This job was posted more than 40 days ago and might be expired.
OfficeNoida, Uttar Pradesh
Position Overview:
We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team. The ideal candidate will be responsible for securing applications and CI/CD pipelines by implementing AppSec tools, validating vulnerabilities, and managing the end-to-end vulnerability lifecycle.
ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries by focusing on creating value through innovation.
• 6+ years of dedicated experience in Application Security, DevSecOps, or SSDLC engineering.
• Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
• Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
• Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
• Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
• Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
• Excellent English communication skills; comfortable working asynchronously across time zones.
### Preferred Qualification
• Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
• Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
• Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
• Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
• Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
• Excellent English communication skills; comfortable working asynchronously across time zones.
• Industry certifications in AppSec: GWAPT, OSWE, CSSLP, or CASE.
• Cloud security experience and/or certifications in AWS and/or GCP environments.
• Experience with Jira or equivalent for vulnerability tracking and lifecycle management.
• Cloud security experience and/or certifications in AWS and/or GCP environments.
• Experience with Jira or equivalent for vulnerability tracking and lifecycle management.
We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources.
Other open roles at ShyftLabs(6)
ShyftLabs
View company pageLeading digital transformation and AI solutions company providing expert technology consulting services.
Key team members

Christopher Dickens
Apply smarter with Jobr
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.
Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups