Security Engineer

Position Overview:We are seeking a talented and experienced Security Engineer for our Noida location to conduct comprehensive security assessments, including pen-testing, infrastructure vulnerability testing, and static source code reviews. The ideal candidate will have a strong development background, be familiar with Secure Software Development Life Cycle (SSDLC) practices, and hold relevant certifications such as OSCP. This role requires a proactive approach to security, with the ability to identify and mitigate risks before they can impact our product and customers.
ShyftLabs is a growing data product company that was founded in early 2020 and works primarily with Fortune 500 companies. We deliver digital solutions built to help accelerate the growth of businesses in various industries, by focusing on creating value through innovation.

Job Responsibilities:

• Conduct pen-tests and infrastructure vulnerability assessments to identify security weaknesses and vulnerabilities within our products and network.
• Perform static source code analysis to ensure compliance with security best practices and identify potential security issues.
• Collaborate with the development team to implement Secure Software Development Life Cycle (SSDLC) practices across all phases of product development.
• Develop and maintain documentation related to security assessments, findings, and remediation strategies.
• Stay updated on the latest security threats, trends, and technologies to continuously enhance our security posture.
• Provide security training and guidance to the development team to foster a security-conscious culture within the organization.

Basic Qualification:

• 3+ years of proven experience as a Security Engineer or similar role with a focus on product security.
• Bachelor's degree in Computer Science, Engineering, Information Technology or a related field.
• Strong background in software development, with proficiency in at least one programming language.
• Hands-on experience with pen-testing, infrastructure vulnerability testing, and static source code analysis.
• Familiarity with Secure Software Development Life Cycle (SSDLC) practices and methodologies.
• Familiarity with implementing and maintaining security measures in a large-scale cloud environment.
• Relevant certifications such as OSCP, CISSP, CEH or equivalent, are highly preferred.
• 3 years of VA/PT (vulnerability assessment / penetration testing).
• Excellent problem-solving and analytical skills.
• Strong communication and collaboration abilities.
• Advocate security and data integrity compliance through partnering with and training engineers, PMs, and others.
• Strong preference will be given to candidates with
• Demonstrated experience conducting internal audits and compliance assessments for ISO/IEC 27001 and SOC 2 frameworks.
• Deep understanding of information security controls, risk management practices, and evidence collection aligned with ISO 27001:2022 and SOC 2 Trust Services Criteria.

We are proud to offer a competitive salary alongside a strong insurance package. We pride ourselves on the growth of our employees, offering extensive learning and development resources.