Jobs · Information Technology · California

Staff II - Application Security Engineer

Omnissa · Mountain View, CA · 2 wk ago
Information Technology$220k–$270k/yrFull-time

Key Responsibilities

  • Set technical direction for application security across the portfolio — defining standards, patterns, and guardrails adopted by engineering teams at scale.
  • Lead threat modeling across distributed, cloud-native, and mobile architectures as a repeatable practice embedded in the development lifecycle, not a one-off exercise.
  • Define security architecture reference designs that, when followed by engineering teams, remove the need to security-review that aspect on a per-feature basis.
  • Influence roadmap and design decisions before implementation begins, identifying architectural risk early.
  • Perform manual code review and application security testing across Java and C++ codebases; codify findings into reusable guidance engineers can act on without follow-up.
  • Scale code review coverage using AI-assisted analysis and custom CodeQL queries tuned to Omnissa's codebase and vulnerability patterns.
  • Conduct variant analysis to ensure confirmed vulnerability classes are remediated consistently across the codebase, not in isolation.
  • Triage and validate externally reported vulnerabilities — assess exploitability, severity, and business impact, and drive remediation to closure across team boundaries.
  • Translate individual findings into systemic recommendations that address root-cause design or implementation gaps across products.
  • Define and evolve the Software Development Lifecycle (SDL) — identify gaps, drive measurable improvements, and own the iteration cycle.
  • Improve the feature security review program so security work shifts left into design and scales across teams, rather than landing as a release gate.
  • Mature the product penetration testing program — define scope, methodology, and cadence; ensure findings drive systemic fixes, not one-off patches.
  • Build and scale the security champions program; mentor engineers and create training that extends security capability beyond the security team.
  • Establish metrics that make program effectiveness visible to engineering and product leadership.

What Success Looks Like

  • First 3 months: Build a deep understanding of the product architecture, development toolchain, and release process across multiple product areas. Begin influencing in-flight architectural and design decisions, and identify the highest-leverage gaps in the current security program.
  • First 6 months: Own the security strategy for a significant area of the portfolio. Set direction that other engineers execute against, drive cross-team prioritization of security work, and shape backlog and roadmap decisions. Iterate improvements on the current SDL.
  • 12 months and beyond: Deliver measurable, org-level improvements in security posture — e.g., materially reduced mean time to remediation, broadened threat model coverage, or new automation adopted in production across teams. Be recognized as a go-to technical authority on application security and a multiplier of the team’s overall effectiveness.

Leadership and Team Culture

  • Report to the Director of Product Security and take technical direction from the Manager of Application Security, while operating with a high degree of autonomy.
  • Work closely with a committed team of security engineers, product managers, and developers focused on innovation and getting things done.
  • Build trust among team members and stakeholders, committing to customer success.
  • Operate in a transparent, communicative environment that emphasizes work-life balance and having fun at work.
  • Identify and drive improvements to security processes - both internal workflows and partner-facing interfaces - that reduce friction for development teams and increase the daily effectiveness of security engineers.

Required Experience

  • 12+ years of hands-on application security experience, with demonstrated technical depth and a track record of influence beyond your own work.
  • Deep knowledge of application security vulnerabilities and mitigation techniques, and the judgment to prioritize them by real business and customer impact.
  • Proven ability to lead threat modeling, secure design, and security architecture for complex distributed and cloud-native systems.
  • Proficiency in Java or C++, with the ability to read, reason about, and review production code.
  • Security breadth across multiple domains — application, system, cloud, and mobile.
  • Demonstrated history of driving technical change and raising the security bar across teams, and of mentoring senior engineers.
  • Excellent documentation and communication skills, including the ability to influence engineering and product leadership.
  • Self-starter who is adaptable, works independently, and brings clarity to ambiguous problems.
  • Pragmatic mindset; able to identify practical short term and long term strategic solutions.

PREFERRED EXPERIENCE

  • Testing agentic AI systems, and the ability to leverage AI tooling across security testing, triage, and documentation workflows.
  • Experience building automation solutions that improve the security process at scale.
  • Prior experience as a pen tester for a multi-tenant SaaS provider.

Similar jobs