Phreesia is looking for a DevSecOps Engineer to join our growing team!
At Phreesia we acknowledge that the world of software development is changing rapidly. With this acknowledgement we recognize that security teams too must change. We understand that DevSecOps is a very new cultural element of broader industry change. We are looking for people who see the light & want to grow into this role based on their passion. We know you arent an engineer with 20 years experience in automating everything as code in continuous delivery pipelines or were in the room when Mitchell Hashimoto wrote the first line. What we care about is your vision & ambition matched with drive to learn, ability to apply, & be awesome.
The Security Engineering team located in the larger Engineering team is a group of doers. The team consists of both DevSecOps & SecOps roles to provide opportunities for development minded security individuals, as well as those with strong operational skillsets. Each role is deeply respected & equally valued. We are a team of engineers who subscribe to newer principles of application design & by extension newer principles of securing the environment. We speak fluent 12 factor app & understand that the technical world is headed toward an everything as code nexus.
What Youll Do:
- Build, maintain, & make available security tooling for developers with an API first approach. Your builds will be both based on OSS security tooling & acquired products (WAFs SigSci, Patching - Invanti, IDS Alertlogic, Next gen AV CarbonBlack, A mix of AWS & significant on-premises infrastructure to name a few)
- Advocate for, construct, & maintain code derived automation across the entire engineering organization.
- Help to integrate automated & repeatable secure code inspection controls into our release pipelines.
- Provide other engineering team members with well-researched practical security advice to demonstrate vulnerabilities & fixes, collaborating with all teams to provide & help contribute to secure development guidance & fixes.
- Learn & grow on a team of individuals committed to managing security through coded repeatability.
- Work with engineering teams transitioning to newer deployment (Containers, Serverless, Kubernetes) & development methodologies (Continuous Delivery) on security fundamentals.
- Understand environmental threats & provide subject matter expertise, advice, & engineering resources to resolving these problems.
- Advocate for security as a subject matter expert across multiple organizational structures
- Interface with compliance partners on their needs to provide audit evidence
- Field requests from our auditors (team activity) & use your creative brain to devise automation-based solutions to old world problems.
What You'll Bring:
- 4-6 years experience on a security operations team with at least 1-2 of those focused primarily on as code security. (Experience with codified deployment solutions, API gluing, & reviewing code in development pipelines are examples of experience requested)
- Bachelors degree in C.S. or similar
- An insatiable desire to learn & grow
- A general understanding of old & new development patterns. Release cycles, CI/CD, Code check-in & review.
- A DevSecOps forward mindset with a high emphasis to solving problems via code & API forward approaches.
- The ability to read common development languages & detect security anti-patterns.
- Code/Scripting experience in a general-purpose language. Preferably Python or Go.
- Implementation experience with AWS security controls & generalized knowledge of security architectural patterns equivocal knowledge in Azure or GCP is also reasonable.
- A minimum conceptual knowledge that can be later grown to working knowledge of containers & orchestration environments. (Docker, Swarm, K8s, Tanzu, or variants)
- Some experience conceptualizing & thinking about threat assessments & threat modeling both in the release cycle & containerized environments.
- A respect for the DevSecOps manifesto- Through Security as Code, we have & will learn that there is simply a better way for security practitioners, like us, to operate & contribute value with less friction. We know we must adapt our ways quickly & foster innovation to ensure data security & privacy issues are not left behind because we were too slow to change.
- Nice to have:
- Some experience with AWS IAM & access related controls.
Who We Are:
At Phreesia, were committed to helping healthcare organizations succeed in a fast-changing landscapeand we need smart, passionate people to help us do it. Our innovative SaaS platform offers our clients a suite of applications to manage the intake process, giving them the tools to engage patients, improve efficiency, optimize staffing & enhance clinical care.
Basically, what you do here matters, & hard work does not go unnoticed. Not only does Phreesia care about our clients, we also care about our employees. In fact, were a three-time winner of Modern Healthcare magazines Best Places to Work in Healthcare award. If youre interested in consistent feedback & recognition, defined career paths, & the opportunity to work with driven & engaged colleagues in a dynamic industry, this may be the right opportunity for you.
Benefits & Perks:
- Variety of health plan options, dental/ vision coverage, & short/long-term & life insurance plans
- 401(k) savings plan (USA) or RRSP plan (Canada)
- Unlimited vacation
- Home office setup stipend
- Mobile phone stipends & Internet reimbursement
- 100% paid parental leave to our U.S. employees, as well as a generous maternity benefit to our employees in Canada.
- Tuition & certification reimbursement, as well as other professional development opportunities
We strive to provide a diverse & inclusive environment & are an equal opportun