Senior AppSec Engineer

Position Overview:

We are seeking a highly skilled and experienced Senior AppSec Engineer to join our team. The ideal candidate will be responsible for securing applications and CI/CD pipelines by implementing AppSec tools, validating vulnerabilities, and managing the end-to-end vulnerability lifecycle.

ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries by focusing on creating value through innovation.

Job Responsibilities:
• Implement, configure, and manage Application Security Testing (AST) tools across platforms

• Integrate security tools and automated checks into CI/CD pipelines (GitLab preferred)

• Perform hands-on validation of vulnerabilities using tools like Burp Suite

• Analyze and triage security findings, eliminating false positives

• Drive end-to-end vulnerability lifecycle from identification to closure

• Collaborate with development teams to ensure secure coding practices

• Conduct targeted application security testing on specific components or flows

• Manage and coordinate internal and third-party penetration testing activities

• Monitor emerging threats, including zero-day and supply chain risks

• Work with vendors and stakeholders to enhance AppSec tools and processes

Basic Qualification:
• 6+ years of dedicated experience in Application Security, DevSecOps, or SSDLC engineering.
• Hands-on experience implementing and managing a combination of ASPM, DAST, IAST, SCA, and Secret Detection tooling. Familiarity with platforms such as OX Security, Invicti, Veracode, Checkmarx, or equivalents.
• Comfort using Burp Suite (or similar web application testing tools) to manually validate vulnerabilities, reproduce issues, and assess exploitability. Full penetration testing experience is not required, but you should be confident picking up Burp and testing a finding independently.
• Proven track record integrating security tools and gates into GitLab CI/CD pipelines.
• Strong ability to analyse vulnerability findings, distinguish true positives from false positives, and communicate risk clearly to both technical and non-technical audiences.
• Experience managing the full lifecycle of penetration test engagements (internal and vendor-led).
• Excellent English communication skills; comfortable working asynchronously across time zones.

Preferred Qualification:
• Industry certifications in AppSec: GWAPT, OSWE, CSSLP, or CASE.
• Cloud security experience and/or certifications in AWS and/or GCP environments.
• Experience with Jira or equivalent for vulnerability tracking and lifecycle management.

We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources.