Phreesia is looking for a DevSecOps Engineer to join our growing team!
At Phreesia we acknowledge that the world of software development is changing rapidly. With this acknowledgement we recognize that security teams too must change. We understand that “DevSecOps” is a very new cultural element of broader industry change. We are looking for people who see the light and want to grow into this role based on their passion. We know you aren’t an engineer with 20 years’ experience in automating everything as code in continuous delivery pipelines or were in the room when Mitchell Hashimoto wrote the first line. What we care about is your vision and ambition matched with drive to learn, ability to apply, and be awesome.
The Security Engineering team located in the larger Engineering team is a group of “doers”. The team consists of both DevSecOps and SecOps roles to provide opportunities for development minded security individuals, as well as those with strong operational skillsets. Each role is deeply respected and equally valued. We are a team of engineers who subscribe to newer principles of application design and by extension newer principles of securing the environment. We speak fluent 12 factor app and understand that the technical world is headed toward an “everything as code” nexus.
What You’ll Do:
- Build, maintain, and make available security tooling for developers with an API first approach. Your builds will be both based on OSS security tooling and acquired products (WAFs – SigSci, Patching - Invanti, IDS – Alertlogic, “Next gen” AV – CarbonBlack, A mix of AWS and significant on-premises infrastructure to name a few)
- Advocate for, construct, and maintain code derived automation across the entire engineering organization.
- Help to integrate automated and repeatable secure code inspection controls into our release pipelines.
- Provide other engineering team members with well-researched practical security advice to demonstrate vulnerabilities and fixes, collaborating with all teams to provide and help contribute to secure development guidance and fixes.
- Learn and grow on a team of individuals committed to managing security through coded repeatability.
- Work with engineering teams transitioning to newer deployment (Containers, Serverless, Kubernetes) and development methodologies (Continuous Delivery) on security fundamentals.
- Understand environmental threats and provide subject matter expertise, advice, and engineering resources to resolving these problems.
- Advocate for security as a subject matter expert across multiple organizational structures
- Interface with compliance partners on their needs to provide audit evidence
- Field requests from our auditors (team activity) and use your creative brain to devise automation-based solutions to “old world” problems.
What You'll Bring:
- 4-6 years’ experience on a security operations team with at least 1-2 of those focused primarily on “as code” security. (Experience with codified deployment solutions, API “gluing”, and reviewing code in development pipelines are examples of experience requested)
- Bachelor’s degree in C.S. or similar
- An insatiable desire to learn and grow
- A general understanding of old and new development patterns. Release cycles, CI/CD, Code check-in and review.
- A DevSecOps forward mindset with a high emphasis to solving problems via code and API forward approaches.
- The ability to read common development languages and detect security anti-patterns.
- Code/Scripting experience in a general-purpose language. Preferably Python or Go.
- Implementation experience with AWS security controls and generalized knowledge of security architectural patterns – equivocal knowledge in Azure or GCP is also reasonable.
- A minimum conceptual knowledge that can be later grown to working knowledge of containers and orchestration environments. (Docker, Swarm, K8’s, Tanzu, or variants)
- Some experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments.
- A respect for the DevSecOps manifesto- “Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.”
- Nice to have:
- Some experience with AWS IAM and access related controls.
Who We Are:
At Phreesia, we’re committed to helping healthcare organizations succeed in a fast-changing landscape—and we need smart, passionate people to help us do it. Our innovative SaaS platform offers our clients a suite of applications to manage the intake process, giving them the tools to engage patients, improve efficiency, optimize staffing and enhance clinical care.
Basically, what you do here matters, and hard work does not go unnoticed. Not only does Phreesia care about our clients, we also care about our employees. In fact, we’re a three-time winner of Modern Healthcare magazine’s Best Places to Work in Healthcare award. If you’re interested in consistent feedback and recognition, defined career paths, and the opportunity to work with driven and engaged colleagues in a dynamic industry, this may be the right opportunity for you.
Benefits and Perks:
- Variety of health plan options, dental/ vision coverage, and short/long-term and life insurance plans
- 401(k) savings plan (USA) or RRSP plan (Canada)
- Unlimited vacation
- Home office setup stipend
- Mobile phone stipends and Internet reimbursement
- 100% paid parental leave to our U.S. employees, as well as a generous maternity benefit to our employees in Canada.
- Tuition and certification reimbursement, as well as other professional development opportunities
We strive to provide a diverse and inclusive environment and are an equal opportun