Information Security Analyst, Purple Team

Remote, USA or Canada

Phreesia logo
Phreesia
Apply now Apply later

Posted 1 month ago

The Information Security Analyst will work closely with Sr. Information Security Leads to perform technical risk assessments, offensive security testing, and incident detection and analysis.

What you'll do:

  • Perform a range of security assessments to identify information threats, internal control weaknesses, and remediation strategies
  • Conduct penetration tests and Red Team exercises against Phreesia’s infrastructure, applications, products, and services
  • Perform vulnerability scanning and secure configuration testing of information systems hosted across diverse platforms
  • Develop processes for vulnerability monitoring and alerting of risks to Phreesia’s technology stack
  • Manage and respond to Incident Detection and Response alerts
  • Provide coverage as part of 24x7 incident response rotation and respond to emergencies
  • Identify, automate collection of, and analyze threat information from security monitoring tools, distribution lists, and intelligence feeds
  • Develop alerts, searches, and dashboards to identify security incidents
  • Develop and maintain response procedures and processes for security incidents that occur (ex. malware remediation)
  • Simulate Red v. Blue interactions and incorporate lessons learned to improve Phreesia’s defenses
  • Collect and publish monthly qualitative and quantitative key risk indicators (KRIs)
  • Assist Sr. Information Security team members in maturity projects and initiatives

What you'll bring:

  • > 5 years of Information Security experience, > 2 years performing network and application-layer penetration tests and assessments required
  • > 2 years experience maturing organizational vulnerability management or incident detection and response practices
  • Experience with architectural risk analysis and secure SDLC a plus
  • Experience with public bug bounty programs and CTF exercises a plus
  • Preferred certifications: Security+, CISSP, CEH, GSEC, OSCP, ECIH, GCIH
  • Bachelor's degree required

Who We Are:

At Phreesia, we’re committed to helping healthcare organizations succeed in a fast-changing landscape—and we need smart, passionate people to help us do it. Our innovative SaaS platform offers our clients a suite of applications to manage the intake process, giving them the tools to engage patients, improve efficiency, optimize staffing and enhance clinical care.

Basically, what you do here matters, and hard work does not go unnoticed. Not only does Phreesia care about our clients, we also care about our employees. In fact, we’re a three-time winner of Modern Healthcare magazine’s Best Places to Work in Healthcare award. If you’re interested in consistent feedback and recognition, defined career paths, and the opportunity to work with driven and engaged colleagues in a dynamic industry, this may be the right opportunity for you. 

Benefits and Perks:

  • Variety of health plan options, dental/ vision coverage, and short/long-term and life insurance plans
  • 401(k) savings plan
  • Flexible working hours
  • Unlimited vacation
  • Mobile phone stipends and internet reimbursement
  • Fitness reimbursement
  • 100% paid maternity leave to our U.S. employees, as well as a generous maternity benefit to our employees in Canada.
  • Tuition and certification reimbursement, as well as other professional development opportunities

We strive to provide a diverse and inclusive environment and are an equal opportunity employer.

Job tags: CEH CISSP CTF GCIH Go Incident response Malware Offensive Security OSCP Red team SaaS Security assessments Vulnerability management