What is the role of a Senior AppSec Engineer at ShyftLabs?

The Senior AppSec Engineer position at ShyftLabs is a Full-time or part-time position opportunity in the Information Technology field.

Where is this Senior AppSec Engineer job located?

Noida, Uttar Pradesh, G9PR+6C3, India

What type of employment is offered for this Senior AppSec Engineer role?

Full-time or part-time position

What is the expected salary for this Senior AppSec Engineer job?

Compensation will be discussed during the hiring process.

How can I apply for the Senior AppSec Engineer position at ShyftLabs?

You can apply directly through the application link provided.

Senior AppSec Engineer at ShyftLabs

Senior AppSec Engineer

Position Overview:

We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team. The ideal candidate will be responsible for securing applications and CI/CD pipelines by implementing AppSec tools, validating vulnerabilities, and managing the end-to-end vulnerability lifecycle.

ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries by focusing on creating value through innovation.

Job Responsibilities

Implement, configure, and manage Application Security Testing (AST) tools across platforms
Integrate security tools and automated checks into CI/CD pipelines (GitLab preferred)
Perform hands-on validation of vulnerabilities using tools like Burp Suite
Analyze and triage security findings, eliminating false positives
Drive end-to-end vulnerability lifecycle from identification to closure
Collaborate with development teams to ensure secure coding practices
Conduct targeted application security testing on specific components or flows
Manage and coordinate internal and third-party penetration testing activities
Monitor emerging threats, including zero-day and supply chain risks
Work with vendors and stakeholders to enhance AppSec tools and processes

Basic Qualification

• 6+ years of dedicated experience in Application Security, DevSecOps, or SSDLC engineering.
• Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
• Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
• Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
• Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
• Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
• Excellent English communication skills; comfortable working asynchronously across time zones.

Preferred Qualification

• Industry certifications in AppSec: GWAPT, OSWE, CSSLP, or CASE.
• Cloud security experience and/or certifications in AWS and/or GCP environments.
• Experience with Jira or equivalent for vulnerability tracking and lifecycle management.

We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources.

Senior AppSec Engineer at ShyftLabs – Noida, Uttar Pradesh

Explore Related Opportunities

About This Position

Scan to Apply

Job Location

Frequently asked questions about this position