Shyftlabs26d ago

Senior AppSec Engineer

NoidaFull-Timesenior

EngineeringSecurityOtherSecurity Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Position Overview: We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team.

Technical Tools

EngineeringSecurityOtherSecurity Engineer

Position Overview:

We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team. The ideal candidate will be responsible for securing applications and CI/CD pipelines by implementing AppSec tools, validating vulnerabilities, and managing the end-to-end vulnerability lifecycle.

ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries by focusing on creating value through innovation.

Implement, configure, and manage Application Security Testing (AST) tools across platforms

Integrate security tools and automated checks into CI/CD pipelines (GitLab preferred)

Perform hands-on validation of vulnerabilities using tools like Burp Suite

Analyze and triage security findings, eliminating false positives

Drive end-to-end vulnerability lifecycle from identification to closure

Collaborate with development teams to ensure secure coding practices

Conduct targeted application security testing on specific components or flows

Manage and coordinate internal and third-party penetration testing activities

Monitor emerging threats, including zero-day and supply chain risks

Work with vendors and stakeholders to enhance AppSec tools and processes

• 6+ years of dedicated experience in Application Security, DevSecOps, or SSDLC engineering.
• Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
• Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
• Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
• Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
• Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
• Excellent English communication skills; comfortable working asynchronously across time zones.

• Industry certifications in AppSec: GWAPT, OSWE, CSSLP, or CASE.
• Cloud security experience and/or certifications in AWS and/or GCP environments.
• Experience with Jira or equivalent for vulnerability tracking and lifecycle management.