As an Application Security (AppSec) Specialist, you will play a critical role in the design and continuous improvement of the Visma Security Program, which supports the secure development of software products across Visma. Working closely with product teams throughout Visma and service owners in the security organization, you will ensure that application-focused security services are not only technically sound but also embedded in the Visma Security Program in a scalable, actionable, and developer-friendly way.

You will act as the program’s subject-matter expert in application security, contributing your knowledge of secure software architecture and development practices to ensure our services evolve in line with modern development environments, risk realities, and program maturity. 

Key Responsibilities:

• Act as a trusted advisor to product teams by promoting application security best practices;

• Evaluate software architectures and provide actionable recommendations for secure design patterns and threat mitigation;

• Act as a second-in-command for the Security Self-Assessment (SSA) service, supporting the service owner in driving adoption, guiding product teams through assessments, and continuously improving the service experience;

• Collaborate with security service owners to ensure services reflect real-world development environments and needs;

• Translate complex security requirements into clear, developer-friendly guidance

• Support the interpretation and prioritization of findings from application security tools (e.g., SAST, DAST, SCA, …);

• Contribute to the continuous evolution of the Visma Security Program by aligning services with modern software architectures and emerging development patterns.  

Desired competencies:

• Strong understanding of modern software architectures, including monoliths, microservices, APIs, and cloud-native environments;

• Knowledge of secure coding practices, threat modeling, code review, and common vulnerability classes (e.g., OWASP Top 10, CWE);

• Familiarity with application security tools (SAST, DAST, SCA, …) and experience integrating them into CI/CD pipelines;

• Ability to translate technical risks and controls into language relevant to developers, architects, and non-technical stakeholders;

• Experience working across decentralized organizations where influence and enablement matter more than enforcement;

• Appreciation for developer experience and the ability to align security goals with development velocity and business needs;

• Experience delivering training or coaching to development teams is a plus,

• Certifications such as CISSP, Microsoft/AWS/GCP Security Specialty are a plus,

• Exposure to risk management or threat intelligence workflows is a plus. 

What we offer:

• Opportunity for fully remote work with a talented international team.

• Access to cutting edge technologies enabling you to succeed in your position

• Ability to collaborate with highly skilled colleagues all across the different areas of cyber security.

• Opportunity to influence thousands of developers to make more secure software products.

What are the next steps? 

1. Want to apply? We have made the application process easy and hope you will share your CV with us so we can get to know you
2. We'll get back to you! Once you have submitted your application you will get an instant response confirming we have received your application. Once we have evaluated your application you will hear from us again.

Do you want to know more about career opportunities? Check out our career site.