Application Security Specialist

Meet the team - Know the project

As an Application Security (AppSec) Specialist, you will play a critical role in the design and continuous improvement of the Visma Security Program, which supports the secure development of software products across Visma. Working closely with product teams throughout Visma and service owners in the security organization, you will ensure that application-focused security services are not only technically sound but also embedded in the Visma Security Program in a scalable, actionable, and developer-friendly way.

You will act as the program’s subject-matter expert in application security, contributing your knowledge of secure software architecture and development practices to ensure our services evolve in line with modern development environments, risk realities, and program maturity.

Let’s talk about our people

We’re a collaborative, cross-functional team with a strong focus on clarity, autonomy, and continuous improvement. The culture is supportive, high-trust, and driven by evidence and real-world use cases. We value constructive feedback, structured thinking, and a healthy dose of pragmatism.

We design and coordinate the Visma Security Program. Our team ensures scalable service delivery, meaningful metrics, and consistent processes that help Visma Legal Units and product teams understand and manage their security risks autonomously. We focus on enablement rather than enforcement and work closely with Segment CISOs, Security Service Owners and Visma product teams.

What We’re Looking For:

• Strong understanding of modern software architectures, including monoliths, microservices, APIs, and cloud-native environments
• Knowledge of secure coding practices, threat modeling, code review, and common vulnerability classes (e.g., OWASP Top 10, CWE)
• Familiarity with application security tools (SAST, DAST, SCA) and experience integrating them into CI/CD pipelines
• Ability to translate technical risks and controls into language relevant to developers, architects, and non-technical stakeholders
• Experience working across decentralized organizations where influence and enablement matter more than enforcement
• Appreciation for developer experience and the ability to align security goals with development velocity and business needs

Nice to have:

• Experience delivering training or coaching to development teams
• Certifications such as CISSP, Microsoft/AWS/GCP Security Specialty
• Exposure to risk management or threat intelligence workflows

What You’ll Be Doing:

• Act as a trusted advisor to product teams by promoting application security best practices
• Evaluate software architectures and provide actionable recommendations for secure design patterns and threat mitigation
• Act as a second-in-command for the Security Self-Assessment (SSA) service, supporting the service owner in driving adoption, guiding product teams through assessments, and continuously improving the service experience
• Collaborate with security service owners to ensure services reflect real-world development environments and needs
• Translate complex security requirements into clear, developer-friendly guidance
• Support the interpretation and prioritization of findings from application security tools (e.g., SAST, DAST, SCA)
• Contribute to the continuous evolution of the Visma Security Program by aligning services with modern software architectures and emerging development patterns.

What We Offer:

We provide a comprehensive benefits package that supports your career development, work-life balance, and overall well-being.

Ready to dive deeper into our benefits? Click on the video below and learn more!

Want to get to know us better? You can find more about us on Linkedin, Facebook, and also check out our own Tech Zone.

Join us and make progress happen!