We are Omnissa!

The world is evolving fast, and organizations everywhere—from corporations to schools—are under immense pressure to provide flexible, work-from-anywhere solutions. They need IT infrastructure that empowers employees and customers to access applications from any device, on any cloud, all while maintaining top-tier security. That’s where Omnissa comes in.

The Omnissa Platform is the first AI-driven digital work platform that enables smart, seamless and secure work experiences from anywhere. It uniquely integrates multiple industry-leading solutions including Unified Endpoint Management, Virtual Apps and Desktops, Digital Employee Experience, and Security & Compliance through common data, identity, administration, and automation services. Built on the vision of autonomous workspaces - self configuring, self-healing, and self-securing - Omnissa continuously adapts to the way people work; delivering personalized and engaging employee experiences, while optimizing security, IT operations and costs. we're experiencing rapid growth—and this is just the beginning of our journey!

At Omnissa, we’re driven by a shared mission to maximize value for our customers. Our five Core Values guide us: Act in Alignment, Build Trust, Foster Inclusiveness, Drive Efficiency, and Maximize Customer Value—all with the aim of achieving shared success for our clients and our team.

As a global private company with over 4,000 employees, we’re always looking for passionate, talented individuals to join us. If you're ready to make an impact and help shape the future of work, we’d love to hear from you!

What is the opportunity?

Application Security Engineer plays a critical role in improving the overall security posture of our products and platforms. This role focuses on end-to-end security testing across Web, Mobile, and Thick Client applications, and partners closely with product and engineering teams to implement secure development practices. The candidate will lead initiatives related to threat modelling, secure code reviews, feature assessments, automation (e.g., Semgrep), and root cause analysis for high-impact vulnerabilities.

This is a senior individual contributor role that requires deep technical expertise, leadership in security initiatives, and a proactive mindset for process improvement.

Key Responsibilities :-

Security Testing & Reviews

• Conduct in-depth manual and automated security testing of Web, Mobile (Android/iOS), and Thick Client applications.

• Perform secure code reviews using both manual techniques and tools like Semgrep, integrated into CI/CD pipelines.

• Review product features for potential security issues early in the development lifecycle and provide risk-based recommendations.

Security Architecture & Threat Modelling

• Facilitate threat modelling and architecture reviews with product and engineering teams.

• Provide guidance on secure design patterns, attack surface reduction, and defense-in-depth strategies.

Process & Posture Improvement

• Lead and drive initiatives to improve the overall security posture of products and development practices.

• Define and implement scalable security controls and development guardrails.

Security Issue & Incident Collaboration

• Work with Incident Response and Bug Bounty teams to evaluate researcher-submitted and customer-reported issues.

• Conduct variant and root cause analysis for high-severity (P0/P1) bugs and provide long-term remediation guidance.

Stakeholder Management

• Collaborate with Product BU leaders and engineering stakeholders to align on security goals and assist in their execution.

• Act as a trusted security advisor to cross-functional teams across the organization.

Must have Skills : -

• 10 to 20 years of experience in the security domain, specifically in Application/Product Security.

• Demonstrated expertise in:

  • Web, Mobile, and Thick Client security testing.

  • Threat modelling and secure design review.

  • Manual code reviews across multiple languages and frameworks.

  • Use and automation of security tools such as Semgrep, SAST/DAST tools, and custom scripts.

• Proficiency with languages such as Java, Kotlin, Swift, JavaScript, Python, C#/.NET.

• Strong understanding of security principles including authentication, authorization, secure storage, and cryptographic best practices.

• Excellent communication skills, including the ability to present security issues and recommendations to technical and non-technical stakeholders.

Good to have skills : -

• Hands-on experience with CI/CD security automation, container security, and cloud environments (AWS/GCP/Azure).

• Certifications such as OSWE, OSCP, OSEP, GWAPT, GMOB, or equivalent.

• Experience working with bug bounty programs, VDPs, or vulnerability triage.

• Track record of contributions to the security community (e.g., blogs, talks, open-source tools, CVEs).

What will you bring to Omnissa?

• Work closely with teams to create, update and maintain threat models

• Perform secure code reviews and manual application security testing across all our products

• Triage and validate externally reported issues against our products

• Provide guidance and education to developers

• Develop ways to help identify and prevent systematic issues