Staff II - Application Security Engineer

Job Description: Application Security Engineer – Staff 2 Location - Atlanta, GA or Mountain View, CA We are Omnissa! Omnissa is the first AI-driven digital work platform, built to support flexible, secure, work-from-anywhere experiences. We integrate industry-leading solutions—including Unified Endpoint Management, Virtual Apps and Desktops, Digital Employee Experience, and Security & Compliance—into a seamless, autonomous workspace that adapts to how people work. Our platform boosts employee engagement while optimizing IT operations, security, and cost. Guided by our Core Values—Act in Alignment, Build Trust, Foster Inclusiveness, Drive Efficiency, and Maximize Customer Value—we’re growing rapidly and committed to delivering meaningful impact. If you’re passionate about shaping the future of work, we’d love to hear from you. What is the opportunity?: This is a senior, hands-on technical leadership role on our Product Security team. As a Staff 2 Application Security Engineer, you will set the technical direction for how we secure software across Omnissa’s product portfolio — spanning Unified Endpoint Management, Virtual Apps and Desktops, and our cloud-native and mobile platforms. You will operate as a force multiplier: influencing architecture and engineering decisions across multiple teams, raising the security bar for the broader organization, and tackling the hardest, most ambiguous problems where the right answer isn’t yet defined. This is a technical leadership track and does not include direct people management; your impact comes through expertise, influence, and the standards you set for others. If you have an analytical mind, a passion for software security, and thrive on solving hard problems, this role is for you. A successful candidate handles a variety of difficult challenges, manages their time efficiently, solves problems creatively, and can identify and understand root causes. Key Responsibilities: Security Architecture & Threat Modeling Set technical direction for application security across the portfolio — defining standards, patterns, and guardrails adopted by engineering teams at scale. Lead threat modeling across distributed, cloud-native, and mobile architectures as a repeatable practice embedded in the development lifecycle, not a one-off exercise. Define security architecture reference designs that, when followed by engineering teams, remove the need to security-review that aspect on a per-feature basis. Identify architectural risk early and influence roadmap and design decisions before implementation begins. Secure Code Review & Vulnerability Research Perform manual code review and application security testing across Java and C++ codebases; codify findings into reusable guidance engineers can act on without follow-up. Scale code review coverage using AI-assisted analysis and custom CodeQL queries tuned to Omnissa's codebase and vulnerability patterns. Conduct variant analysis to ensure confirmed vulnerability classes are remediated consistently across the codebase, not in isolation. Triage and validate externally reported vulnerabilities — assess exploitability, severity, and business impact, and drive remediation to closure across team boundaries. Translate individual findings into systemic recommendations that address root-cause design or implementation gaps across products. Security Program Maturity Define and evolve the SDL — identify gaps, drive measurable improvements, and own the iteration cycle. Improve the feature security review program so security work shifts left into design and scales across teams, rather than landing as a release gate. Mature the product penetration testing program — define scope, methodology, and cadence; ensure findings drive systemic fixes, not one-off patches. Build and scale the security champions program; mentor engineers and create training that extends security capability beyond the security team. Establish metrics that make program effectiveness visible to engineering and product leadership. What success looks like: First 3 months: Build a deep understanding of the product architecture, development toolchain, and release process across multiple product areas. Begin influencing in-flight architectural and design decisions, and identify the highest-leverage gaps in the current security program. First 6 months: Own the security strategy for a significant area of the portfolio. Set direction that other engineers execute against, drive cross-team prioritization of security work, and shape backlog and roadmap decisions. Iterate improvements on the current SDL. 12 months and beyond: Deliver measurable, org-level improvements in security posture — e.g., materially reduced mean time to remediation, broadened threat model coverage, or new automation adopted in production across teams. Be recognized as a go-to technical authority on application security and a multiplier of the team’s overall effectiveness. Leadership and team culture: Report to the Director of Product Security and take technical direction from the Manager of Application Security, while operating with a high degree of autonomy. Work closely with a committed team of security engineers, product managers, and developers focused on innovation and getting things done. Build trust among team members and stakeholders, committing to customer success. Operate in a transparent, communicative environment that emphasizes work-life balance and having fun at work. Identify and drive improvements to security processes - both internal workflows and partner-facing interfaces - that reduce friction for development teams and increase the daily effectiveness of security engineers. What will you bring to Omnissa? Required: 12+ years of hands-on application security experience, with demonstrated technical depth and a track record of influence beyond your own work. Deep knowledge of application security vulnerabilities and mitigation techniques, and the judgment to prioritize them by real business and customer impact. Proven ability to lead threat modeling, secure design, and security architecture for complex distributed and cloud-native systems. Proficiency in Java or C++, with the ability to read, reason about, and review production code. Security breadth across multiple domains — application, system, cloud, and mobile. A demonstrated history of driving technical change and raising the security bar across teams, and of mentoring senior engineers. Excellent documentation and communication skills, including the ability to influence engineering and product leadership. Self-starter who is adaptable, works independently, and brings clarity to ambiguous problems. A pragmatic mindset; able to identify practical short term and long term strategic solutions Preferred: Experience testing agentic AI systems, and the ability to leverage AI tooling across security testing, triage, and documentation workflows. Experience building automation solutions that improve the security process at scale. Prior experience as a pen tester for a multi-tenant SaaS provider. Location: Atlanta, GA (Primary consideration) or Mountain View, CA. Location Type: HYBRID – 3 days per week in our Atlanta (or Mountain View) office; remaining days remote. Candidates must reside within a reasonable commuting distance. Travel Expectations: Travel to remote offices twice per year. Education: Bachelor’s degree in Computer Science or a related field preferred, or equivalent combination of education and relevant professional experience. The typical base salary for this role is between USD $220,000 – $270,000 per year and it may be eligible for participation in a corporate bonus program. Actual compensation offer may vary from posted hiring range based upon geographic location, work experience, education, skill level, or other relevant factors. In addition to competitive compensation, Omnissa offers a variety of benefits such as employee ownership, health insurance, 401k with matching contributions, disability insurance, paid-time off, growth opportunities, and more. Omnissa is an Equal Employment Opportunity company and Prohibits Discrimination and Harassment of Any Kind: Omnissa is committed to the principle of equal employment opportunity and to providing a work environment free of discrimination and harassment. All employment decisions at Omnissa are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, ancestry, ethnicity, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past, present, or prospective service in the uniformed services, family medical history or genetic information, family or parental status, veteran status, or any other status protected by applicable laws or regulations in the locations where we operate. Omnissa will not tolerate discrimination or harassment based on any of these characteristics. Omnissa welcomes applicants of all ages. Omnissa will provide reasonable accommodations to applicants and employees who have protected disabilities consistent with applicable federal, state and local law. This job requisition is not eligible for employment-based immigration sponsorship by Omnissa. Omnissa is the digital work platform leader, trusted by thousands of organizations worldwide as the former VMware End-User Computing business. We make digital work, work – for businesses and their people. No painful IT processes or productivity trade-offs. Instead, a seamlessly delivered digital employee experience that simplifies work. Our comprehensive digital work platform enables IT teams to provide secure, personalized experiences for every employee, on any device. Omnissa unifies, automates, and efficiently scales the digital workspace. By empowering employees to do their best work, anywhere, we help workforces everywhere unlock exponential business value. All is made possible with the Omnissa™ Platform, the first AI-driven digital work platform for smart, seamless, and secure work experiences from anywhere. It integrates multiple industry-leading solutions across Unified Endpoint Management, Virtual Desktops and Apps, Digital Employee Experience, and Security and Compliance. By continuously adapting to users’ work styles, Omnissa optimizes user experience, security, IT operations and costs. Recognized as 2025 Digital Workplace Company of the Year 2025 InfoWorld Awards Finalist – App Volumes RemoteTech Breakthrough Award Winner – Digital Workplace Company of the Year CRN Product of the Year Finalist – Omnissa Horizon (DaaS) Omnissa is committed to building a workforce that reflects the communities we serve across the globe. We believe this brings unique perspectives, experiences, and ideas, which are essential for driving innovation and achieving business success. We hire based on merit and with equal opportunity for all.