Omnissa
Engineer or Senior Engineer - Application Security Engineer (Appsec)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Omnissa
Omnissa is a standalone software company that specializes in an AI-driven digital work platform. Launched in 2024 after being spun off from VMware's End-User Computing business, it is backed by KKR and has a valuation of $4 billion. With 4,000 employees and $1.5 billion in annual recurring revenue, Omnissa serves 26,000 customers globally, including seven of the top ten Fortune 500 companies. The company focuses on unifying, automating, and scaling digital workspaces to enhance IT efficiency and employee empowerment. Its comprehensive platform includes key offerings such as Workspace ONE for unified endpoint management, Horizon for secure virtual desktops and apps, and Digital Employee Experience solutions that streamline onboarding and app access. Omnissa emphasizes security and compliance across all devices and locations, aiming to create an autonomous workspace powered by data and intelligence.
Security at Omnissa
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Omnissa's AppSec mission is defined by its Security Development Lifecycle (SDL), a set of processes, tools, and practices. The Security Engineering team focuses on building secure products, and their risk philosophy includes threat modeling to identify security flaws and incorrect design assumptions. Long-term goals involve increasing software security awareness through a Security Evangelism team and maintaining a Vulnerability Management program backed by approved policies. Information regarding the reporting line for Product/AppSec is not publicly available.”
Security Team
The Omnissa Product Security group develops and drives software security initiatives across R&D organizations, though a formal reporting chain is not publicly available. Key public-facing leaders include Andrea Smith (Sr. Program Manager, Customer Security Assurance), Morey Straus (Sr. Manager, Product Security), and Andrew Osborn (Staff Technical Marketing Architect). The team size estimate is not publicly available. As of, there is 1 active AppSec job posting. Common skill/tool patterns from job postings include the use and automation of security tools such as Semgrep, utilization of SAST and Software Composition Analysis (SCA), and CI/CD security automation. Public org charts and exact team size are not published.
Key Initiatives
There is no public evidence of an explicit 'Security Champions' program, though the Security Evangelism team's long-term goal is to increase software security awareness. 'Shift Left' practices include SDL planning early in the development lifecycle, threat modeling to identify security flaws, and utilizing SAST and Software Composition Analysis (SCA). The vulnerability management process involves customers reporting security issues to the Product Security group and regular vulnerability scans. The VRT leads the analysis and remediation of security issues, with system and application owners required to address critical and high vulnerabilities; specific SLAs or MTTR numbers are not publicly available. Secure SDLC artifacts include formal Security Reviews before Beta, Release Candidate, and RTM milestones, and penetration testing to circumvent security controls. A recent initiative (last 6 months) involves unifying management and security with AI-driven tools. No public evidence of an explicit 'security champions' program title or published remediation SLA values was found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.