What is the opportunity?

Application Security Engineer plays a critical role in improving the overall security posture of our products and platforms. This role focuses on end-to-end security testing across Web, Mobile, and Thick Client applications, and partners closely with product and engineering teams to implement secure development practices. The candidate will lead initiatives related to threat modelling, secure code reviews, feature assessments, automation (e.g., Semgrep), and root cause analysis for high-impact vulnerabilities.

This is a senior individual contributor role that requires deep technical expertise, leadership in security initiatives, and a proactive mindset for process improvement.

Key Responsibilities :-

Security Testing & Reviews

• Conduct in-depth manual and automated security testing of Web, Mobile (Android/iOS), and Thick Client applications.

• Perform secure code reviews using both manual techniques and tools like Semgrep, integrated into CI/CD pipelines.

• Review product features for potential security issues early in the development lifecycle and provide risk-based recommendations.

Security Architecture & Threat Modelling

• Facilitate threat modelling and architecture reviews with product and engineering teams.

• Provide guidance on secure design patterns, attack surface reduction, and defense-in-depth strategies.

Process & Posture Improvement

• Lead and drive initiatives to improve the overall security posture of products and development practices.

• Define and implement scalable security controls and development guardrails.

Security Issue & Incident Collaboration

• Work with Incident Response and Bug Bounty teams to evaluate researcher-submitted and customer-reported issues.

• Conduct variant and root cause analysis for high-severity (P0/P1) bugs and provide long-term remediation guidance.

Stakeholder Management

• Collaborate with Product BU leaders and engineering stakeholders to align on security goals and assist in their execution.

• Act as a trusted security advisor to cross-functional teams across the organization.

Must have Skills : -

• 10 to 20 years of experience in the security domain, specifically in Application/Product Security.

• Demonstrated expertise in:

  • Web, Mobile, and Thick Client security testing.

  • Threat modelling and secure design review.

  • Manual code reviews across multiple languages and frameworks.

  • Use and automation of security tools such as Semgrep, SAST/DAST tools, and custom scripts.

• Proficiency with languages such as Java, Kotlin, Swift, JavaScript, Python, C#/.NET.

• Strong understanding of security principles including authentication, authorization, secure storage, and cryptographic best practices.

• Excellent communication skills, including the ability to present security issues and recommendations to technical and non-technical stakeholders.

Good to have skills : -

• Hands-on experience with CI/CD security automation, container security, and cloud environments (AWS/GCP/Azure).

• Certifications such as OSWE, OSCP, OSEP, GWAPT, GMOB, or equivalent.

• Experience working with bug bounty programs, VDPs, or vulnerability triage.

• Track record of contributions to the security community (e.g., blogs, talks, open-source tools, CVEs).

What will you bring to Omnissa?

• Work closely with teams to create, update and maintain threat models

• Perform secure code reviews and manual application security testing across all our products

• Triage and validate externally reported issues against our products

• Provide guidance and education to developers

• Develop ways to help identify and prevent systematic issues