This job was posted more than 40 days ago and might be expired.
ShyftLabs logo

Senior AppSec Engineer

Posted 3 months ago

OfficeNoida, Uttar Pradesh
Position Overview:
We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team. The ideal candidate will be responsible for securing applications and CI/CD pipelines by implementing AppSec tools, validating vulnerabilities, and managing the end-to-end vulnerability lifecycle. 
 
ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries by focusing on creating value through innovation.
 
### Job Responsibilities
  • Implement, configure, and manage Application Security Testing (AST) tools across platforms
  • Integrate security tools and automated checks into CI/CD pipelines (GitLab preferred)
  • Perform hands-on validation of vulnerabilities using tools like Burp Suite
  • Analyze and triage security findings, eliminating false positives
  • Drive end-to-end vulnerability lifecycle from identification to closure
  • Collaborate with development teams to ensure secure coding practices
  • Conduct targeted application security testing on specific components or flows
  • Manage and coordinate internal and third-party penetration testing activities
  • Monitor emerging threats, including zero-day and supply chain risks
  • Work with vendors and stakeholders to enhance AppSec tools and processes
  • ### Basic Qualification
    • 6+ years of dedicated experience in Application Security, DevSecOps, or SSDLC engineering.
    • Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
    • Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
    • Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
    • Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
    • Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
    • Excellent English communication skills; comfortable working asynchronously across time zones.
    ### Preferred Qualification
    • Industry certifications in AppSec: GWAPT, OSWE, CSSLP, or CASE.
    • Cloud security experience and/or certifications in AWS and/or GCP environments.
    • Experience with Jira or equivalent for vulnerability tracking and lifecycle management.
    We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources. 
    Job details
    Workplace
    Office
    Location
    Noida, Uttar Pradesh

    Leading digital transformation and AI solutions company providing expert technology consulting services.

    Employees
    2
    Industry
    Computer and Network Security
    Headquarters
    Stamford, Connecticut
    Founded
    2017

    Key team members

    Christopher Dickens

    Christopher Dickens

    Apply smarter with Jobr

    Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

    Direct from company career pages
    AI-personalised cover letters
    Human review before every submit
    Application tracking & follow-ups