Information Security Specialist, Red Team Lead

Responsibilities: 

• Perform penetration tests and Red Team exercises against Phreesia’s range of infrastructure, applications, products, and services 
• Simulate Red v. Blue interactions and incorporate lessons learned to improve Phreesia’s defenses 
• Perform vulnerability scanning and secure configuration testing of information systems hosted across diverse platforms 
• Lead threat analysis and attack modeling to identify weaknesses in defenses, including network segmentation analysis and firewall reviews 
• Serve as advisor and subject-matter-expert of advanced adversary, offensive security objectives and tactics 
• Work closely with infrastructure and development teams to foster a culture of risk management, and increase awareness of threats and potential vectors of attack 
• Develop processes for vulnerability monitoring and alerting of Phreesia’s technology stack 
• Consult on regulatory and compliance requirements 

Qualifications: 

• OSCP-certified, actively pursuing OSCP, OSCE, OSWE certification (or similar), or equivalent knowledge and skills 
• > 7 years of Information Security experience, > 5 years performing network and application-layer penetration tests and assessments required 
• Experience in performing Red Team campaigns, maturing organizational vulnerability management practices 
• Experience training internal teams on offensive security tactics and defenses 
• Experience with architectural risk analysis and secure SDLC a plus 
• Experience with public bug bounty programs and CTF exercises a plus 
• Experience developing secure applications a plus