Application Security Engineer III

Are you looking for a team that is energized by the constantly evolving world of application design and security? At Phreesia we are at the forefront of technological advancement, speaking fluent 12-factor app and embracing the “everything as code” movement. We are preparing for the future and are looking for a talented, experienced Application Security Engineer III to join us in building things from inception with deep-rooted security principles and design.  

As a vulnerability identification and remediation expert, you will play a critical role in ensuring that our systems are secure and resilient. You’ll work on building and understanding threat models in our release pipelines and runtime, as well as dig deep into our application code and the Phreesia application itself.  

Our offering spans a wide array of cutting-edge technologies including Classic web applications, Android and hardware builds, Credit Card Security and HSMs, Classic Datacenters and the Cloud. We operate in an interesting compliance space that includes both healthcare and card compliance, making this role a constantly creative and challenging one. 

What You’ll Do: 

• Build (both visually and via documentation) threat models and perform security reviews on Phreesia’s applications and infrastructure. 

• Join forces with our brilliant Security Engineering team to define and integrate Security Architecture standards and Secure SDLC across the organization, ensuring our security practices stay top-notch and our products remain unbeatable. 

• Act as a key player in Phreesia’s large-scale transition to modern CI/CD pipelines and help design high-tech security practices for our cloud and container release platforms. 

• Hands on experience with application security domains such as web, devices (mobile and tablets) and backend platforms.  

• Help Phreesia design and scale security projects like SAST, DAST, WAF, etc. 

• Support compliance programs like SOC2, PCI, SOX, and HITRUST certifications in Phreesia.  

• Support vulnerability management program in Phreesia. 

• Participate in our internal vendor review assessment process.  

• Help development teams in meeting security requirements through security consultations.  

What You’ll Bring: 

• Bachelor's degree in computer science or related disciplines. 

• 4+ years of experience in software development, information security, cloud security or information technology. With at least 2+ years of experience in application security. 

• Background in the application security basics: HSTS, CSPs, and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Experience in Cloud security is required. 

• A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review.  

• Experience with performing security reviews for web and backend applications. 

• Experience with at least one Infrastructure-as-code language like Ansible, Terraform, etc.  

• Ability to prioritize various tasks and projects while thriving in a hands-on, collaborative environment. You’ll be working with teams across the organization so we’re looking for someone who can lead with empathy. 

• Proven track record of delivering results. 

Base pay for US is $120,000 - $150,000 USD depending on qualifications.