Security Workflows-Staff Software Engineer, Backend at Semgrep

San Francisco, California, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Software Security, Cybersecurity, Developer ToolsIndustries

Requirements

10+ years of experience writing production software and building web applications (stack includes Python, Javascript, and Postgres)
Experience building 3rd party integrations
Experience with ClickHouse, or experience building reporting / analytics solutions
Excitement about building for customers, learning their needs, iterating fast, and seeing solutions solve their core problems
Excellent and proactive communication, both verbal and written

Responsibilities

Work on major product initiatives end-to-end, from user-research through design, implementation, and deployment
Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
Advocate for and develop intuitive, simple, robust APIs that solve a wide variety of complex problems using simple, elegant abstractions
Ensure continual, high-availability operation of services using modern site-reliability practices, including participation in an on-call rotation
Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship

Skills

Key technologies and capabilities for this role

Backend EngineeringSoftware ArchitectureProgram AnalysisStatic AnalysisSecurity ToolsWorkflow AutomationIntegrationsNotificationsData StorageMentoringSystems Design

Questions & Answers

Common questions about this position

What experience level is required for this role?

The role requires 10+ years of experience writing production software and building web applications.

What is the tech stack used for this position?

The tech stack includes Python.

Is there an on-call rotation for this role?

Yes, the role involves participation in an on-call rotation to ensure continual, high-availability operation of services using modern site-reliability practices.

What does the company culture emphasize?

Semgrep emphasizes honesty and respect in a diverse community of dreamers and builders, with a culture of transparency where you'll see and influence key decisions.

What salary or compensation does this role offer?

This information is not specified in the job description.

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free