maturing organizational vulnerability management practices
- Experience training internal teams on offensive security tactics and defenses
- Experience with architectural risk analysis and secure SDLC a plus
- Experience with public bug bounty programs and CTF exercises a plus
- Experience developing secure applications a plus