Engineering Manager, Code Team at Semgrep

San Francisco, California, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Software Security, Cybersecurity, Developer ToolsIndustries

Requirements

1+ years experience as an Engineering Manager leading software teams
6+ years working on static code analysis, compiler internals, or similar program analysis technology
3+ years experience applying that expertise in the security domain (AppSec, SAST, or vulnerability detection)
Strong technical depth in languages, parsing, or program analysis techniques — and a practical sense for how to deliver those capabilities in developer-friendly tools
A passion for mentoring engineers and helping them grow into technical leaders
Comfort working in a fast-moving startup environment with a bias toward action and iteration

Responsibilities

Partner closely with product and research leads to define and execute on a roadmap that advances Semgrep Code’s accuracy, performance, and coverage
Lead a team of engineers building high-quality static analysis infrastructure and developer-facing APIs
Manage, mentor, and grow engineers, fostering a collaborative, inclusive, and high-performance team culture
Balance near-term feature delivery with long-term technical investments in scalability and reliability
Collaborate cross-functionally with the Security Research, Supply Chain, and Product teams to deliver a cohesive developer experience across all Semgrep products
Contribute to technical direction, architecture reviews, and strategic planning for Semgrep’s core analysis engine

Skills

Engineering Management

Static Analysis

Program Analysis

Pattern Matching

Scalable Systems

Team Leadership

Roadmap Planning

Architecture Design

Performance Optimization

Developer Tools

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free