As an Application Security (AppSec) Specialist, you will play a critical role in the design and continuous improvement of the Visma Security Program, which supports the secure development of software products across Visma.
Working closely with products teams in Visma and service owners in Security Organization, you will ensure that application-focused security services are not only technically sound but also embedded in the Visma Security Program in a scalable, actionable, and developer-friendly way.
You will act as the program's subject-matter expert in application security, contributing your knowledge of secure software architecture and development practices to ensure our services evolve in line with modern development envirnments, risk realities, and program maturity.
Key Responsibilities:
Act as a trusted advisor to product teams by promoting application security best practices;
Evaluate software architectures and provide actionable recommendations for secure design patterns and threat mitigation;
Act as a second-in-command for the Security Self-Assessment (SSA) service, supporting the service owner in driving adoption, guiding product teams through assessments, and continuously improving the service experience;
Collaborate with security service owners to ensure services reflect real-world development environments and needs;
Translate complex security requirements into clear, developer-friendly guidance
Support the interpretation and prioritization of findings from application security tools (e.g., SAST, DAST, SCA, …);
Contribute to the continuous evolution of the Visma Security Program by aligning services with modern software architectures and emerging development patterns.
Desired competencies:
Strong understanding of modern software architectures, including monoliths, microservices, APIs, and cloud-native environments;
Knowledge of secure coding practices, threat modeling, code review, and common vulnerability classes (e.g., OWASP Top 10, CWE);
Familiarity with application security tools (SAST, DAST, SCA, …) and experience integrating them into CI/CD pipelines;
Ability to translate technical risks and controls into language relevant to developers, architects, and non-technical stakeholders;
Experience working across decentralized organizations where influence and enablement matter more than enforcement;
Appreciation for developer experience and the ability to align security goals with development velocity and business needs;
Experience delivering training or coaching to development teams is a plus,
Certifications such as CISSP, Microsoft/AWS/GCP Security Specialty are a plus,
Exposure to risk management or threat intelligence workflows is a plus.
What you can expect from us?
In our nordic-inspired work environment, we appreciate flexibility, autonomy, and a collaborative spirit. If you're someone who enjoys getting hands-on, work/life balance, values learning and finds joy in sharing experiences with colleagues.. you're in the right place!
We love that you bring your ideas to the table: You will be part of a culture that favours experiments and value initiative, so it’s easy to get your ideas heard.
Make an impact from day 1: We want you to experience meaning as much as you experience mastery through creating value that impacts people's everyday lives. And you get to influence how to go about creating that value with full autonomy of your work.
Flexibility at all stages of life: Work is an important part of life. Yet, we know that you are much more than your job. We make room for people at all stages of life.
We invest in your competence: When you step into Visma, opportunities from A-Z awaits. You will be met by engaged leaders that care for and support you, and take part in competence sharing and learning networks across Visma within.
We embrace diversity and foster an inclusive environment: Our team thrives on different backgrounds, experiences, and ideas, creating a welcoming space where everyone belongs and can contribute their best.
Above all, we are a team: Team spirit is key for us to deliver on our promises to people and society, but most importantly; to form a culture where people support and care for each other as much as we have tons of fun together.
We celebrate a culture where everyone's uniqueness contributes to our collective success. Feel free to share a bit about yourself, your interests and what makes you thrive both at work and in life. We're looking forward to learning more about you!
*To comply with local employment laws, this position is open only to individuals who have the legal right to work in Portugal. Candidates must have a valid work permit or authorization to work in Portugal without employer-sponsored visas.